I have created a registration forms with PHP in my Wordpress site.
For now users can create an account and login normally.
But I want to add a function that sends an activation to email before they can login.
This is the current code I have.
<?php
$error= '';
$success = '';
global $wpdb, $PasswordHash, $current_user, $user_ID;
if(isset($_POST['task']) && $_POST['task'] == 'register' ) {
$role_option = $wpdb->escape(trim($_POST['role-option']));
$password1 = $wpdb->escape(trim($_POST['password1']));
$password2 = $wpdb->escape(trim($_POST['password2']));
$first_name = $wpdb->escape(trim($_POST['first_name']));
$last_name = $wpdb->escape(trim($_POST['last_name']));
$email = $wpdb->escape(trim($_POST['email']));
$email2 = $wpdb->escape(trim($_POST['email2']));
$username = $wpdb->escape(trim($_POST['username']));
$userrole = $wpdb->escape(trim($_POST['userrole']));
if( $email == "" || $password1 == "" || $password2 == "" || $username == "" || $first_name == "" || $last_name == "" || $role_option == "") {
$error= 'Please don\'t leave the required fields.';
} else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error= 'Invalid email address.';
} else if(email_exists($email) ) {
$error= 'Email already exist.';
} else if($email <> $email2 ){
$error= 'Emails do not match.';
} else if($password1 <> $password2 ){
$error= 'Password do not match.';
} else {
$user_id = wp_insert_user( array ('first_name' => apply_filters('pre_user_first_name', $first_name), 'last_name' => apply_filters('pre_user_last_name', $last_name), 'user_pass' => apply_filters('pre_user_user_pass', $password1), 'user_login' => apply_filters('pre_user_user_login', $username), 'user_email' => apply_filters('pre_user_user_email', $email), 'role' => apply_filters('pre_user_user_role', $role_option)) );
if( is_wp_error($user_id) ) {
$error= 'Error on user creation.';
} else {
do_action('user_register', $user_id);
$current_url = home_url($_SERVER['REQUEST_URI']);
wp_redirect( $current_url );
exit;
$success = 'You\'re successfully register';
}
}
}
?>
Related
Implementing a simple register system and after implementing try to test it I get this error message:
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
My code for register user is:
<?php
session_start();
require_once('config.php');
if(isset($_POST['submit']))
{ if(isset($_POST['name'],$_POST['lastname'],$_POST['email'],$_POST['pass']) && !empty($_POST['name']) && !empty($_POST['lastname']) && !empty($_POST['email']) && !empty($_POST['pass']))
{
$name= trim($_POST['name']);
$lastname = trim($_POST['lastname']);
$email= trim($_POST['email']);
$pass= trim($_POST['pass']);
$options = array("cost"=>4);
$hashPassword = password_hash($pass,PASSWORD_BCRYPT,$options);
$date = date('Y-m-d H:i:s');
if(filter_var($email, FILTER_VALIDATE_EMAIL))
{
$sql = 'SELECT * FROM members WHERE email = :email';
$stmt = $pdo->prepare($sql);
$p = ['email'=>$email];
$stmt->execute($p);
if($stmt->rowCount() == 0)
{
$sql = "insert into members (name, lastname, email, `pass`, created_date,updated) values(:name,:lastname,:email,:pass,:created_date,:updated)";
try{
$handle = $pdo->prepare($sql);
$params = [
':name'=>$name,
':lastname'=>$lastname,
':email'=>$email,
':pass'=>$hashPassword,
':created_date'=>$date,
':updated'=>$date
];
$handle->execute($params);
$success = 'Successfull registration!';
}
catch(PDOException $e){
$errors[] = $e->getMessage();
}
}
else
{
$valName= $name;
$valLastname= $lastname;
$valEmail= '';
$valPass= $pass;
$errors[] = 'Email address already registered';
}
}
else
{
$errors[] = "Email address is not valid";
}
}
else
{
if(!isset($_POST['name']) || empty($_POST['name']))
{
$errors[] = 'Error 1!';
}
else
{
$valIme= $_POST['name'];
}
if(!isset($_POST['lastname']) || empty($_POST['lastname']))
{
$errors[] = 'Error 2!';
}
else
{
$valLastname= $_POST['lastname'];
}
if(!isset($_POST['email']) || empty($_POST['email']))
{
$errors[] = 'Error 4!';
}
else
{
$valEmail= $_POST['email'];
}
if(!isset($_POST['pass']) || empty($_POST['pass']))
{
$errors[] = 'Error 5!';
}
else
{
$valPass= $_POST['pass'];
}
}
}
?>
I don't get where the problem could be. I think is that I need to change the date value inserted to the database, and that could be a problem. Can someone test this code and tell me where is the problem?
i am trying to make a registration system but when i register the data isn't there.
i tried to search same questions but i couldn't find the issue, and the worst is that the script detect the database but wont get the data in.
The PHP script :
<?php
$bdd = new PDO('mysql:host=127.0.0.1;dbname=fireblock', 'root', '');
if(isset($_POST['submitform'])) {
$username = htmlspecialchars($_POST['username']);
$email = htmlspecialchars($_POST['email']);
$email2 = htmlspecialchars($_POST['email2']);
$pass = sha1($_POST['pass']);
$pass2 = sha1($_POST['pass2']);
if(!empty($_POST['username']) AND !empty($_POST['email']) AND !empty($_POST['email2']) AND !empty($_POST['pass']) AND !empty($_POST['pass2'])) {
$usernamelength = strlen($username);
if($usernamelength <= 255) {
if($email == $email2) {
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
$reqemail = $bdd->prepare("SELECT * FROM members WHERE email = ?");
$reqemail->execute(array($email));
$emailexist = $reqemail->rowCount();
if($emailexist == 0) {
if($pass == $pass) {
$insertmbr = $bdd->prepare("INSERT INTO members(username, email, pass) VALUES(?, ?, ?)");
$insertmbr->execute(array($username, $email, $pass));
$error = "Your account has been created! Connect";
} else {
$error = "Your passs are not the same!";
}
} else {
$error = "Email already used!";
}
} else {
$error = "Your email is invalid!";
}
} else {
$error = "Your emails are not the same!";
}
} else {
$error = "Your username can't get upper than 255 characters!";
}
} else {
$error = "Every fields should be filled!";
}
}
?>
I'm using php 7 and postgres and I'm failing to get this password hash thing down.
Here's my user Registration. It's outputting passwords to the db similar to "$2y$10$1GWNRZokmwGR1/dxnMRiOuw4/dNh2IzH9O2QvIu5wjlLAX2OZRW5G" which seems to work:
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$required_fields = array('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email_address', 'phone',
'department', 'group_role');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Fields marked with asterisk are required';
break 1;
}
}
}
if (empty($errors) === true) {
if (user_exists($_POST['username']) === true) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' is already taken';
}
if (preg_match("/\\s/", $_POST['username']) == true) {
$errors[] = 'Your useranme must not contain any spaces';
}
if (strlen($_POST['password']) < 14) {
$errors[] = 'Your password must be at least 14 characters';
}
if ($_POST['password'] !== $_POST['confirm_password']) {
$errors[] = 'You passwords do not match';
}
if (filter_var($_POST['email_address'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email address is required';
}
if (email_exists($_POST['email_address']) === true) {
$errors[] = 'Sorry, this email \'' . $_POST['email_address'] . '\' is already registered';
}
}
if (isset($_GET['success']) && empty($_GET['success'])) {
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
?>
<h3>Registration Successful! You will receive an email once your registration is approved. </h3>
<?php
include 'include/widgets/login_rpt.php';
}
} else {
if (empty($_POST) === false && empty($errors) === true) {
$user_req = $_POST['username'];
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_DEFAULT)."\n";
$register_data = array(
'username' => $_POST['username'],
'password' => $hashedPassword,
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email_address' => $_POST['email_address'],
'phone' => $_POST['phone'],
'department' => $_POST['department'],
'region' => $_POST['region'],
'group_role' => $_POST['group_role'],
'active' => 0
);
register_user($register_data);
header('Location: register.php?success');
exit();
} else if (empty($errors) === false) {
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
?>
<h3>Registration unsuccessful: </h3>
<?php
echo output_errors($errors);
include 'include/widgets/login_rpt.php';
}
}
}
function email_exists($email) {
$email = sanitize($email);
// echo "SELECT COUNT (userid) FROM user_profiles WHERE email_address = '$email'";
return (pg_fetch_result(pg_query("SELECT COUNT (userid) FROM user_profiles WHERE email_address = '$email'"), 0) == 1) ? true : false;
}
?>
And here is my login script:
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Please enter a username and password';
} else if (user_exists($username) === false) {
$errors[] = 'Username not found. Please register.';
} else if (user_active($username) === false) {
$errors[] = 'Account not active';
} else {
if (strlen($password) > 32) {
$errors[] = 'Password too long';
}
$hash = login($username, $password);
if (password_verify($password, "$hash")) {
$_SESSION['userid'] = $login;
header('Location: main.php');
exit;
} else {
$errors[] = " Username & Password are incorrect";
}
}
} else {
header('Location: index.php');
}
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
?>
<h3>login unsuccessful: </h3>
<?php
echo output_errors($errors);
include 'include/widgets/login_rpt.php';
include 'include/eFoot.php';
}
function login($username, $password) {
$user_id = get_id($username);
$username = sanitize($username);
// $hash = password_hash($password, PASSWORD_DEFAULT);
$row = pg_fetch_assoc(pg_query("SELECT password FROM user_profiles WHERE username = '$username'"));
$hash = $row['password'];
return $hash;
}
?>
I'm new to php, so any help would be outstanding!!!
Okay, thank you for your answers, but none of you were correct. I had to use pg_escape_string prior to the hash and verify functions. Simple, simple, simple....
hi i created this code below in my wordpress theme within my login.php page i created conditional statements successfully without any problem but in my last if statement when the username and password is correct i can't when this statement is correct i log in?
i want when the username and password is correct directly show legge in username and add the log out link to log out from the theme.
<?php
$error = '';
$success = '';
global $user_identity;
if(isset($_POST['task']) && $_POST['task'] == 'login') {
$username = esc_attr($_POST['login_username']);
$password = esc_attr($_POST['login_password']);
$remember = esc_attr($_POST['login_remember']);
$user = get_user_by('login', $username);
$user_id = $user->ID;
$user_data = get_userdata($user_id);
$user_login = $user_data->user_login;
$user_pass = $user_data->user_pass;
if($username == '' && $password == '') {
$error = 'Please Fill Required Fields!';
}
if($username == '') {
$error = 'Please Enter Your Username';
}
if($password == '') {
$error = 'Please Enter Your Password';
}
if($user_login != $username) {
$error = 'The Username is Incorrect';
}
if($user_pass != $password) {
$error = 'The Password is Incorrect';
}
if($user_login == $username && $user_pass == $password) {
}
}
?>
hey just create array of user data and passed into wp_signon($data,false) see below.
$login_data = array();
$login_data['user_login'] = $username;
$login_data['user_password'] = $password;
$login_data['remember'] = $remember; // set true or false for remember
$user_verify = wp_signon( $login_data, false );
if ( is_wp_error($user_verify) )
{
echo $user->get_error_message();
exit;
} else {
header("Location: " . home_url() . "/login/error/");
}
read document for more detail wp_signon()
I'm trying to figure out how to find out where I need to do the steps if it was the username or if it was the email address the user filed out.
// Assign variable values if there is values
if ((isset($_POST['username'])) && ($_POST['username'] !== NULL) && (!empty($_POST['username']))) { $username = trim($_POST['username']); }
if ((isset($_POST['email'])) && ($_POST['email'] !== NULL) && (!empty($_POST['email']))) { $email = trim($_POST['email']); }
// IF BOTH FIELDS ARE EMPTY, ERROR CONDITION EXISTS
if (empty($username) && empty($email)) {
$errors = "yes";
$message = "You must enter a value for either the username or email address!";
$output = array('errorsExist' => true, 'message' => $message);
} else if (!empty($username) && !empty($email)) {
$errors = "yes";
$message = "You can only enter a value for the username or email address!";
$output = array('errorsExist' => true, 'message' => $message);
} else {
}
// Assign variable values if there is values
if ((isset($_POST['username'])) && ($_POST['username'] !== NULL) && (!empty($_POST['username']))) { $username = trim($_POST['username']); }
if ((isset($_POST['email'])) && ($_POST['email'] !== NULL) && (!empty($_POST['email']))) { $email = trim($_POST['email']); }
// IF BOTH FIELDS ARE EMPTY, ERROR CONDITION EXISTS
if (empty($username) && empty($email)) {
$errors = "yes";
$message = "You must enter a value for either the username or email address!";
$output = array('errorsExist' => true, 'message' => $message);
} else if (!empty($username) && !empty($email)) {
$errors = "yes";
$message = "You can only enter a value for the username or email address!";
$output = array('errorsExist' => true, 'message' => $message);
} else {
if(!empty($username)) {
//Do some things if the user entered only the username
}
else {
//Do some things if the user entered only email
}
}
else if ( empty( $username ) ) {
// Output username error
}
else if ( empty( $email ) ) {
// Output email error
}
In this case, however, I would skip the if/else statements, and just use an error condition:
$is_error = false;
if ( empty( $username ) ) {
$is_error = true;
$error_messages[] = 'Your username error message';
}
if ( empty( $email ) ) {
$is_error = true;
$error_messages[] = 'Your email error message';
}
if ( $is_error ) {
// Output all error messages
}
else {
// Perform success event
}
I think you need to do your steps in the last else that will execute only if neither username and email are empty or inputted. So in the last else, you can do something like
if (!empty($username)) {
} else {
}
On another note, I think you do not need to all the 3 checks when populating $username or $email; the first and the last should suffice, like:
if (isset($_POST['username']) && !empty($_POST['username']) {
$username = $_POST['username'];
}