i am trying to set a login/sign up part for my site and i am trying to make it so that the user needs to make a password that cant be all uppercase or all lowercase and no less than 8 characters. this is my code and i am not quite sure where it is going wrong or why it isnt working. any ideas?
if (isset($_POST['submit'])) {
include_once 'dbh.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//Check for empty fields
if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if input char are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check if email is valid
if(strlen($pwd) >=8) {
if (!ctype_upper($pwd) && !ctype_lower($pwd)){
echo "great"
}
}}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid= '$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
You missed semicolon(;) at echo "great";
if (!ctype_upper($pwd) && !ctype_lower($pwd))
{
echo "great";
}
And there is one excess closing bracket(}) before last else:
}
else {
header("Location: ../signup.php");
exit();
}
Try these templates for regular expressions to check your password:
<?php
$passw = "ABFaDAasS";
print_r(preg_match("/^[A-Za-z]{8,}$/",$passw)); // Lowercase and uppercase with length 8 or more. Prints 1 or true
print_r(preg_match("/^[a-z]{8,}$/",$passw)); // Lowercase with length 8 or more. Prints 0 or false
print_r(preg_match("/^[A-Z]{8,}$/",$passw)); // Uppercase with length 8 or more. Prints 0 or false
print_r(preg_match("/^[A-Za-z0-9]{8,}$/",$passw)); // Lowercase and uppercase and all numbers with length 8 or more. Prints 1 or true
But usually after your check syntax you should use hash from given passwords, can just use md5 function like:
echo md5("password"); //prints 5f4dcc3b5aa765d61d8327deb882cf99
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
i've been trying to fix this error past 4 hours now, and i lost my hopes to do it on my own, so i've getting this error:
Parse error: syntax error, unexpected '||' (T_BOOLEAN_OR) in D:\xampp\htdocs\Login system\includes\signup.inc.php on line 13
How to get it fixed? I overlooked everywhere cuz i knew somewhere could be some left unclosed brackets.
And heres my php code, HELP ALLERT :<
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
//Error Handlers
//check for empty fields
if (empty($uid) || empty(email) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z*$/]", $uid)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
header("Location: ../signup.php?signup=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysql_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Haching the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_email, user_uid, user_pwd)
VALUES ('$uid', '$email', '$hashedPwd' );";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
You're writing the if-else statements the wrong way, the error you're getting is from the if statement with no opening and closing curly brackets, same goes for the other ones.
try this one:
<?php
include_once 'dbh.inc.php';
if (!isset($_POST['submit'])) {
header("Location: ../signup.php");
exit();
}
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
//Error Handlers
//check for empty fields
if (empty($uid) || empty(email) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}
if (!preg_match("/^[a-zA-Z*$/]", $uid)) {
header("Location: ../signup.php?signup=empty");
exit();
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?signup=empty");
exit();
}
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysql_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
//Haching the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_email, user_uid, user_pwd) VALUES ('$uid', '$email', '$hashedPwd' );";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
i have a problem with my website. it should get a Login/Sign Up website. If i type in my First and Last name, password and so, i click on submit and 404 Object not Found Appears. The Files are in the correct directory... btw, im not using a htaccess file yet so u dont need to ask for it.
sry for my basic english :)
`
if (isset($POST_['submit']))
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//error handler
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty")
exit();
} else {
//Check if inputs are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $first) ) {
header("Location: ../signup.php?signup=invalid")
exit();
} else {
//check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email")
exit();
} else {
$sql = "SELECT * FROM users WHERE user_id='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($results);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usernametaken")
exit();
} else {
//hashing passwords
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into DB
$sql = "INSER INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$
last', '$email', '$uid', '$hashedPwd');";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=succes")
exit();
}
}
}
} else {
header("Location: ../signup.php")
exit();
}`
As far as I know you can't use '..' notation in header('location:'). Browsers don't understand '..' notation.
You should use either a fully qualified URL or a relative URL:
header('Location: http://example.com/your-subdirectories/signup.php') ;
header('Location: /your-subdirectories/signup.php') ;
This question has already been answered on Stack Overflow
Hope someone with fresh eyes can help.Thanks-R
CHECKS IF SUBMIT BUTTOM IS CLICKED---SECURITY(Button type in signup.php file)--/
if (isset($_POST['submit'])) {
/*INCLUDE DATABASE FILE--*/
include_once 'dbh.inc.php';
/CREATE A VARIABLE--(CALLED FIRST)--(IS THE FIRST INPUT INSIDE THE SIGNUP FORM) (allows for code to be converted to text) [[Cannot input code into box}}--/
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//ERROR HANDLERS
//CHECK FOR EMPTY FIELDS---(double pipes means or in php)
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//CHECK IF INPUT CHARACTERS ARE VALID
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//CHECK IF EMAIL IS VALID
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0){
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//HASHING PASSWORD---
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//INSERT USER INTO DATABASE
$sql= "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first','$last', '$email', '$uid','$hashedPwd' );";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
} else{
/*COLON MUST NOT HAVE SPACE BETWEEN LOCATION---SPACE BETWEEN ../---(TAKES BACK A DIRECTORY)--PREVENTS GOING TO URL TO ACCESS FILE PAGE.--TAKES USER
BACK TO SIGNUP PAGE*/
header("Location: ../signup.php");
/*exit--closes off script from running--(IF ANYTHING AFTER EXIT FUNCTION)*/
exit();
}
Please format your code properly next time so that you can avoid this type of errors in the future:
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}else{
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?signup=email");
exit();
}else{
$sql = "SELECT user_uid FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0){
header("Location: ../signup.php?signup=usertaken");
exit();
}else{
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
$sql= "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first','$last', '$email', '$uid','$hashedPwd' );";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}else{
header("Location: ../signup.php");
exit();
}
I changed this part of your code:
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//CHECK IF EMAIL IS VALID
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
Since you can just check the email after checking the first and last name of the user using else if.
P.S I would not want to be the user of this kind of site as it redirects you everytime there is an error in your inputs. Ideally it would be best if you could tell them the errors in their input when they are still in the form that way they don't have to retype everything after a redirect and figure out eachtime what they did wrong.
HTML5 email input will already check if the email is of valid format so you can use that as well.
you can also give this a read. this as well.
The problem in your code was the missing } before the final else statement
<?php
require_once("db_credentials.php");
$conn = mysqli_connect("localhost", "root", "isdc3333", "collab_schema");
if (isset($_POST["submit"])) {
$first = mysqli_real_escape_string($conn, $_POST["first"]);
$last = mysqli_real_escape_string($conn, $_POST["last"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$uid = mysqli_real_escape_string($conn, $_POST["uid"]);
$pwd = mysqli_real_escape_string($conn, $_POST["pwd"]);
if (empty($first) or empty($last) or empty($email) or empty($uid) or
empty($pwd)) {
header("Location: signup.php?signup=empty");
exit();
} else {
if (!preg_match("/^[a-zA-Z]*$/", $first) or !preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: signup.php?signup=invalid");
exit();
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: signup.php");
exit();
} else {
$sql = "SELECT * FROM users WHERE uid='$uid'";
$result = mysqli_query($conn, $sql);
$queryResults = mysqli_num_rows($result);
if ($queryResults > 0) {
header("Location: signup.php?signup=usertaken");
exit();
} else {
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
$sql = "INSERT INTO collab_schema.users (first, last, email, uid,
pwd) VALUES ('$first', '$last', '$email', '$uid',
'$hashedPwd');";
$result = mysqli_query($conn, $sql);
header("Location: signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: signup.php");
exit();
echo "Redirecting...";
}
?>
The last sql query won't work, can you list the errors?
Doesn't look like the code is working, but everyone says it fine.
I'm just putting more text because stack overflow says to put more details even when I don't want too :^)
I have followed this tutorial https://www.youtube.com/watch?v=xb8aad4MRx8&t=225s on creating a login system and signup form on a website. I created it on my localhost and it worked perfectly. I have since tried to upload it to my website I have created a database on my server and changed the php code however no data is being entered into the database. My hosting service is 1and1 and below is the code for the code to link the database in php. Password has been changed
<?php
$host_name = 'db706265806.db.1and1.com';
$database = 'db706265806';
$user_name = 'dbo706265806';
$password = 'PASSWORD';
$conn = mysqli_connect($host_name, $user_name, $password, $database);
And this is the code for the signup form
<?php
if (isset($_POST['submit'])) {
include_once 'dbh-inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//error handers
//check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else{
//check if input char are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
//check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else{
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usernametaken");
exit();
} else{
//hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//insert the user into db
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else{
header("Location: ../signup.php");
exit();
}
Any help for why the data isnt being entered would be appreciated