I'm new in PHP so I have trouble with make simple sign up form. My issue is that when I would like to sign up every data is send to my db except password. Where is the error?
My db is mySQL. Try few times user_pwd has no output in my db...
php singup form:
<form class="signup-form" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="Name">
<input type="text" name="last" placeholder="Surname">
<input type="text" name="email" placeholder="E-mail">
<input type="text" name="uid" placeholder="ID">
<input type="password" name="pwd" placeholder="Password">
<button type="submit" name="submit">Sing up</button>
</form>
php - singup.inc.php:
<?php
if(isset($_POST['submit'])){
include_once 'db.php';
$first = mysqli_real_escape_string($conn,$_POST['first']);
$last = mysqli_real_escape_string($conn,$_POST['last']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$uid = mysqli_real_escape_string($conn,$_POST['uid']);
$pwd = mysqli_real_escape_string($conn,$_POST['pwd']);
// error handlers
// all fields not empty
if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd) ){
header("Location: ../signup.php?signup=empty");
exit();
}
else{
// check spelling
if(!preg_match("/^[a-zA-z]*$/", $first) || !preg_match("/^[a-zA-z]*$/", $last)){
header("Location: ../signup.php?signup=invalid");
exit();
}
else{
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?signup=email");
exit();
}
else{
$sql = "SELECT * FROM users WHERE user_uid = '$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck>0){
header("Location: ../signup.php?signup=usertaken");
exit();
}else{
$hashedPwd = password_hash($pwd, PASSWORD_DEFALUT);
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else{
header("Location: ../signup.php");
exit();
}
taken from: http://php.net/manual/en/function.password-hash.php
Return Values ¶
Returns the hashed password, or FALSE on failure.
you have
$hashedPwd = password_hash($pwd, PASSWORD_DEFALUT);
which most likely returns "false", because it doesn't support the hash mode "PASSWORD_DEFALUT".
Try editing that to the correct format
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
I hope that solves it for you.
Please remove the $hashedPwd so that it will not be include.
Your db.php might be the culprit here.
Replace PASSWORD_DEFALUT to PASSWORD_DEFAULT as the command for password_hash is being process could not continue but will give null return value.
//$hashedPwd = password_hash($pwd, PASSWORD_DEFALUT);
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid,user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
Related
Hy :) Basically i am struggling with the same Problem as this Boy over here: PHP Sign-up Form Not Working - I think we were going through the same youtube tutorial :D
unfortunately i could not comment on this topic, that is why i am opening a new one. The thing is that my signup.php should be correct (at least the inputs right?) , but i am very likely to overlook things:
Thi signup.php File:
<?php
include_once 'header.php';
?>
<section class="main-container">
<div class="main-wrapper">
<h2>Sign up</h2>
<form class="signup-form" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="Firstname">
<input type="text" name="last" placeholder="Lastname">
<input type="text" name="email" placeholder="E-Mail">
<input type="text" name="uid" placeholder="Username">
<input type="password" name="pwd" placeholder="Password">
<button type="submit" name="submit">Sign up</button>
</form>
</div>
</section>
<?php
include_once 'footer.php';
?>
When I type in information, it keeps on displaying me signup.php?signup=empty.
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error Handlers
//Check for empty fieldset
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}
else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
// Check if E-Mail is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
}
else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
else {
// Hashing the Password (verschlüsseln)...
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the User into the Database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else {
header("Location: ../signup.php");
exit();
}
Thank you very much in advance for any hint on this.
Best, Chris
update:
When adding following to the Code:
exit(var_dump(empty($first), empty($last), empty($email), empty($uid), empty($pwd)));
it returns
bool(true) bool(true) bool(true) bool(true) bool(true)
I just want this PHP code to display form validation errors in my website whenever someone uses the form incorrectly. Here is the code and I will also include the HTML of the form.
The code is only for reference, if you have a better way of doing it, then please show me.
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$number = mysqli_real_escape_string($conn, $_POST['number']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
// Error handlers
// Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($number) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
// Check if input characters are valid
if (!preg_match("/^[a-zA-Z'-]+$/",$first) || !preg_match("/^[a-zA-Z'-]+$/",$last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
// Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=invalidemail");
exit();
} else {
if (preg_match("/^[0-9]{3}-[0-9]{4}-[0-9]{4}$/", $number)) {
header("Location: ../signup.php?signup=invalidnumber");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
// Hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
// Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_number, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$number', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../accountcreated.php");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
Here is the HTML code:
<form class="memberform" action="includes/signup.inc.php" method="POST" novalidate>
<input id="spfirst" class="form_fname" type="text" name="first" placeholder="First Name">
<span class="error_form"></span>
<input id="splast" class="form_lname" type="text" name="last" placeholder="Last Name">
<span class="error_form"></span>
<input class="form_email" type="email" name="email" placeholder="E-mail">
<span class="error_form"></span>
<input id="spnumber" class="form_tel" type="tel" name="number" placeholder="Phone number">
<span class="error_form"></span>
<input id="spuser" class="form_user" type="text" name="uid" placeholder="Username">
<span class="error_form"></span>
<input class="form_password" type="password" name="pwd" placeholder="Password">
<span class="error_form"></span>
<button type="submit" name="submit">Create Account</button>
</form>
Okay there it is. I already tried so many things a nothing seems to work... Maybe it's due to my limited knowledge with PHP.
This is not the best way to do it in my opinion, but following your current code, I suggest you do this.
In your signup.php file, add this where you want the error message to appear (within the HTML if you want):
<?php
if(isset($_GET['signup'])){
switch($_GET['signup']){
case 'empty':
$msg = 'Empty fields';
break;
case 'invalid':
$msg = 'Invalid input';
break;
case 'invalidemail':
$msg = 'Invalid email';
break;
case 'invalidnumber':
$msg = 'Invalid number';
break;
case 'usertaken':
$msg = 'User taken';
break;
default:
$msg = ''; // Default message, if any
break;
}
echo '<div class="error_div">'.$msg.'</div>'; // here's where the message appears
}
?>
That will show your messages. Obviously, feel free to change the class name and style it as you wish.
Or you can simply do something like this (changing the text and stuff depending on the result you're looking for):
<?php
if(isset($_GET['signup'])){
if($_GET['signup'] == 'empty'){
echo '<span class="error_form">Empty values</span>';
}
}
?>
Since you're redirecting users to the signup page with a specific error message (Example: usertaken), you can use $_GET to handle the errors.
So in your signup page, do this
$error should = "" ;
if(isset($_GET['signup'])) {
$error = $_GET['signup'];
if(!empty($error){
//check for specific errors
if($error == "usertaken"){
$errorMsg = "The username has already been taken, try again";
}
}
}
You can use the $errorMsg in your HTML and put it where you want to display the error and design it accordingly.
NOTE: I have not done any sanitization, trying to keep this short.
My php signup system won't connect to my locally hosted phpmyadmin database even though I've checked through spelling errors and everything seems like it should work. The header wont change even though it's stated in the PHP sign up script. Nothing is being transferred into my database(which has no errors with it). If someone could tell me what I'm doing wrong that would be great. (P.S. footer.php and header.php are correct and included in the form)
Sign up error handlers and sign up script:
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST)$_POST['first'];
$last = mysqli_real_escape_string($conn, $_POST)$_POST['last'];
$email = mysqli_real_escape_string($conn, $_POST)$_POST['email'];
$username = mysqli_real_escape_string($conn, $_POST)$_POST['username'];
$password = mysqli_real_escape_string($conn, $_POST)$_POST['password'];
//Error handlers
//Check for empty fields
if (empty($first)) || (empty($last)) || (empty($email)) ||
(empty($username)) || (empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check is input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || (!preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_username='username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing the password
$hashedPassword = password_hash($password,
PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_username, user_password) VALUES ('$first', '$last',
'$email', '$username' '$hashedPassword');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
Database connection:
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbServername = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,
$dbServername);
Sign up form(html in a php file):
<?php include_once 'header.php';?>
<section class="main-container">
<div class="wrapper">
<h2>Sign Up</h2>
<form class="Sign" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First Name"><br>
<input type="text" name="last" placeholder="Last Name"><br>
<input type="email" name="email" placeholder="E-mail"><br>
<input type="text" name="username" placeholder="Username"><br>
<input type="password" name="password" placeholder="Password"><br>
<button type="submit" name="">Sign Up!</button><br>
</form>
</div>
</section>
<?php include_once 'footer.php';?>
Please help if you can. It would be much appreciated. Thanks!
Give the name 'submit' to submit button of your HTML Signup Page:
<button type="submit" name="submit">Sign Up!</button>
Change PHP Signup Page POST:
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Change empty values checking of stmt to:
if ( (empty($first)) || (empty($last)) or (empty($email)) || (empty($username)) || (empty($password)) )
Change input characters validity checking if stmt to:
if ( (!preg_match("/^[a-zA-Z]*$/", $first)) || ((!preg_match("/^[a-zA-Z]*$/", $last)) ) )
This question already has answers here:
Register page wont insert data to database
(2 answers)
Closed 7 years ago.
When I click submit it sends me to the header location which confirms the user they have signed up but the data isn't being sent to the database so you cant login after signing up, not sure what is wrong I had it working earlier, cant find my mistake. Some help would be appreciated!
<form action = "Register.php" method="POST">
<?php
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$Fname = $_POST['Fname'];
$Lname = $_POST['Lname'];
$Display1 = $_POST['Display1'];
$Display2 = $_POST['Display2'];
if(empty($username) || empty($password) || empty($email) || empty($Fname) || empty($Lname) || empty($Display1)) {
echo '<p>Fields Empty!</p>';
} else if(mysql_num_rows($query) > 0){
$query = mysql_query("SELECT * FROM users WHERE username ='$username' AND password ='$password'");
echo'<p>Username or Password Already Exists!</p>';
} else {
mysql_query("INSERT INTO users(id, username, password, Display1, Display2, email, Fname, Lname, user_level, type) VALUES (``, '$username', '$password', '$Display1', '$Display2', '$email', '$Fname', '$Lname', '2', 'a')");
$subject = "Membership Confirmation";
$message = "Hello, You have registered an account on ";
$from = "From: ";
header("location:signuppayment.php");
mail($email, $subject, $message, $from);
}
}
?>
<fieldset>
<legend>Register</legend>
<label>Username: <input class="text" type="text" name="username" /></label>
<label>Password: <input class="text" type="password" name="password" /> </label>
<label>Email: <input class="text" type="text" name="email" /></label>
<label>First name: <input class="text" type="text" name="Fname" /></label>
<label>Last name: <input class="text" type="text" name="Lname" /></label>
<label>Display name 1: <input class="text" type="text" name="Display1" /> </label>
<label>Display name 2: <input class="text" type="text" name="Display2" /></label>
</fieldset>
<div class ="registerForm">
<input type="submit" name="submit" value="Register"/>
</form>
Replace your code with following;
<?php
if(isset($_POST['submit'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$Fname = mysql_real_escape_string($_POST['Fname']);
$Lname = mysql_real_escape_string($_POST['Lname']);
$Display1 = mysql_real_escape_string($_POST['Display1']);
$Display2 = mysql_real_escape_string($_POST['Display2']);
if(empty($username) || empty($password) || empty($email) || empty($Fname) || empty($Lname) || empty($Display1)) {
echo '<p>Fields Empty!</p>';
//set your header location here if you want to tell the user the fields are empty incase you have seprate php action file;
//exit;
}
$query = mysql_query("SELECT * FROM users WHERE username ='$username' AND password ='$password'");
if(mysql_num_rows($query) > 0)
echo'<p>Username or Password Already Exists!</p>';
//set your header location here if you want to tell the user that username and password already exist incase you have seprate php action file;
//exit;
} else {
mysql_query("INSERT INTO users(id, username, password, Display1, Display2, email, Fname, Lname, user_level, type) VALUES (``, '$username', '$password', '$Display1', '$Display2', '$email', '$Fname', '$Lname', '2', 'a')");
//You can also set if statement here so to be sure that email triggered after successfull data insertion
$subject = "Membership Confirmation";
$message = "Hello, You have registered an account on ";
$from = "From: ";
mail($email, $subject, $message, $from);
}
header("location:signuppayment.php");
exit;
}
?>
//you can set inputs 'required' like this to be sure no empty field submitted, better use jQuery or javascript for validation.
<input class="text" type="text" name="username" required />
Try something like...
$db = new mysqli("localhost", "user", "password", "database");
if($db->connect_errno) {
die('Sorry, there is trouble making database connections at the moment.');
}
if(isset($_POST['submit']){
if(empty($_POST['username'])
|| empty($_POST['password'])
|| empty($_POST['email'])
|| empty($_POST['Fname'])
|| empty($_POST['Lname'])
|| empty($_POST['Display1'])
|| empty($_POST['Display2'])) {
echo '<p>Please make sure all fields are filled.</p>';
} else {
$check = $db->query("SELECT username FROM users WHERE username = {$username}");
if($check->num_rows) {
echo 'Username taken.';
} else {
$query = $db->prepare("INSERT INTO users (username, password, Display1, Display2, email, Fname, Lname) VALUES (?, ?, ?, ?, ?, ?, ?)");
$query->bind_param('sssssss', $_POST['username'], $_POST['password'], $_POST['Display1'], $_POST['Display2'], $_POST['email'], $_POST['Fname'], $_POST['Lname']);
$query->execute();
header("location:signuppayment.php");
}
}
}
Everything I coded is fine except for the final step which is logging in. I'm asking for it to LOCATION: INDEX.PHP after i submit in the data, it's doing just that, except in index.php it's not giving me the script I asked it to, which is "welcome! you are now logged in".
index.php
<?php session_start(); ?>
<?php
if(isset($_SESSION['username'])){
echo 'Welcome! You are now logged in!';
} else{
echo 'Register<br />Login';
}
?>
login.php
<?php session_start(); ?>
<form method="POST">
<input type="text" name="username" placeholder="username">
<input type="text" name="password" placeholder="password">
<input type="submit" value="post">
</form>
<?php
if(isset($_POST['username'], $_POST['password'])){
require'core/connect.php';
$query = dbConnect()->prepare("SELECT username, password FROM users WHERE username=:username AND password=:password");
$query->bindParam(':username', $_POST['username']);
$query->bindParam(':password', $_POST['password']);
if($query->execute() === true){
header("Location: index.php");
} else{
echo "Something went wrong!";
}
}
?>
register.php
<?php
if(isset($_POST['username'], $_POST['password'])){
require'core/connect.php';
$query = dbConnect()->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
$query->bindParam(':username', $_POST['username']);
$query->bindParam(':password', $_POST['password']);
if($query->execute()){
header("Location: index.php");
} else{
echo 'UH OH!';
}
}
?>
$query->execute() just check the sql is right, but not check the username and password is right.
So if($query->execute() === true){ will never check the password is right.
And if the password is right, you have to set the session value before redirect to the index page.
Example:
$query = dbConnect()->prepare("SELECT username FROM users WHERE username=:username AND password=:password");
$query->bindParam(':username', $_POST['username']);
$query->bindParam(':password', $_POST['password']);
$query->execute()
if($row = $query->fetch()){
$_SESSION['username'] = $row['username'];
header("Location: index.php");
} else{
echo "Something went wrong!";
}