I've searched through multiple threads, but I don't see exactly where is the problem in my case.
It is showing the error on line 30: $findU->bindParam(':uid', $uid);. Not really sure if that's the real problem here.
Full code:
<?php
try {
$pdo = new \PDO('mysql:host=localhost;dbname=project;charset=utf8', 'root', '', [
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
]);
if($_POST && isset($_POST['submit'])) {
$first = trim($_POST['first']);
$last = trim($_POST['last']);
$email = trim($_POST['email']);
$uid = trim($_POST['uid']);
$pwd = trim($_POST['pwd']);
//checks if there's an empty field
if(empty($first) || empty($last) || empty($email) || empty ($uid) || empty ($pwd)) {
header('Location: sign_up.php?signup=empty');
exit();
} else {
//checks inputs for invalid symbols through Regex
if(!preg_match("/^[a-zA-Z]/", $first) || !preg_match("/^[a-zA-Z]/", $last)) {
header('Location: sign_up.php?signup=invalid');
exit();
} else {
//checks if the email is in valid format
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: sign_up.php?signup=invalidemail');
exit();
} else {
//checks if the username is already in use
$findU = $pdo->prepare("SELECT * FROM `users` WHERE user_uid = ':uid'");
$findU->bindParam(':uid', $uid);
$result = $findU->execute();
if($result->fetchColumn() > 0) {
header("Location: sign_up.php?signup=usertaken");
exit();
} else {
//creating hash for password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//inserts new users into DB
$newUser = $pdo->prepare("INSERT INTO `users` (user_first, user_last, user_email,
user_uid, user_pwd) VALUES (':first', ':last', ':email', ':uid', ':hashedPwd')");
$newUser->execute(array(':first' => $first, ':last' => $last, ':email' => $email,
':uid' => $uid, ':hashedPwd' => $hashedPwd));
header("Location: sign_up.php?signup=success");
exit();
}
}
}
}
}
} catch(\PDOException $e) {
echo "Error connecting to mySQL: " . $e->getMessage();
echo "<code><pre>".print_r($e)."</pre></code>";
exit();
}
?>
Related
I currently have a login system, which I would like to convert to PDO from Mysqli.
I currently have a website with a database attached with phpMyAdmin/MySQL.
I tried to convert everything and I will now show you the LOGIN.php part of the system since I haven't touched the signup part yet.
This is what I have.
LOGIN.INC.PHP
<?php
require_once 'dbh.inc.php';
try {
$handler = new PDO("mysql:host=$servername;dbname=$dbname",
$username,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
} catch(PDOException $e){
echo $e->getName();
die();
}
//first we start a session
session_start();
//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {
//Then we require the database connection
//require_once 'dbh.inc.php';
//And we get the data from the login form
$name = $_POST['name'];
$password = $_POST['password'];
//Error handlers
//Error handlers are important to avoid any mistakes the user might have made when filling out the form!
//Check if inputs are empty
if (empty($name) || empty($password)) {
header("Location: ../index.php?login=empty");
exit();
}
} else {
$stmt = $db->prepare("SELECT * FROM users WHERE user_name=:name");
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
if ($stmt->execute()) {
header("location: ../index.php?login=error");
exit();
} else {
if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
//de-hashing the password
$hashedpasswordCheck = password_verify($password, $row['user_password']);
if ($hashedpasswordCheck == false) {
header("location: ../index.php?login=error");
exit();
} elseif ($hashedpasswordCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
header("location: ../index.php?login=success");
exit();
}
} else {
header("location: ../index.php?login=error");
exit();
}
}
}
DBH.INC.PHP
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "loginsystem";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname",
$username,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$stmt = $conn->prepare("SHOW DATABASES;");
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$result = $stmt->fetchAll();
print_r($result);
}
catch(PDOException $e) {
echo $e->getMessage();
}
$conn = null;
When I try to login I get redirected to this url:
http://localhost/php44/includes/login.inc.php
and receive this printed message/error.
Array ( [0] => Array ( [Database] => imgupload ) [1] => Array ( [Database] => information_schema ) [2] => Array ( [Database] => loginsystem ) [3] => Array ( [Database] => mysql ) [4] => Array ( [Database] => performance_schema ) [5] => Array ( [Database] => phpmyadmin ) [6] => Array ( [Database] => test ) )
What should I do to fix this, so that my login works?
Your code is vulnerable to Html Elements Injection and session fixation attack. I have implemented strip_tags() to prevents html element injection attack and have also implemented session_regenerate_id(); to prevent session fixation attack.
Again since you are login, you only need to initialize session as soon as username and password is verified.
As for me, I prefer using PDO array method. Anyway I have provided two solution. I first work on your code and then modify it were appropriate. Ensure that database credentials is okay
Your code
<?php
//db connect starts
$db = new PDO (
'mysql:host=localhost;dbname=loginsystem;charset=utf8',
'root', // username
'' // password
);
//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$password = $_POST['password'];
if ($name =='' && $password =='') {
header("Location: ../index.php?login=empty");
exit();
}
$stmt = $db->prepare("SELECT * FROM users WHERE user_name=:name");
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->execute();
$count = $stmt->rowCount();
if( $count == 1 ) {
$row = $stmt->fetch();
if(password_verify($password,$row['password'])){
echo "Password verified and ok";
// initialize session if things where ok.
session_start();
//Prevent session fixation attack
session_regenerate_id();
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
header("location: ../index.php?login=success");
exit();
}
else{
echo "Wrong Password details";
}
}
else {
echo "User does not exist";
}
}
?>
my code
<?php
//if (isset($_POST['submit'])) {
if ($_POST['name'] !='' && $_POST['password']) {
//connect
$db = new PDO (
'mysql:host=localhost;dbname=loginsystem;charset=utf8',
'root', // username
'' // password
);
$name = strip_tags($_POST['name']);
$password = strip_tags($_POST['password']);
if ($name == ''){
echo "Username is empty";
exit();
}
if ($password == ''){
echo "password is empty";
exit();
}
$result = $db->prepare('SELECT * FROM users where user_name = :name');
$result->execute(array(
':user_name' => $name));
$count = $result->rowCount();
if( $count == 1 ) {
$row = $result->fetch();
if(password_verify($password,$row['password'])){
echo "Password verified and ok";
// initialize session if things where ok.
session_start();
//Prevent session fixation attack
session_regenerate_id();
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
header("location: ../index.php?login=success");
exit();
}
else{
echo "Wrong Password details";
}
}
else {
echo "User does not exist";
}
}
?>
I've made some fixes and added comments in to explain what changed:
LOGIN.INC.PHP
<?php
//First we start a session
session_start();
//Then we require the database connection
require_once 'dbh.inc.php';
// Removed the extra database connection here.
//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {
//And we get the data from the login form
$name = $_POST['name'];
$password = $_POST['password'];
//Error handlers
//Error handlers are important to avoid any mistakes the user might have made when filling out the form!
//Check if inputs are empty
if (empty($name) || empty($password)) {
header("Location: ../index.php?login=empty");
exit();
}
//Removed extra 'else' here.
$stmt = $conn->prepare("SELECT * FROM users WHERE user_name=:name"); // Changed $db to $conn to use the connection from DBH.INC.PHP
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
if (!$stmt->execute()) { // Added the ! to say "if this doesn't work, redirect to error"
header("location: ../index.php?login=error");
exit();
} else {
if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
//de-hashing the password
$hashedpasswordCheck = password_verify($password, $row['user_password']);
if ($hashedpasswordCheck == false) {
header("location: ../index.php?login=error");
exit();
} else if ($hashedpasswordCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
header("location: ../index.php?login=success");
exit();
}
} else {
header("location: ../index.php?login=error");
exit();
}
}
}
DB.INC.PHP
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "loginsystem";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname",
$username,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
// Removed the query and print of the databases
}
catch(PDOException $e) {
echo $e->getMessage();
}
// Removed the $conn=null to keep the connection we just set up.
I am trying to create a registration form and passing in mysqli_real_escape_string and salt on my form. However for some reason my codes won't go on. Even if I will enter the right information on my form it won't just process it correctly. Basically I created a function that will do the verification.
Here's my codes:
<?php
session_start();
require("new-connection.php");
global $connection;
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
if(isset($_POST['action']) && ($_POST['action']) == 'register'){
//call to function
register_user($_POST); //use the ACTUAL POST
}
elseif(isset($_POST['action']) && ($_POST['action']) == 'login'){
login_user($_POST);
}else{
session_destroy();
header('Location: homepage.php');
die();
}
function register_user(){ //just a parameter called post
$_SESSION['errors'] = array();
if(empty($first_name)){
$_SESSION['errors'][] = "first name can't be blank!";
}
if(empty($last_name)){
$_SESSION['errors'][] = "last name can't be blank!";
}
if(empty($password)){
$_SESSION['errors'][] = "password is required!";
}
if($password != $post['confirm_password']){
$_SESSION['errors'][] = "passwords must match!";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['errors'][] = "please use a valid email address!";
}
//end of validation
//now count errors
if(count($_SESSION['errors']) > 0){
header('Location: homepage.php');
die();
}else{
$query = "INSERT INTO users(first_name, last_name, password, email, created_at, updated_at)
VALUES ('$first_name', '$last_name','$password', '$email', NOW(), NOW())";
$result = run_mysql_query($query);
$_SESSION['message'] = "user successfully added";
header('Location: homepage.php');
die();
}
}
function login_user($post){ //just a parameter called post
$query = "SELECT * FROM users WHERE users.password = '{$post['password']}'
AND users.email = '{$post['email']}'";
$user = fetch($query); //go and grab all users on above condition
if(count($user) > 0){
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = true;
header('Location: success-homepage.php');
die();
}else{
$_SESSION['errors'][] = "cant find users";
header('Location: homepage.php');
die();
}
}
?>
Any idea what went wrong???
NOTE: It wont insert the record + its giving the error on $_SESSION even the data entered is correct.
What is it the error ? If you have a White page, insert in the top of the page:
error_reporting (E_ALL);
ini_set('display_errors',1);
Please check this:
<?php
session_start();
require("new-connection.php");
global $connection;
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
if(isset($_POST['action']) && ($_POST['action']) == 'register'){
//call to function
register_user($firstname, $last_name, $email, $password, $salt, $encrypted_password); //use the ACTUAL POST // Cant only use post because isn't escaped
}
elseif(isset($_POST['action']) && ($_POST['action']) == 'login'){
login_user($email, $password);
}else{
session_destroy();
header('Location: homepage.php');
die();
}
function register_user($firstname, $last_name, $email, $password, $salt, $encrypted_password){ // Pass all escaped variables here becasue the $_POST isn't escaped
$_SESSION['errors'] = array();
if(empty($first_name)){
$_SESSION['errors'][] = "first name can't be blank!";
}
if(empty($last_name)){
$_SESSION['errors'][] = "last name can't be blank!";
}
if(empty($password)){
$_SESSION['errors'][] = "password is required!";
}
if($password != $post['confirm_password']){
$_SESSION['errors'][] = "passwords must match!";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['errors'][] = "please use a valid email address!";
}
//end of validation
//now count errors
if(count($_SESSION['errors']) > 0){
header('Location: homepage.php');
die();
}else{
// Add backticks around column and table names to prevent mysql reserved words error
$query = "INSERT INTO `users` (`first_name`, `last_name`, `password`, `email`, `created_at`, `updated_at`)
VALUES ('$first_name', '$last_name','$password', '$email', NOW(), NOW())";
$result = mysqli_query($connection, $query);
$_SESSION['message'] = "user successfully added";
header('Location: homepage.php');
die();
}
}
function login_user($email, $password){ //just a parameter called post
// No need to add table name
$query = "SELECT * FROM `users` WHERE `password` = '$password'
AND `email` = '$email'";
$result = mysqli_query($connection, $query);
if(mysqli_num_rows($result) >= 1) {
$user = mysqli_fetch_assoc($result); //go and grab all users on above condition
// Check if there was atleast 1 user with the specified credentials
if(count($user) >= 1){
$_SESSION['user_id'] = $user['id'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['logged_in'] = true;
header('Location: success-homepage.php');
die();
}else{
$_SESSION['errors'][] = "cant find users";
header('Location: homepage.php');
die();
}
} else {
echo 'no user was found';
}
}
?>
How would I be able to check multiple factors combined instead of checking for each one? So basically I'm using PDO and I have to make sure that the usernames and emails are unique. So how would I do that? I've seen
if ( $sthandler->rowCount() > 0 ) {
// do something here
}
But is there a better way to do it. Also if there isn't can someone explain how I'd work with that.
EDIT
Here's my query code that inputs into the database
<?php
try {
$handler = new PDO('mysql:host=localhost;dbname=s','root', '*');
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e){
exit($e->getMessage());
}
$name = $_POST['name'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password1 = $_POST['passwordconf'];
$ip = $_SERVER['REMOTE_ADDR'];
//Verifcation
if (empty($name) || empty($username) || empty($email) || empty($password) || empty($password1))
{
echo "Complete all fields";
}
// Password match
if ($password != $password1)
{
echo $passmatch = "Passwords don't match";
}
// Email validation
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo $emailvalid = "Enter a valid email";
}
// Password length
if (strlen($password) <= 6){
echo $passlength = "Choose a password longer then 6 character";
}
function userExists($db, $user)
{
$userQuery = "SELECT * FROM userinfo u WHERE u.user=:user;";
$stmt = $db->prepare($userQuery);
$stmt->execute(array(':user' => $user));
return !!$stmt->fetch(PDO::FETCH_ASSOC);
}
$user = 'userName';
$exists = userExists($db, $user);
if(exists)
{
// user exists already.
}
else
{
// user doesn't exist already, you can savely insert him.
}
if(empty($passmatch) && empty($emailvalid) && empty($passlength)) {
//Securly insert into database
$sql = 'INSERT INTO userinfo (name ,username, email, password, ip) VALUES (:name,:username,:email,:password,:ip)';
$query = $handler->prepare($sql);
$query->execute(array(
':name' => $name,
':username' => $username,
':email' => $email,
':password' => $password,
':ip' => $ip
));
}
?>
<?php
//Connections
try {
$handler = new PDO('mysql:host=localhost;dbname=s','root', '*');
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e){
exit($e->getMessage());
}
$name = $_POST['name'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password1 = $_POST['passwordconf'];
$ip = $_SERVER['REMOTE_ADDR'];
//Verifcation
if (empty($name) || empty($username) || empty($email) || empty($password) || empty($password1)){
$error = "Complete all fields";
}
// Password match
if ($password != $password1){
$error = "Passwords don't match";
}
// Email validation
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
$error = "Enter a valid email";
}
// Password length
if (strlen($password) <= 6){
$error = "Choose a password longer then 6 character";
}
if(!isset($error)){
//no error
$sthandler = $handler->prepare("SELECT username FROM users WHERE username = :name");
$sthandler->bindParam(':name', $username);
$sthandler->execute();
if($sthandler->rowCount() > 0){
echo "exists! cannot insert";
} else {
//Securly insert into database
$sql = 'INSERT INTO userinfo (name ,username, email, password, ip) VALUES (:name,:username,:email,:password,:ip)';
$query = $handler->prepare($sql);
$query->execute(array(
':name' => $name,
':username' => $username,
':email' => $email,
':password' => $password,
':ip' => $ip
));
}
}else{
echo "error occured: ".$error;
exit();
}
Something like this should work:
function userExists($db, $user)
{
$userQuery = "SELECT * FROM userinfo u WHERE u.user=:user;";
$stmt = $db->prepare($userQuery);
$stmt->execute(array(':user' => $user));
return !!$stmt->fetch(PDO::FETCH_ASSOC);
}
$user = 'userName';
$exists = userExists($db, $user);
if(exists)
{
// user exists already.
}
else
{
// user doesn't exist already, you can savely insert him.
}
The code you show has no much sense to check if username and email are unique. You should set UNIQUE KEY on the database.
Problem & Explanation
Hello I have just coded a function that first does checking if account exists in database with that name, and then if email exists in database with that entered email.
If not, return true + insert data.
But in this case, nothing happens on submit, it just shows the form, but doesn't inserts the data..
What is wrong with it?
function createAccount($name, $password, $email)
{
global $pdo;
$check_in = $pdo->prepare("SELECT * FROM users WHERE user_name = :username LIMIT 1");
$check_in->execute( array(':username' => $name) );
if (!$check_in->rowCount())
{
$check_in = email_exists($email);
if ($check_in === false)
{
$insert_in = $pdo->prepare
("
INSERT INTO
users
(user_name, user_password, user_email)
VALUES
(:name, :password, :email)
");
$insert_in->execute( array
(
':name' => $name,
':password' => $password,
':email' => $email
));
return true;
}
else
{
return 'exists';
}
}
else
{
return 'user_in_use';
}
}
function email_exists($email)
{
global $pdo;
$check = $pdo->prepare("SELECT * FROM users WHERE user_email = :email LIMIT 1");
$check->execute( array(':email' => $email) );
if ($check->rowCount())
{
return true;
}
else
{
return false;
}
}
This is how I make up the register:
# Creating shortcuts
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
{
$name = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
}
# Creating errors array
$errors = array();
if (isset($_POST['submit']))
{
$check_in = createAccount($name, $password, $email);
if ($check_in === true)
{
echo 'Created account sucessfully!';
}
else if ($check_in == 'already_in_use')
{
echo 'Could not create account because name already in use..';
}
else if($check_in == 'exists')
{
echo 'Email already in use..';
}
}
Question:
What is wrong with this code & how do I fix this? I have no errors at all.
It just won't insert any data to the Database.
Yes, the PDO connection & statements are right, because the login works perfectly.
Thanks a lot!
EDIT!
if ($check_in === true)
{
echo 'Created account sucessfully!';
}
else if ($check_in == 'already_in_use')
{
echo 'Could not create account because name already in use..';
}
else if($check_in == 'exists')
{
echo 'Email already in use..';
} else {
echo 'Error is there...';
}
It's echoing 'Error is there...' apon submit!
I just want to slap myself!.....
The problem was: The fields were set as INT, therefore we could not store anything but ints...
I have a user registration script and it all works apart from the PDO prepared statement does not insert values in to the database.
The script is not returning an error.
The MySQL user does have the privileges for the actions I am performing.
The Signup.php :
echo "<?xml version=\"1.0\" ?>";
if(isset($_POST['email'], $_POST['username'], $_POST['p'], $_POST['fname'], $_POST['lname'], $_POST['gender'])) {
foreach ($_POST as $entry) {
strip_tags($entry);
}
if(strlen($_POST['email']) < 1) {
echo "<response>Please enter an email address!</response>";
exit();
}
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
echo "<response>Please enter a valid email address!</response>";
exit();
}
if(strlen($_POST['p']) < 6) {
echo "<response>Please enter a password that is longer than 6 characters!</response>";
exit();
}
if(strlen($_POST['username']) < 5 || strlen($_POST['username']) > 30) {
echo "<response>Please enter a username that is between 5 and 30 characters in length!</response>";
exit();
}
if(strlen($_POST['fname']) < 1 || strlen($_POST['lname']) < 1) {
echo "<response>Please enter a name!</response>";
exit();
}
if(strlen($_POST['gender']) < 1) {
echo "<response>Please select your gender!</response>";
exit();
}
//if(strlen($_POST['recaptcha_response_field']) < 1) {
// echo "<response>Please answer the Captcha!</response>";
// exit();
//}
if($_POST['gender'] === "Male") {
$_POST['gender'] = "m";
} else {
$_POST['gender'] = "f";
}
//$recaptcha_response = null;
//$recaptcha_error = null;
//$recaptcha_response = recaptcha_check_answer($recaptcha_private_key, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
//if($recaptcha_response->is_valid) {
$salt = hash("sha512", uniqid(mt_rand(1, mt_getrandmax()), true));
$password = $_POST['p'];
$password = hash("sha512", $password.$salt);
$info = array(
"email" => $_POST['email'],
"password" => $password,
"salt" => $salt,
"username" => $_POST['username'],
"fname" => $_POST['fname'],
"lname" => $_POST['lname'],
"gender" => $_POST['gender']
);
if(register($info, $database) === true) {
echo "<response>Registration Successfull! Please check your inbox for an activation email!</response>";
exit();
}
//} else {
// echo "<response>Incorrect Captcha! Please click the reCaptcha refresh button and try again!</response>";
// exit();
//}
} else {
echo "<response>Invalid Sign-Up Request!</response>";
exit();
}
The register() function :
function register($info, $database) {
try {
$query = $database -> prepare("SELECT email FROM members WHERE email = :email LIMIT 1");
$query -> execute(
array(
":email" => $info['email']
)
);
$result = $query -> fetch();
$result = $result[1];
if(strlen($result) > 0) {
echo "<response>Email already in use!</response>";
exit();
} else {
$query = $database -> prepare("SELECT username FROM members WHERE username = :username LIMIT 1");
$query -> execute(
array(
":username" => $info['username']
)
);
$result = $query -> fetch();
$result = $result[1];
if(strlen($result) > 0) {
echo "<response>Username already in use!</response>";
exit();
} else {
$query = $database -> prepare("SELECT password FROM members WHERE password = :password LIMIT 1");
$query -> execute(
array(
":password" => $info['password']
)
);
$result = $query -> fetch();
$result = $result[1];
if(strlen($result) > 0) {
echo "<response>Password already in use!</response>";
exit();
} else {
$time = time();
/*
* This is where it isn't working
*/
$query = $database -> prepare("INSERT INTO members (email, password, salt, username, first_name, last_name, signup, last_login, gender) VALUES (:email, :password, :salt, :username, :fname, :lname, :signup, :last_login, :gender)");
$query -> execute(
array(
":email" => $info['email'],
":password" => $info['password'],
":salt" => $info['salt'],
":username" => $info['username'],
":fname" => $info['fname'],
":lname" => $info['lname'],
":signup" => $time,
":last_login" => $time,
":gender" => $info['gender']
)
) or die(print_r($query->errorInfo(), true));
$rc = hash("sha512", uniqid(mt_rand(1, mt_getrandmax()), true));
$query = $database -> prepare("SELECT id FROM members WHERE email = :email LIMIT 1");
$query -> execute(
array(
":email" => $info['email']
)
);
$user_id = $query -> fetch();
$query = $database -> prepare("INSERT INTO regcodes (user_id, reg_code) VALUES (:id, :rc)");
$query -> execute(
array(
":id" => $user_id['id'],
":rc" => $rc
)
);
mail($info['email'], "Activate your account for Code-Cluster!", "Please click the following link to activate your account for Code-Cluster!\r\n http://www.ablp.x10.mx/code-cluster/activate.php?rc=".$rc);
return true;
exit();
}
}
}
} catch(PDOException $e) {
echo "<response>An error occured whilst creating your account! An email has been sent to tech support!</response>";
mail("admin#codecluster.x10.mx", "Code-Cluster Sign-Up Error", "Sign-Up Error; Timestamp # " . date() . " ; IP Address : " . $_SERVER['REMOTE_ADDR'] . " ;\r\n" . $e);
exit();
}
}
This is the database structure:
It should be :email and not just email in array.
array(
":email" => $info['email']
)
Similarly for all other execute() calls.