I created a registration.php a login user.php an error.php and a server.php which errors validate and server connects my php form to database. login.php is working as is saying wrong id and/or password while registration form not working. When I click submit its just like refreshing and nothing its saved to database. Trying 3 days and can't figure why. maybe its my p.c problem? I'm working with XAMPP and phpmyadmin and dreamweaver.
here is my register.php.
<?php include('server.php') ?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Registration Form</title>
<link rel="stylesheet" type="text/css" href="forms.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="input-group">
<label>Name:</label>
<input type="text" name="name">
</div>
<div class="input-group">
<label>Surname:</label>
<input type="text" name="surname">
</div>
<div class="input-group">
<label>Password:</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Paswword:</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<label>Student ID:</label>
<input type="text" name="studentid">
</div>
<div class="input-group">
<label>Email:</label>
<input type="text" name="email">
</div>
<div class="input-group">
<label>Course:</label>
<input type="text" name="course">
</div>
<div class="input-group">
<center><button type="submit" name="register" class="btn">Register</button></center>
</div>
<p>
Already a registered student? Sign in
</p>
</form>
</body>
</html>
and this is my server.php
<?php
session_start();
// variable declaration
$name = "";
$surname = "";
$email = "";
$studentid = "";
$password_1 ="";
$password_2 = "";
$course = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'registration');
// if register button clicked receive all inputs from the form
if (isset($_POST['reg_user'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$surname = mysqli_real_escape_string($db, $_POST['surname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$studentid = mysqli_real_escape_string($db, $_POST['studentid']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_1 = md5($password_1);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$password_2 = md5($password_2);
$course = mysqli_real_escape_string($db, $_POST['course']);
// ensure that form fields are filled properly
if (empty($name)) {
array_push($errors, "Name is required");
}
if (empty($surname)) {
array_push($errors, "Surame is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($studentid)) {
array_push($errors, "Student ID is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if (empty($course)) {
array_push($errors, "Course is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
if (count($errors) == 0) {
$password = md5($password_1); //encrypt the password before saving in the database
$query = "INSERT INTO users (id, name, surname, email, studentid, password, course)
VALUES(0,'$name','$surname', '$email', '$studentid' '$password', '$course')";
mysqli_query($db, $query);
$_SESSION['studentid'] = $studentid;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
// login user
if (isset($_POST['login_user'])) {
$studentid = mysqli_real_escape_string($db, $_POST['studentid']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($studentid)) {
array_push($errors, "Student ID is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE studentid='$studentid' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['studentid'] = $studentid;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong Student ID or Password. Please try again.");
}
}
}
?>
database
you button name is different from the one in php
//previous code button clicked for register
if (isset($_POST['reg_user'])) {}
instead of
//button clicked for register
if (isset($_POST['register'])) {}
and also your query
if your "id" an auto increment, leave it blank rather put 0, you can also do as follow
$query = "INSERT INTO users (name, surname, email, studentid, password,
course)VALUES('$name','$surname', '$email', '$studentid' '$password', '$course')";
UPDATED TO HELP ANYONE WITH SIMILAR ISSUE
For anyone that may have similar code challenge, please check if every semi column, comma and dot are where they should be.
You can debug also by echoing out the values to know where the problem is probably coming from.
Also read through the comments you might pick up what you need from there.
Hope this helped.
Problem is in your Query You take surname instead of username.
Change Query
From this
$query = "INSERT INTO users (name, surname, email, studentid, password, course)
VALUES(0,'$name','$surname', '$email', '$studentid' '$password', '$course')";
To this
$query = "INSERT INTO users (id, name, surname, email, studentid, password, course)
VALUES('$name','$username', '$email', '$studentid' '$password', '$course')";
And there are lots of spelling mistake in code. kindly fill relax and check all spelling.
Related
I created a registration form using HTML, created a database called “web_app_dev" and linked the form to the database using PHP, however, when I test the form and click the Submit button nothing happens. It doesn't show me any errors and the information does not get posted into the database.
The table in the database is called "registration"
Below is the code for the "registerform.php"
<?php
session_start();
$FirstName = "";
$LastName = "";
$gender = "";
$email = "";
$password = "";
$errors = array();
// connect to database
$conn = mysqli_connect('localhost', 'root', '', 'web_app_dev');
// check if the registration button is clicked
if (isset($_POST['reg_btn'])) {
// Receive information from the form
$FirstName = mysqli_real_escape_string($conn, $_POST['FirstName']);
$LastName = mysqli_real_escape_string($conn, $_POST['LastName']);
$gender = mysqli_real_escape_string($conn, $_POST['gender']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
// make sure that the form is correctly filled
if (empty($FirstName)) {
array_push($errors, "First Name is required");
}
if (empty($LastName)) {
array_push($errors, "Last Name is required");
}
if (empty($gender)) {
array_push($errors, "Gender is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
//check if user already exists in the database
$user_check = "SELECT * FROM registration WHERE email='$email' LIMIT 1";
$result = mysqli_query($conn, $user_check);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($email['email'] == $email) {
array_push($errors, "A user with this email already exists");
}
}
//register the user if there are no errors
if (count($errors) == 0) {
$password = md5($password); //encrypt the password before saving it into the database
$query = "INSERT INTO registration (FirstName, LastName, gender, email, password)
VALUES('$FirstName', '$LastName', '$gender', '$email', '$password')";
mysqli_query($conn, $query);
$_SESSION['success'] = "Registration successful!";
}
}
?>
Below is the code from the html file that contains the html code for the form, the file's name is "regform.php"
<?php include('registerform.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" href="edits.css">
</head>
<body>
<style>
body {
background-image: url("img/bg2.jpg");
}
</style>
<div class="header">
<h2 style="margin-right: 60px;">Register</h2>
</div>
<form method="post" action="registerform.php">
<div class="input-group">
<label for="FirstName">First Name</label>
<input type="text" name="FirstName" id="FirstName"
placeholder="Enter First Name..."/>
</div>
<div class="input-group">
<label for="LastName">Last Name</label>
<input type="text" name="LastName" id="LastName"
placeholder="Enter Last Name..."/>
</div>
<div class="radio-group">
<label for="m"><input type="radio" name="gender"
value="m">Male</label>
<label for="f"><input type="radio" name="gender"
value="f">Female</label>
</div>
<div class="input-group">
<label for="email">Email</label>
<input type="text" name="email" id="email" placeholder="Enter
Email...">
</div>
<div class="input-group">
<label for="password">Password</label>
<input type="text" name="password" id="password"
placeholder="Enter password...">
</div>
<div class="input-group">
<button type="submit" class="btn" id= "reg_btn"
name="reg_btn" value="reg_btn">Submit</button>
</div>
</form>
</body>
</html>
[Edit] Bellow is a screenshot of the error message that shows, after adding the error reporting code before the mysqli_connect() code.
Error message after filling in the form and clicking the register button
"Line 59" from the error message, is referring to the second last line from the registerform.php code. the code on that line is;
mysqli_query($conn, $query);
The data I put in the form is also shown bellow
Data inserted in the form
It's because you're inserting a hash of the password into the database, not the original password the user entered. md5 hashes usually come out at 32 characters (regardless of the length of the hashed data).
Note that - as you were warned above - md5 is obsolete now and insecure, it can be cracked easily. So should switch to using php's secure password_hash function. As per its documentation you need to allow at least 60 characters for storing a hash created by that function (but it advises 255 is better)
I am creating a login form for a website that should redirect the user to the index page after they log in. The problem I'm having is that when I enter the details for logging in, it runs the error part of the code and I can't seem to figure out where I went wrong. I have gone through my code and even physically compared both the passwords and username and they match. Please help me with where I went wrong.
config.php
<?php
session_start();
$host = 'localhost';
$host_user = 'root';
$host_pass = '';
$db_name = 'the_dms_db';
$conn = mysqli_connect($host, $host_user, $host_pass, $db_name);
if (!$conn) {
echo 'Could not connect to the database';
}
$name = '';
$surname = '';
$username = '';
$email = '';
$errors = array();
if (isset($_POST['register_user'])) {
// receive inputs
$name = mysqli_real_escape_string($conn, $_POST['name']);
$surname = mysqli_real_escape_string($conn, $_POST['surname']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$c_password = mysqli_real_escape_string($conn, $_POST['c_password']);
// form validation that it is filled correctly
if (empty($name)) {
array_push($errors, "Name is required");
}
if (empty($surname)) {
array_push($errors, "Surname is required");
}
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if ($password != $c_password) {
array_push($errors, "Passwords to not match");
}
// check database to see if user exists
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email = '$email' LIMIT 1";
$result = mysqli_query($conn, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, 'Username already exists');
}
if ($user['email'] === $email) {
array_push($errors, 'Email already exists');
}
}
// register user if no errors
$pass_hash = password_hash($password, PASSWORD_BCRYPT);
if (count($errors) == 0) {
$query = "INSERT INTO users (name, surname, username, email, password) VALUES ('$name', '$surname', '$username', '$email', '$pass_hash')";
mysqli_query($conn, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = 'You are now logged in!';
header('location: ./index.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
if (empty($username)) {
array_push($errors, 'Username is required');
}
if (empty($password)) {
array_push($errors, 'Password is required');
}
if (count($errors) == 0) {
$password = password_hash($password, PASSWORD_BCRYPT);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($conn, $query);
if (mysqli_num_rows($results) == 0) {
$_SESSION['username'] = $username;
$_SESSION['success'] = 'You are now logged in!';
header('location: ./index.php');
} else {
array_push($errors, 'Wrong username/password');
}
}
}
signin.php
<?php
require_once './header.php';
include_once './config.php';
?>
<link rel="stylesheet" href="/assets/css/style.css">
<section class="sign-in-section">
<div class="container">
<div class="form-area ">
<h1>Sign In</h1>
<form action="./signin.php" class="signin-form" method="POST">
<?php include './errors.php'; ?>
<section class="input-sections">
<input type="text" class="inputs form-control" name="username" id="username" placeholder="Username or Email">
<input type="password" class="inputs form-control" name="password" id="password" placeholder="Password">
<button type="submit" class="btn-form btn signin-btn" name="login_user" id="login_user">Sign in</button>
</section>
</form>
Not yet a member? Register here!
</div>
</div>
</section>
signup.php
<?php
include './config.php';
require_once './header.php';
?>
<link rel="stylesheet" href="/assets/css/style.css">
<section class="sign-in-section">
<div class="container">
<div class="form-area ">
<h1>Sign up</h1>
<form action="signup.php" class="signup-form" method="post">
<?php include './errors.php' ?>
<section class="input-sections">
<input type="text" class="inputs form-control" name="name" id="name" placeholder="Name" value="<?php echo $name ?>">
<input type="text" class="inputs form-control" name="surname" id="surname" placeholder="Surname" value="<?php echo $surname ?>">
<input type="text" class="inputs form-control" name="username" id="username" placeholder="Username" value="<?php echo $username ?>">
<input type="text" class="inputs form-control" name="email" id="email" placeholder="Email" value="<?php echo $email ?>">
<input type="password" class="inputs form-control" name="password" id="password" placeholder="Password">
<input type="password" class="inputs form-control" name="c_password" id="c_password" placeholder="Confirm Password">
<button type="submit" class="btn-form btn register-btn" name="register_user" id="register">Register</button>
</section>
</form>
Already have an account? Sing in here!
</div>
</div>
</section>
errors.php
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
Shouldn't the returned result have 1 row rather than 0 rows, if it's a match?
Change this
if (mysqli_num_rows($results) == 0)
To this
if (mysqli_num_rows($results) >= 1)
If you ignore the vulnerabilities within the sql statements you should analyse the following to see where you were going astray with the approach above. Using password_hash will generate a new hash on each invocation - so the hashed password will never ( hopefully ) match a newly generated hash. You need to use password_verify instead.
define('BR','<br />');
$password=$_POST['password'];
$query = "SELECT `password` FROM `users` WHERE `username`='$username' LIMIT 1";
$results = mysqli_query( $conn, $query );
$rs=mysqli_fetch_assoc( $results );
if( password_verify( $password, $rs['password'] ) ){
/* OK - The user supplied a good username/password combo */
}else{
/* Bad Foo!!! The supplied password did not verify against the stored hash */
}
If you consider
$pwd='banana';
echo password_hash($pwd,PASSWORD_DEFAULT) . BR;
echo password_hash($pwd,PASSWORD_DEFAULT) . BR;
echo password_hash($pwd,PASSWORD_DEFAULT) . BR;
you will likely see results similar to:
$2y$10$7a4Cvzn51eYa3EJKary8zemJn4/GiFA.2fqYQrwd6QrRORIk552Wm
$2y$10$E5.28SSkQo2lZv11zilkBO1L35umAFzr5Zr2yKScX4nDgFkN.kTbK
$2y$10$HEzHOFT/7V972XDEB9uzRuU/dxHxRnSXs64wu1qdahJs2CSp3wwD6
As you can see they are all different...
i have a website for users to login and register, the website was working fine when login and register was in 2 different pages, now i have made them both in the same page, the html code is like below:
<h2>Login</h2>
</div>
<form method="post" class="form-detail" action="index.php">
<?php include('errors.php'); ?>
<div style="padding-right: 20px; margin-left: -40px;" class="input-group">
<label>Username</label>
<input type="text" name="username" >
</div>
<div style="padding-right: 20px; margin-left: -40px;" class="input-group">
<label>Password</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_user">Login</button>
</div>
</form>
</div>
<form class="form-detail" method="post" action="index.php">
<div class="header">
<h2>Register Now</h2>
</div>
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
the server.php file which does the functionality is like:
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'teia');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: profile.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
and finally the error.php is below
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
earlier it was working completely fine, now when i added both login and register in same pages, both login and register not working, instead simply loading the page, as i am new to php, can anyone please tell me whats wrong with my code
You can use switch statement for your solutions with different submit button value like below
<button type="submit" class="btn" value="login">Login</button>
<button type="submit" class="btn" value="register">Register</button>
<?php
switch($_POST['submit']) {
case 'login':
//...
break;
case 'register':
//...
break;
}
?>
The problem is that both your form actions point to index.php which isn't where the functionality is.
<form method="post" class="form-detail" action="server.php">
Change both forms to this. That should solve your problem.
Edit:
To display the errors, you'll need access to the $errors variable you defined. One way to do this is to move the code in error.php like so:
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
} else {
include('errors.php');
}
Are you sure; you are adding this <?php include('server.php'); ?> at the top of the index.php page?
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
I'am trying to create register/login system. However, I've faced some problems. I can't understand where's the mistake in my code.
Here's my server.php & register.php. Browser shows that mistake is in line 65. "Parse error: syntax error, unexpected ';'". In my opinion ; must be there.
<?php
session_start();
$username = "";
$email = "";
$errors = array();
// Connect to the database
$db = mysqli_connect('localhost', 'root', '', 'lead2pro');
// If the register button is clicked
if(isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db ,$_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty($email)) {
array_push($errors, "Email is required!");
}
if(empty($password_1)) {
array_push($errors, "Password is required!");
}
if($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// If there are no errors, save user to database
if(count($errors) == 0) {
$password = md5($password_1); // Hashin the password before storing in database
$sql = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')";
mysqli_query($db, $sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to game location
}
}
// log user in from login page
if(isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty(password)) {
array_push($errors, "Password is required!");
}
if(count($errors) == 0){
$password = md5($password); // Encrypt password before comparing this one with the one in database
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db, $query);
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
} else {
array_push($errors, "Wrong username/password combination");
header('location: ../php/login.php');
}
}
}
//logout
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location: ../php/login.php');
}
?>
Here's my register.php
<?php include('../includes/server.php');?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manager | Register</title>
<link rel="stylesheet" href="../css/reg.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<!-- Display validation errors here! -->
<?php include('../includes/errors.php'); ?>
<form action="register.php" method="post">
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="text" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" name="register" class="btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
The problem is on a different line:
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
}
That $ should not be there in front of the if.
My php signup system won't connect to my locally hosted phpmyadmin database even though I've checked through spelling errors and everything seems like it should work. The header wont change even though it's stated in the PHP sign up script. Nothing is being transferred into my database(which has no errors with it). If someone could tell me what I'm doing wrong that would be great. (P.S. footer.php and header.php are correct and included in the form)
Sign up error handlers and sign up script:
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST)$_POST['first'];
$last = mysqli_real_escape_string($conn, $_POST)$_POST['last'];
$email = mysqli_real_escape_string($conn, $_POST)$_POST['email'];
$username = mysqli_real_escape_string($conn, $_POST)$_POST['username'];
$password = mysqli_real_escape_string($conn, $_POST)$_POST['password'];
//Error handlers
//Check for empty fields
if (empty($first)) || (empty($last)) || (empty($email)) ||
(empty($username)) || (empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check is input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || (!preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_username='username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing the password
$hashedPassword = password_hash($password,
PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_username, user_password) VALUES ('$first', '$last',
'$email', '$username' '$hashedPassword');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
Database connection:
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbServername = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,
$dbServername);
Sign up form(html in a php file):
<?php include_once 'header.php';?>
<section class="main-container">
<div class="wrapper">
<h2>Sign Up</h2>
<form class="Sign" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First Name"><br>
<input type="text" name="last" placeholder="Last Name"><br>
<input type="email" name="email" placeholder="E-mail"><br>
<input type="text" name="username" placeholder="Username"><br>
<input type="password" name="password" placeholder="Password"><br>
<button type="submit" name="">Sign Up!</button><br>
</form>
</div>
</section>
<?php include_once 'footer.php';?>
Please help if you can. It would be much appreciated. Thanks!
Give the name 'submit' to submit button of your HTML Signup Page:
<button type="submit" name="submit">Sign Up!</button>
Change PHP Signup Page POST:
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Change empty values checking of stmt to:
if ( (empty($first)) || (empty($last)) or (empty($email)) || (empty($username)) || (empty($password)) )
Change input characters validity checking if stmt to:
if ( (!preg_match("/^[a-zA-Z]*$/", $first)) || ((!preg_match("/^[a-zA-Z]*$/", $last)) ) )