My php signup system won't connect to my locally hosted phpmyadmin database even though I've checked through spelling errors and everything seems like it should work. The header wont change even though it's stated in the PHP sign up script. Nothing is being transferred into my database(which has no errors with it). If someone could tell me what I'm doing wrong that would be great. (P.S. footer.php and header.php are correct and included in the form)
Sign up error handlers and sign up script:
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST)$_POST['first'];
$last = mysqli_real_escape_string($conn, $_POST)$_POST['last'];
$email = mysqli_real_escape_string($conn, $_POST)$_POST['email'];
$username = mysqli_real_escape_string($conn, $_POST)$_POST['username'];
$password = mysqli_real_escape_string($conn, $_POST)$_POST['password'];
//Error handlers
//Check for empty fields
if (empty($first)) || (empty($last)) || (empty($email)) ||
(empty($username)) || (empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check is input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || (!preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_username='username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing the password
$hashedPassword = password_hash($password,
PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_username, user_password) VALUES ('$first', '$last',
'$email', '$username' '$hashedPassword');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
Database connection:
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbServername = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,
$dbServername);
Sign up form(html in a php file):
<?php include_once 'header.php';?>
<section class="main-container">
<div class="wrapper">
<h2>Sign Up</h2>
<form class="Sign" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First Name"><br>
<input type="text" name="last" placeholder="Last Name"><br>
<input type="email" name="email" placeholder="E-mail"><br>
<input type="text" name="username" placeholder="Username"><br>
<input type="password" name="password" placeholder="Password"><br>
<button type="submit" name="">Sign Up!</button><br>
</form>
</div>
</section>
<?php include_once 'footer.php';?>
Please help if you can. It would be much appreciated. Thanks!
Give the name 'submit' to submit button of your HTML Signup Page:
<button type="submit" name="submit">Sign Up!</button>
Change PHP Signup Page POST:
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Change empty values checking of stmt to:
if ( (empty($first)) || (empty($last)) or (empty($email)) || (empty($username)) || (empty($password)) )
Change input characters validity checking if stmt to:
if ( (!preg_match("/^[a-zA-Z]*$/", $first)) || ((!preg_match("/^[a-zA-Z]*$/", $last)) ) )
Related
I need some help to solve this problem.
I currently have a website with a database attached with myphpadmin/sql.
I have a register site that redirects users to this url when the registration fields are empty. (http://localhost/register.php?signup=empty)
the problem i am have is that when i try to login on my login page, i want the user to be redirected to this these two url's when an error or empty fields occures. (index.php?login=empty) and (index.php?login=error). But instead i get redirected to (http://localhost/register.php?signup=empty).
Therefore i think that my buttons on the login page are linked to something that aint right?? But i really cant seeem to solve the problem. So any help would be appreciated.
This is my code.
INDEX.php
<?php session_start(); ?>
<!DOCTYPE html <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="stylesheet.css" />
<title>CSS Login form</title>
</head>
<body>
<div class="login">
<form action="login.php" method="POST">
<input type="text" name="name" placeholder="Username" id="name">
<input type="password" name="password" placeholder="Password" id="password">
<input type="submit" name="submit" value="Sign In">
<input type="button" value="Sign Up" onclick="location.href='register.php';" />
</div>
</body>
</html>
LOGIN.php
<?php session_start();
if (isset($_POST['submit']))
{
include 'dbh.inc.php';
include 'register.php';
$name = mysqli_real_escape_string($conn, $POST['name']);
$password = mysqli_real_escape_string($conn, $POST['password']);
//check inputs
if (empty($name) || empty($password)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_name='$name'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resulstCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//de-hashing password
$hashedPasswordCheck = password_verify($password, $row['user_password']);
if ($hashedPasswordCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPasswordCheck == true) {
//If true log the user in
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_phone'] = $row['user_phone'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_zip'] = $row['user_zip'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
REGISTER.php
<?php if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$phone = mysqli_real_escape_string($conn, $_POST['phone']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$zip = mysqli_real_escape_string($conn, $_POST['zip']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
header("Location: ../register.php?signup=empty");
exit();
} else {
if (
!preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
!preg_match("/[^#]+#[^#]+\.[^#]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
!preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
) {
header("Location: ../register.php?signup=invalid");
exit();
} else {
//Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_id='$user_id'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing of the Password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user to database
$sql = "INSERT INTO users (user_name, user_phone, user_email,
user_zip, user_password) VALUES ('$name', '$phone', '$email',
'$zip', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
?>
<!DOCTYPE HTML>
<html>
<head></head>
<body>
<form class=”this.html” method="POST">
<label for="name" style="color: blue;">name</label>
<br>
<input type="text" name="name" id="name" />
<br>
<label for="password">password</label>
<br>
<input type="password" name="password" id="password" />
<br>
<label for="phone">phone number</label>
<br>
<input type="text" name="phone" id="phone" />
<br>
<label for="email">email adress</label>
<br>
<input type="text" name="email" id="email" />
<br>
<label for="zip">zip code</label>
<br>
<input type="text" name="zip" id="zip" />
<br>
<button type="submit" name="submit">Sign up</button>
</form>
</body>
</html>
On the top of login.php you
include 'register.php';
The consequence is, that register.php gets executed, it sees the missing empty($name) || empty($phone)... and redirects to header("Location: ../register.php?signup=empty");
The simple solution: remove that include 'register.php';
Hy :) Basically i am struggling with the same Problem as this Boy over here: PHP Sign-up Form Not Working - I think we were going through the same youtube tutorial :D
unfortunately i could not comment on this topic, that is why i am opening a new one. The thing is that my signup.php should be correct (at least the inputs right?) , but i am very likely to overlook things:
Thi signup.php File:
<?php
include_once 'header.php';
?>
<section class="main-container">
<div class="main-wrapper">
<h2>Sign up</h2>
<form class="signup-form" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="Firstname">
<input type="text" name="last" placeholder="Lastname">
<input type="text" name="email" placeholder="E-Mail">
<input type="text" name="uid" placeholder="Username">
<input type="password" name="pwd" placeholder="Password">
<button type="submit" name="submit">Sign up</button>
</form>
</div>
</section>
<?php
include_once 'footer.php';
?>
When I type in information, it keeps on displaying me signup.php?signup=empty.
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error Handlers
//Check for empty fieldset
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}
else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
// Check if E-Mail is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
}
else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
else {
// Hashing the Password (verschlüsseln)...
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the User into the Database
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else {
header("Location: ../signup.php");
exit();
}
Thank you very much in advance for any hint on this.
Best, Chris
update:
When adding following to the Code:
exit(var_dump(empty($first), empty($last), empty($email), empty($uid), empty($pwd)));
it returns
bool(true) bool(true) bool(true) bool(true) bool(true)
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
I'am trying to create register/login system. However, I've faced some problems. I can't understand where's the mistake in my code.
Here's my server.php & register.php. Browser shows that mistake is in line 65. "Parse error: syntax error, unexpected ';'". In my opinion ; must be there.
<?php
session_start();
$username = "";
$email = "";
$errors = array();
// Connect to the database
$db = mysqli_connect('localhost', 'root', '', 'lead2pro');
// If the register button is clicked
if(isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db ,$_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty($email)) {
array_push($errors, "Email is required!");
}
if(empty($password_1)) {
array_push($errors, "Password is required!");
}
if($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// If there are no errors, save user to database
if(count($errors) == 0) {
$password = md5($password_1); // Hashin the password before storing in database
$sql = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')";
mysqli_query($db, $sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to game location
}
}
// log user in from login page
if(isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty(password)) {
array_push($errors, "Password is required!");
}
if(count($errors) == 0){
$password = md5($password); // Encrypt password before comparing this one with the one in database
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db, $query);
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
} else {
array_push($errors, "Wrong username/password combination");
header('location: ../php/login.php');
}
}
}
//logout
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location: ../php/login.php');
}
?>
Here's my register.php
<?php include('../includes/server.php');?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manager | Register</title>
<link rel="stylesheet" href="../css/reg.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<!-- Display validation errors here! -->
<?php include('../includes/errors.php'); ?>
<form action="register.php" method="post">
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="text" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" name="register" class="btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
The problem is on a different line:
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
}
That $ should not be there in front of the if.
I created a registration.php a login user.php an error.php and a server.php which errors validate and server connects my php form to database. login.php is working as is saying wrong id and/or password while registration form not working. When I click submit its just like refreshing and nothing its saved to database. Trying 3 days and can't figure why. maybe its my p.c problem? I'm working with XAMPP and phpmyadmin and dreamweaver.
here is my register.php.
<?php include('server.php') ?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Registration Form</title>
<link rel="stylesheet" type="text/css" href="forms.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="input-group">
<label>Name:</label>
<input type="text" name="name">
</div>
<div class="input-group">
<label>Surname:</label>
<input type="text" name="surname">
</div>
<div class="input-group">
<label>Password:</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Paswword:</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<label>Student ID:</label>
<input type="text" name="studentid">
</div>
<div class="input-group">
<label>Email:</label>
<input type="text" name="email">
</div>
<div class="input-group">
<label>Course:</label>
<input type="text" name="course">
</div>
<div class="input-group">
<center><button type="submit" name="register" class="btn">Register</button></center>
</div>
<p>
Already a registered student? Sign in
</p>
</form>
</body>
</html>
and this is my server.php
<?php
session_start();
// variable declaration
$name = "";
$surname = "";
$email = "";
$studentid = "";
$password_1 ="";
$password_2 = "";
$course = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'registration');
// if register button clicked receive all inputs from the form
if (isset($_POST['reg_user'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$surname = mysqli_real_escape_string($db, $_POST['surname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$studentid = mysqli_real_escape_string($db, $_POST['studentid']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_1 = md5($password_1);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$password_2 = md5($password_2);
$course = mysqli_real_escape_string($db, $_POST['course']);
// ensure that form fields are filled properly
if (empty($name)) {
array_push($errors, "Name is required");
}
if (empty($surname)) {
array_push($errors, "Surame is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($studentid)) {
array_push($errors, "Student ID is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if (empty($course)) {
array_push($errors, "Course is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
if (count($errors) == 0) {
$password = md5($password_1); //encrypt the password before saving in the database
$query = "INSERT INTO users (id, name, surname, email, studentid, password, course)
VALUES(0,'$name','$surname', '$email', '$studentid' '$password', '$course')";
mysqli_query($db, $query);
$_SESSION['studentid'] = $studentid;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
// login user
if (isset($_POST['login_user'])) {
$studentid = mysqli_real_escape_string($db, $_POST['studentid']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($studentid)) {
array_push($errors, "Student ID is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE studentid='$studentid' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['studentid'] = $studentid;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong Student ID or Password. Please try again.");
}
}
}
?>
database
you button name is different from the one in php
//previous code button clicked for register
if (isset($_POST['reg_user'])) {}
instead of
//button clicked for register
if (isset($_POST['register'])) {}
and also your query
if your "id" an auto increment, leave it blank rather put 0, you can also do as follow
$query = "INSERT INTO users (name, surname, email, studentid, password,
course)VALUES('$name','$surname', '$email', '$studentid' '$password', '$course')";
UPDATED TO HELP ANYONE WITH SIMILAR ISSUE
For anyone that may have similar code challenge, please check if every semi column, comma and dot are where they should be.
You can debug also by echoing out the values to know where the problem is probably coming from.
Also read through the comments you might pick up what you need from there.
Hope this helped.
Problem is in your Query You take surname instead of username.
Change Query
From this
$query = "INSERT INTO users (name, surname, email, studentid, password, course)
VALUES(0,'$name','$surname', '$email', '$studentid' '$password', '$course')";
To this
$query = "INSERT INTO users (id, name, surname, email, studentid, password, course)
VALUES('$name','$username', '$email', '$studentid' '$password', '$course')";
And there are lots of spelling mistake in code. kindly fill relax and check all spelling.
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 5 years ago.
I made a simple sign up system with PHP and phpmyadmin. However, every time I try to enter text into my inputs and press submit, it comes up as a syntax error that says "Parse error: syntax error, unexpected '{' in C:\wamp64\www\includes\signup.inc.php on line 15"
Nothing is showing up in my database and I could use some help.
(P.S. I use a wamp server if that has any relevance)
Sign up PHP script(signup.inc.php)
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
//Error handlers
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($username) ||
/*LINE 15 THE ERROR IS REFERRING TO*/ (empty($password)) {
header('Location: ../signup.php?signup=empty');
exit();
} else {
//Check is input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || (!preg_match("/^[a-zA-
Z]*$/", $last)) {
header('Location: ../signup.php?signup=invalid');
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header('Location: ../signup.php?signup=empty');
exit();
} else {
$sql = "SELECT * FROM users WHERE user_username='username'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header('Location: ../signup.php?signup=usertaken');
exit();
} else {
//Hashing the password
$hashedPassword = password_hash($password,
PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_username, user_password) VALUES ('$first', '$last',
'$email',
'$username' '$hashedPassword');";
mysqli_query($conn, $sql);
header('Location: ../signup.php?signup=success');
exit();
}
}
}
}
} else {
header('Location: ../signup.php');
exit();
}
Database connection(dbh.inc.php)
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbServername = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,
$dbServername);
Sign up form(html in PHP file)(signup.php)
<?php include_once 'header.php';?>
<section class="main-container">
<div class="wrapper">
<h2>Sign Up</h2>
<form class="Sign" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First Name"><br>
<input type="text" name="last" placeholder="Last Name"><br>
<input type="email" name="email" placeholder="E-mail"><br>
<input type="text" name="username" placeholder="Username"><br>
<input type="password" name="password" placeholder="Password"><br>
<button type="submit" name="submit">Sign Up!</button><br>
</form>
</div>
</section>
<?php include_once 'footer.php';?>
Help would be much appreciated. Thanks!
Its is just a simple typo, so you are missing the closing ) in the if statement.
Change to this
if (empty($first) || empty($last) || empty($email) || empty($username) ||
empty($password) ) {
header('Location: ../signup.php?signup=empty');
exit();
} else {
....