Hy :) Basically i am struggling with the same Problem as this Boy over here: PHP Sign-up Form Not Working - I think we were going through the same youtube tutorial :D
unfortunately i could not comment on this topic, that is why i am opening a new one. The thing is that my signup.php should be correct (at least the inputs right?) , but i am very likely to overlook things:
Thi signup.php File:
<?php
include_once 'header.php';
?>
<section class="main-container">
<div class="main-wrapper">
<h2>Sign up</h2>
<form class="signup-form" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="Firstname">
<input type="text" name="last" placeholder="Lastname">
<input type="text" name="email" placeholder="E-Mail">
<input type="text" name="uid" placeholder="Username">
<input type="password" name="pwd" placeholder="Password">
<button type="submit" name="submit">Sign up</button>
</form>
</div>
</section>
<?php
include_once 'footer.php';
?>
When I type in information, it keeps on displaying me signup.php?signup=empty.
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error Handlers
//Check for empty fieldset
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}
else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
// Check if E-Mail is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
}
else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
else {
// Hashing the Password (verschlüsseln)...
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the User into the Database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else {
header("Location: ../signup.php");
exit();
}
Thank you very much in advance for any hint on this.
Best, Chris
update:
When adding following to the Code:
exit(var_dump(empty($first), empty($last), empty($email), empty($uid), empty($pwd)));
it returns
bool(true) bool(true) bool(true) bool(true) bool(true)
Related
I need some help to solve this problem.
I currently have a website with a database attached with myphpadmin/sql.
I have a register site that redirects users to this url when the registration fields are empty. (http://localhost/register.php?signup=empty)
the problem i am have is that when i try to login on my login page, i want the user to be redirected to this these two url's when an error or empty fields occures. (index.php?login=empty) and (index.php?login=error). But instead i get redirected to (http://localhost/register.php?signup=empty).
Therefore i think that my buttons on the login page are linked to something that aint right?? But i really cant seeem to solve the problem. So any help would be appreciated.
This is my code.
INDEX.php
<?php session_start(); ?>
<!DOCTYPE html <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="stylesheet.css" />
<title>CSS Login form</title>
</head>
<body>
<div class="login">
<form action="login.php" method="POST">
<input type="text" name="name" placeholder="Username" id="name">
<input type="password" name="password" placeholder="Password" id="password">
<input type="submit" name="submit" value="Sign In">
<input type="button" value="Sign Up" onclick="location.href='register.php';" />
</div>
</body>
</html>
LOGIN.php
<?php session_start();
if (isset($_POST['submit']))
{
include 'dbh.inc.php';
include 'register.php';
$name = mysqli_real_escape_string($conn, $POST['name']);
$password = mysqli_real_escape_string($conn, $POST['password']);
//check inputs
if (empty($name) || empty($password)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_name='$name'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resulstCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//de-hashing password
$hashedPasswordCheck = password_verify($password, $row['user_password']);
if ($hashedPasswordCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPasswordCheck == true) {
//If true log the user in
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_phone'] = $row['user_phone'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_zip'] = $row['user_zip'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
REGISTER.php
<?php if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$phone = mysqli_real_escape_string($conn, $_POST['phone']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$zip = mysqli_real_escape_string($conn, $_POST['zip']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
header("Location: ../register.php?signup=empty");
exit();
} else {
if (
!preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
!preg_match("/[^#]+#[^#]+\.[^#]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
!preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
) {
header("Location: ../register.php?signup=invalid");
exit();
} else {
//Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_id='$user_id'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing of the Password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user to database
$sql = "INSERT INTO users (user_name, user_phone, user_email,
user_zip, user_password) VALUES ('$name', '$phone', '$email',
'$zip', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
?>
<!DOCTYPE HTML>
<html>
<head></head>
<body>
<form class=”this.html” method="POST">
<label for="name" style="color: blue;">name</label>
<br>
<input type="text" name="name" id="name" />
<br>
<label for="password">password</label>
<br>
<input type="password" name="password" id="password" />
<br>
<label for="phone">phone number</label>
<br>
<input type="text" name="phone" id="phone" />
<br>
<label for="email">email adress</label>
<br>
<input type="text" name="email" id="email" />
<br>
<label for="zip">zip code</label>
<br>
<input type="text" name="zip" id="zip" />
<br>
<button type="submit" name="submit">Sign up</button>
</form>
</body>
</html>
On the top of login.php you
include 'register.php';
The consequence is, that register.php gets executed, it sees the missing empty($name) || empty($phone)... and redirects to header("Location: ../register.php?signup=empty");
The simple solution: remove that include 'register.php';
I'm new in PHP so I have trouble with make simple sign up form. My issue is that when I would like to sign up every data is send to my db except password. Where is the error?
My db is mySQL. Try few times user_pwd has no output in my db...
php singup form:
<form class="signup-form" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="Name">
<input type="text" name="last" placeholder="Surname">
<input type="text" name="email" placeholder="E-mail">
<input type="text" name="uid" placeholder="ID">
<input type="password" name="pwd" placeholder="Password">
<button type="submit" name="submit">Sing up</button>
</form>
php - singup.inc.php:
<?php
if(isset($_POST['submit'])){
include_once 'db.php';
$first = mysqli_real_escape_string($conn,$_POST['first']);
$last = mysqli_real_escape_string($conn,$_POST['last']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$uid = mysqli_real_escape_string($conn,$_POST['uid']);
$pwd = mysqli_real_escape_string($conn,$_POST['pwd']);
// error handlers
// all fields not empty
if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd) ){
header("Location: ../signup.php?signup=empty");
exit();
}
else{
// check spelling
if(!preg_match("/^[a-zA-z]*$/", $first) || !preg_match("/^[a-zA-z]*$/", $last)){
header("Location: ../signup.php?signup=invalid");
exit();
}
else{
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?signup=email");
exit();
}
else{
$sql = "SELECT * FROM users WHERE user_uid = '$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck>0){
header("Location: ../signup.php?signup=usertaken");
exit();
}else{
$hashedPwd = password_hash($pwd, PASSWORD_DEFALUT);
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else{
header("Location: ../signup.php");
exit();
}
taken from: http://php.net/manual/en/function.password-hash.php
Return Values ¶
Returns the hashed password, or FALSE on failure.
you have
$hashedPwd = password_hash($pwd, PASSWORD_DEFALUT);
which most likely returns "false", because it doesn't support the hash mode "PASSWORD_DEFALUT".
Try editing that to the correct format
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
I hope that solves it for you.
Please remove the $hashedPwd so that it will not be include.
Your db.php might be the culprit here.
Replace PASSWORD_DEFALUT to PASSWORD_DEFAULT as the command for password_hash is being process could not continue but will give null return value.
//$hashedPwd = password_hash($pwd, PASSWORD_DEFALUT);
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid,user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
I just want this PHP code to display form validation errors in my website whenever someone uses the form incorrectly. Here is the code and I will also include the HTML of the form.
The code is only for reference, if you have a better way of doing it, then please show me.
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$number = mysqli_real_escape_string($conn, $_POST['number']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
// Error handlers
// Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($number) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
// Check if input characters are valid
if (!preg_match("/^[a-zA-Z'-]+$/",$first) || !preg_match("/^[a-zA-Z'-]+$/",$last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
// Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=invalidemail");
exit();
} else {
if (preg_match("/^[0-9]{3}-[0-9]{4}-[0-9]{4}$/", $number)) {
header("Location: ../signup.php?signup=invalidnumber");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
// Hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
// Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_number, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$number', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../accountcreated.php");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
Here is the HTML code:
<form class="memberform" action="includes/signup.inc.php" method="POST" novalidate>
<input id="spfirst" class="form_fname" type="text" name="first" placeholder="First Name">
<span class="error_form"></span>
<input id="splast" class="form_lname" type="text" name="last" placeholder="Last Name">
<span class="error_form"></span>
<input class="form_email" type="email" name="email" placeholder="E-mail">
<span class="error_form"></span>
<input id="spnumber" class="form_tel" type="tel" name="number" placeholder="Phone number">
<span class="error_form"></span>
<input id="spuser" class="form_user" type="text" name="uid" placeholder="Username">
<span class="error_form"></span>
<input class="form_password" type="password" name="pwd" placeholder="Password">
<span class="error_form"></span>
<button type="submit" name="submit">Create Account</button>
</form>
Okay there it is. I already tried so many things a nothing seems to work... Maybe it's due to my limited knowledge with PHP.
This is not the best way to do it in my opinion, but following your current code, I suggest you do this.
In your signup.php file, add this where you want the error message to appear (within the HTML if you want):
<?php
if(isset($_GET['signup'])){
switch($_GET['signup']){
case 'empty':
$msg = 'Empty fields';
break;
case 'invalid':
$msg = 'Invalid input';
break;
case 'invalidemail':
$msg = 'Invalid email';
break;
case 'invalidnumber':
$msg = 'Invalid number';
break;
case 'usertaken':
$msg = 'User taken';
break;
default:
$msg = ''; // Default message, if any
break;
}
echo '<div class="error_div">'.$msg.'</div>'; // here's where the message appears
}
?>
That will show your messages. Obviously, feel free to change the class name and style it as you wish.
Or you can simply do something like this (changing the text and stuff depending on the result you're looking for):
<?php
if(isset($_GET['signup'])){
if($_GET['signup'] == 'empty'){
echo '<span class="error_form">Empty values</span>';
}
}
?>
Since you're redirecting users to the signup page with a specific error message (Example: usertaken), you can use $_GET to handle the errors.
So in your signup page, do this
$error should = "" ;
if(isset($_GET['signup'])) {
$error = $_GET['signup'];
if(!empty($error){
//check for specific errors
if($error == "usertaken"){
$errorMsg = "The username has already been taken, try again";
}
}
}
You can use the $errorMsg in your HTML and put it where you want to display the error and design it accordingly.
NOTE: I have not done any sanitization, trying to keep this short.
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 5 years ago.
I made a simple sign up system with PHP and phpmyadmin. However, every time I try to enter text into my inputs and press submit, it comes up as a syntax error that says "Parse error: syntax error, unexpected '{' in C:\wamp64\www\includes\signup.inc.php on line 15"
Nothing is showing up in my database and I could use some help.
(P.S. I use a wamp server if that has any relevance)
Sign up PHP script(signup.inc.php)
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
//Error handlers
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($username) ||
/*LINE 15 THE ERROR IS REFERRING TO*/ (empty($password)) {
header('Location: ../signup.php?signup=empty');
exit();
} else {
//Check is input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || (!preg_match("/^[a-zA-
Z]*$/", $last)) {
header('Location: ../signup.php?signup=invalid');
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: ../signup.php?signup=empty');
exit();
} else {
$sql = "SELECT * FROM users WHERE user_username='username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header('Location: ../signup.php?signup=usertaken');
exit();
} else {
//Hashing the password
$hashedPassword = password_hash($password,
PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_username, user_password) VALUES ('$first', '$last',
'$email',
'$username' '$hashedPassword');";
mysqli_query($conn, $sql);
header('Location: ../signup.php?signup=success');
exit();
}
}
}
}
} else {
header('Location: ../signup.php');
exit();
}
Database connection(dbh.inc.php)
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbServername = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,
$dbServername);
Sign up form(html in PHP file)(signup.php)
<?php include_once 'header.php';?>
<section class="main-container">
<div class="wrapper">
<h2>Sign Up</h2>
<form class="Sign" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First Name"><br>
<input type="text" name="last" placeholder="Last Name"><br>
<input type="email" name="email" placeholder="E-mail"><br>
<input type="text" name="username" placeholder="Username"><br>
<input type="password" name="password" placeholder="Password"><br>
<button type="submit" name="submit">Sign Up!</button><br>
</form>
</div>
</section>
<?php include_once 'footer.php';?>
Help would be much appreciated. Thanks!
Its is just a simple typo, so you are missing the closing ) in the if statement.
Change to this
if (empty($first) || empty($last) || empty($email) || empty($username) ||
empty($password) ) {
header('Location: ../signup.php?signup=empty');
exit();
} else {
....
My php signup system won't connect to my locally hosted phpmyadmin database even though I've checked through spelling errors and everything seems like it should work. The header wont change even though it's stated in the PHP sign up script. Nothing is being transferred into my database(which has no errors with it). If someone could tell me what I'm doing wrong that would be great. (P.S. footer.php and header.php are correct and included in the form)
Sign up error handlers and sign up script:
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST)$_POST['first'];
$last = mysqli_real_escape_string($conn, $_POST)$_POST['last'];
$email = mysqli_real_escape_string($conn, $_POST)$_POST['email'];
$username = mysqli_real_escape_string($conn, $_POST)$_POST['username'];
$password = mysqli_real_escape_string($conn, $_POST)$_POST['password'];
//Error handlers
//Check for empty fields
if (empty($first)) || (empty($last)) || (empty($email)) ||
(empty($username)) || (empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check is input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || (!preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_username='username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing the password
$hashedPassword = password_hash($password,
PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_username, user_password) VALUES ('$first', '$last',
'$email', '$username' '$hashedPassword');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
Database connection:
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbServername = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,
$dbServername);
Sign up form(html in a php file):
<?php include_once 'header.php';?>
<section class="main-container">
<div class="wrapper">
<h2>Sign Up</h2>
<form class="Sign" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First Name"><br>
<input type="text" name="last" placeholder="Last Name"><br>
<input type="email" name="email" placeholder="E-mail"><br>
<input type="text" name="username" placeholder="Username"><br>
<input type="password" name="password" placeholder="Password"><br>
<button type="submit" name="">Sign Up!</button><br>
</form>
</div>
</section>
<?php include_once 'footer.php';?>
Please help if you can. It would be much appreciated. Thanks!
Give the name 'submit' to submit button of your HTML Signup Page:
<button type="submit" name="submit">Sign Up!</button>
Change PHP Signup Page POST:
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Change empty values checking of stmt to:
if ( (empty($first)) || (empty($last)) or (empty($email)) || (empty($username)) || (empty($password)) )
Change input characters validity checking if stmt to:
if ( (!preg_match("/^[a-zA-Z]*$/", $first)) || ((!preg_match("/^[a-zA-Z]*$/", $last)) ) )