This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 2 years ago.
I'm doing an registration form and I'm trying to check if the email that the person inserts in the input is already in another table that has all emails that I allow to be registered. If it is it should register the person. I don't understand where I'm failing. I'm starting now with php. Please help.
<?php
if(isset($_POST['signup-submit'])){
require 'dbh.inc.php';
$username = mysqli_real_escape_string($conn, $_POST['uid']);
$email = mysqli_real_escape_string($conn,$_POST['mail']);
$password = mysqli_real_escape_string($conn,$_POST['pwd']);
$passwordRepeat = mysqli_real_escape_string($conn, $_POST['pwd-repeat']);
$check1 = $_POST['check1'];
$check2 = $_POST['check2'];
if(empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header ("Location: ../header.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-z0-9]*$/", $username)){
header("Location: ../header.php?error=invalidadmail&uid=");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../header.php?error=invalidadmail&uid=".$username);
exit();
}
else if (!preg_match("/^[a-zA-z0-9]*$/", $username)){
header("Location: ../header.php?error=invalidaduid&mail=".$email);
exit();
}
elseif($password !== $passwordRepeat){
header("Location: ../header.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}
elseif((!isset($check1)) || (!isset($check2))){
echo"<script>alert('É necessário confirmar as duas opções :(');
window.location.href='../header.php'</script>";
exit();
}
This is the part of the code that is not working
$sql2 = "SELECT * FROM emails WHERE (email_socio = '$email')";
$res = mysqli_query($conn, $sql2);
if (mysqli_num_rows($res) < 0) {
echo "FAIL";
}
These are other validations and where it will insert the data into final table
else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../header.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if($resultCheck > 0){
header("Location: ../header.php?error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../header.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
$sql ="SELECT * FROM users WHERE uidUsers='$username' AND emailUsers='$email'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result)>0){
while($row = mysqli_fetch_assoc($result)){
$userid = $row['idUsers'];
$sql = "INSERT INTO profileimg (userid, status) VALUES ('$userid', 1)";
mysqli_query($conn, $sql);
}
}
header("Location: ../header.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../header.php");
exit();
}
Your condition is wrong:
if (mysqli_num_rows($res) < 0) {
echo "FAIL";
}
You're checking for less than zero, when in fact it should be less than one.
So, change it to either of the two:
if (mysqli_num_rows($res) === 0) // it logically cannot contain negative values
if (mysqli_num_rows($res) < 1)
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 3 years ago.
Improve this question
When I signup successfully via the localhost file, it sends to the database successfully and echos success. But when I try using the same details to log in, it returns an error.
However, this is not the same via the hosted site. It works perfectly on 000webhost.
My login code:
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailusername = $_POST['useremail'];
$password = $_POST['userpwd'];
if (empty($mailusername) || empty($password)) {
header("Location: ../login.php?error=emptyfields");
exit();
}
else{
$sql = "SELECT * FROM `users` WHERE username=? OR email=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=sqlError");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "ss", $mailusername, $mailusername);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['password']);
if ($pwdCheck == false) {
header("Location: ../login.php?error=wrongPwd");
exit();
}
else if($pwdCheck == true){
session_start();
$_SESSION['userId'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: ../index.php?login=success");
exit();
}
else{
header("Location: ../login.php?error=wrongPass");
exit();
}
}
else{
header("Location: ../login.php?error=noUser");
exit();
}
}
}
}
else{
header("Location: ../login.php");
exit();
}
My signup code:
<?php
if (isset($_POST['submit'])) {
require 'dbh.inc.php';
$fullname = $_POST['fullname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordRepeat = $_POST['confirm_password'];
//if empty input
if (empty($fullname) || empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&fullname="); //. $fullname."&username=". $username."&email".$email);
exit();
}
else if(!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username) ){
header("Location: ../signup.php?error=invalidemail&username=");
exit();
}
//if email is invalid return error
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?error=invalidemail&fullname=");
exit();
}
//checking for valid password
elseif(!preg_match("/^[a-zA-Z0-9]*$/", $username)){
header("Location: ../signup.php?error=invalidusername&email=");
exit();
}
//check confirmed password
else if($password !== $passwordRepeat){
header("Location: ../signup.php?error=passwordRepeat&username=");
exit();
}
//if username is already taken
else{
$sql = "SELECT username FROM `users` WHERE username=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
//did we get a match?
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usernametaken");// .$username);
exit();
}
else{
$sql = "INSERT INTO `users`(`fullname`, `username`, `email`, `password`) VALUES (?, ?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else{
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $fullname, $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else{
header("Location: ../signup.php");
exit();
}
I need help, please. As I need to integrate a dashboard but can't seem to get logged in the first place.
The column holding the password hashes created by password_hash() must be at least 60 characters in order to work properly. Please adjust the size of the column holding the hash, then reregister the users. Once done, the passwords will verify properly.
From the docs:
PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
My database is empty. I don't know what's wrong any more. Is it a syntax error? I've already tried to find a syntax error, but I can't find one. Can anyone help me or tell me what's the problem?
<?php
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) ||
empty($passwordRepeat)) {
header("Location: ../signup.php?
error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) &&
!preg_match("/^[a-zA-Z0-9]*%/", $username)) {
header("Location: ../signup.php?error=invalidmail&uid=");
exit();
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?
error=invalidmail&uid=".$username);
exit();
}
elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invalidmail&uid=".$email);
exit();
}
elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?
error=passworcheck&uid=".$username."&mail=".$email);
}
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?
error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers)
VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $username, $email,
$password);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=succes");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../signup.php");
exit();
}
My guess: This line is wrong:
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
^^^^^^^^^
....
mysqli_stmt_bind_param($stmt, "s", $username);
I think, you want to ask fo a user name to get the user id.
There maybe more errors.
I am pretty new to php coding and I have setup a working signup/signin system for a website, but now I want to create an admin user which can edit/upload pictures to the website. I just have no idea how to do it, so far I have just added a column to phpmyadmin which is usertype and its an enum with two variables which are admin and users, and I have set the default to user so when someone signs up they are defaulted as a user. so any help would be greatly appreciated.
This is my login php
if (isset($_POST['login-submit'])) {
#
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../index.php?error=emptyfields");
exit();
}else {
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}else{
mysqli_stmt_bind_param($stmt, "s", $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpassword");
exit();
}elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}
}
}
}else {
header("Location: ../index.php");
exit();
}
This is my signup php
<?php
if (isset($_POST['signup-sumbit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaildmailuid");
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invaildmail&uid=".$username);
exit();
}elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invailduid&mail=".$email);
exit();
}elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror1");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=".$email);
exit();
} else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}else {
header("Location: ../signup.php");
exit();
}
This is a picture of the new column I added
Picture of phpmyadmin
This is the code where you are checking if user has admin privileges and store in session
if($row['user_type'] == 'Admin'){
$_SESSION['isAdmin'] = true;
}else{
$_SESSION['isAdmin'] = false;
}
later you can use $_SESSION['isAdmin'] to give privileges as you wish
if($_SESSION['isAdmin']){
//code for uploading pictuers ..
}
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
i've been trying to fix this error past 4 hours now, and i lost my hopes to do it on my own, so i've getting this error:
Parse error: syntax error, unexpected '||' (T_BOOLEAN_OR) in D:\xampp\htdocs\Login system\includes\signup.inc.php on line 13
How to get it fixed? I overlooked everywhere cuz i knew somewhere could be some left unclosed brackets.
And heres my php code, HELP ALLERT :<
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
//Error Handlers
//check for empty fields
if (empty($uid) || empty(email) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z*$/]", $uid)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
header("Location: ../signup.php?signup=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysql_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Haching the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_email, user_uid, user_pwd)
VALUES ('$uid', '$email', '$hashedPwd' );";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
You're writing the if-else statements the wrong way, the error you're getting is from the if statement with no opening and closing curly brackets, same goes for the other ones.
try this one:
<?php
include_once 'dbh.inc.php';
if (!isset($_POST['submit'])) {
header("Location: ../signup.php");
exit();
}
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
//Error Handlers
//check for empty fields
if (empty($uid) || empty(email) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}
if (!preg_match("/^[a-zA-Z*$/]", $uid)) {
header("Location: ../signup.php?signup=empty");
exit();
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?signup=empty");
exit();
}
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysql_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
//Haching the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_email, user_uid, user_pwd) VALUES ('$uid', '$email', '$hashedPwd' );";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
Im stuck with some code. Im pretty new to this.
If the else statement ($uidcheck) returns false it should execute the elseif statement ($emailcheck). See code below.
$username = $_POST['username'];
$email = $_POST['email'];
$pwd = $_POST['pwd'];
if (empty($username)) {
header("Location: ../signup.php?error=empty");
exit();
}
if (empty($email)) {
header("Location: ../signup.php?error=empty");
exit();
}
if (empty($pwd)) {
header("Location: ../signup.php?error=empty");
exit();
} else {
$sql = "SELECT username FROM user WHERE username='$username'";
$result = mysqli_query($conn, $sql);
$uidcheck = mysqli_num_rows($result);
if ($uidcheck > 0) {
header("Location: ../signup.php?error=username");
exit();
} elseif ($uidcheck < 0) {
$sql = "SELECT email FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
$emailcheck = mysqli_num_rows($result);
if ($emailcheck > 0) {
header("Location: ../signup.php?error=email");
exit();
} else {
$sql = "INSERT INTO user (username, email, pwd)
VALUES ('$username', '$email', '$pwd')";
$result = mysqli_query($conn, $sql);
header("Location: ../index.php");
}
}
}
When the emailadress already exists in the database it should exit and add a parameter to the header.
Thanks in advance!
Sven
Your code may does the purpose. But that is not good enough to read/debug.
if( !isset($_POST["username"]) || !isset($_POST["email"]) || !isset($_POST["pwd"]) || empty($_POST["username"]) || empty($_POST["email"]) || empty($_POST["pwd"]) )
{
header("Location: ../signup.php?error=empty");
exit();
}
$sql = "SELECT username FROM user WHERE username='".mysqli_real_escape_string($username)."'";
$result = mysqli_query($conn, $sql);
$uidcheck = mysqli_num_rows($result);
if ($uidcheck > 0)
{
header("Location: ../signup.php?error=username");
exit();
}
else
{
$sql = "SELECT email FROM user WHERE email='".mysqli_real_escape_string($email)."'";
$result = mysqli_query($conn, $sql);
$emailcheck = mysqli_num_rows($result);
if ($emailcheck > 0) {
header("Location: ../signup.php?error=email");
exit();
}
else {
$sql = "INSERT INTO user (username, email, pwd)
VALUES ('$username', '$email', '$pwd')";
$result = mysqli_query($conn, $sql);
header("Location: ../index.php");
}
}
Here are my Recommendations:
Always check if an variable is declared in the scope using isset() function. If the value of "username" or "email or "pwd" is not submitted in the POST request, your code will throw a Fatal Exception and rendering stops there.....
Don't put the value submitted by the User directly into the SQL query....This will make your web application Vulnerable to SQL Injection Attack.
Try this..
You are checking the MySQL resulted value in a wrong manner. For Example Email is already existed in you DB then your Query results Value, then you don not check with < or > just try with either it is empty or not.
$username = $_POST['username'];
$email = $_POST['email'];
$pwd = $_POST['pwd'];
if (empty($username)) {
header("Location: ../signup.php?error=empty");
exit();
}
if (empty($email)) {
header("Location: ../signup.php?error=empty");
exit();
}
if (empty($pwd)) {
header("Location: ../signup.php?error=empty");
exit();
} else {
echo "Username check";
$sql = "SELECT username FROM user WHERE username='$username'";
$result = mysqli_query($conn, $sql);
$uidcheck = mysqli_num_rows($result);
if (!empty($uidcheck)) {
header("Location: ../signup.php?error=username");
exit();
} elseif (empty($uidcheck)) {
$sql = "SELECT email FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
echo $emailcheck = mysqli_num_rows($result);
if (!empty($emailcheck)) {
header("Location: ../signup.php?error=email");
exit();
} else {
echo "asdasd";
$sql = "INSERT INTO user (username, email, pwd)
VALUES ('$username', '$email', '$pwd')";
$result = mysqli_query($conn, $sql);
header("Location: ../index.php");
}
}
}