Im trying to create a sign up page. I followed a guide but its erroring and im presented with a blank screen when i run it. I think i may of misunderstood some code. any help would be greatly appreciated.
<?php
if (isset($_POST['register'])){
if (empty($_POST['email']) &&
(empty($_POST['username']) &&
(empty($_POST['password']) &&
(empty($_POST['re-enter']) &&
(empty($_POST['title']) &&
(empty($_POST['first name']) &&
(empty($_POST['second name']) &&
(empty($_POST['address']) &&
(empty($_POST['postcode']) &&
(empty($_POST['contactnumber'])){
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST[['password'];
$reenter=$_POST['re-enter'];
$title=$_POST['title'];
$firstname=$_POST['firstname'];
$secondname=$_POST['secondname'];
$address=$_POST['address'];
$postcode=$_POST['postcode'];
$contactnum=$_POST['contactnumber'];
if ($password == $reenter) {
$conn = mysqli_connect('127.0.0.1', 'i7266***', 'Winter****', 'i72*****');
$emailquery = "SELECT * FROM UserTable WHERE email = '$email'";
$r = mysqli_query($conn, $emailquery);
$count = mysqli_num_rows($r);
if ($count == 1) {
echo "Email already exists";
} else {
$query = "INSERT INTO UserTable VALUES ('$username', '$password', '$email', '$title', '$firstname', '$secondname', '$address', '$postcode', '$contactnum')";
$run = mysqli_query($conn, $query);
echo "Customer account has been created";
}
} else {
echo "Passwords did not match";
}
} else {
echo "please enter your details to register";
}
}else {
echo "Please enter details to register";
}
?>
<form method="POST" action="">
Email:
<input type="email" name="email"><br>
Username:
<input type="text" name="username"><br>
Password:
<input type="password" name="password"><br>
Re-enter password:
<input type="password" name="re-enter"><br>
Title:
<input type="text" name="title"><br>
First name:
<input type="text" name="firstname"><br>
Second name:
<input type="text" name="secondname"><br>
Address
<input type="text" name="address"><br>
Postcode:
<input type="text" name="postcode"><br>
Contact number
<input type="number" name="contactnumber"><br>
<br>
<input type="submit" name="register" value="Register">
You are not closing the '( )' in the second if in all the evaluations and you have one more of this '[' in $password=$_POST[['password'];
Try this:
<?php
if (isset($_POST['register'])){
if ((empty($_POST['email'])) &&
(empty($_POST['username'])) &&
(empty($_POST['password'])) &&
(empty($_POST['re-enter'])) &&
(empty($_POST['title'])) &&
(empty($_POST['first name'])) &&
(empty($_POST['second name'])) &&
(empty($_POST['address'])) &&
(empty($_POST['postcode'])) &&
(empty($_POST['contactnumber']))){
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
$reenter=$_POST['re-enter'];
$title=$_POST['title'];
$firstname=$_POST['firstname'];
$secondname=$_POST['secondname'];
$address=$_POST['address'];
$postcode=$_POST['postcode'];
$contactnum=$_POST['contactnumber'];
if ($password == $reenter) {
$conn = mysqli_connect('127.0.0.1', 'i7266***', 'Winter****', 'i72*****');
$emailquery = "SELECT * FROM UserTable WHERE email = '$email'";
$r = mysqli_query($conn, $emailquery);
$count = mysqli_num_rows($r);
if ($count == 1) {
echo "Email already exists";
} else {
$query = "INSERT INTO UserTable VALUES ('$username', '$password', '$email', '$title', '$firstname', '$secondname', '$address', '$postcode', '$contactnum')";
$run = mysqli_query($conn, $query);
echo "Customer account has been created";
}
} else {
echo "Passwords did not match";
}
} else {
echo "please enter your details to register";
}
}else {
echo "Please enter details to register";
}
?>
<form method="POST" action="">
Email:
<input type="email" name="email"><br>
Username:
<input type="text" name="username"><br>
Password:
<input type="password" name="password"><br>
Re-enter password:
<input type="password" name="re-enter"><br>
Title:
<input type="text" name="title"><br>
First name:
<input type="text" name="firstname"><br>
Second name:
<input type="text" name="secondname"><br>
Address
<input type="text" name="address"><br>
Postcode:
<input type="text" name="postcode"><br>
Contact number
<input type="number" name="contactnumber"><br>
<br>
<input type="submit" name="register" value="Register">
Hope works for you.
The syntax are fine now but the logic is wrong, as #Niet the Dark Absol says: You are processing the form only if ALL of them ARE empty.
Related
At first, I apologize for the mess of code.
I am new to PHP and I was watching a video and practicing update the password and confirmation. I was able to pass the e-mail validation(empty), however once I tried to submit password and new password along with, it kept showing that I did not fill in the password and the new password.
Could someone help me to review my code? Thank you very much.
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
include ('connection.php');
$errors = array();
if (empty($_POST['email']))
{
$errors[] = 'Require your email! ';
}
else
{
$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
if (empty($_POST['password']))
{
$errors[] = 'Require your password!';
}
else
{
$p = mysqli_real_escape_string($dbc, trim($_POST['password']));
}
if (!empty($_POST['newpass']))
{
if ($_POST['newpass'] != $_POST['conpass'])
{
$errors[] = "Your new password does not match the confirmed password!";
}
else
{
$np = mysqli_real_escape_string($dbc, trim($_POST['newpass']));
}
}
else
{
$errors[] = 'You forgot to enter your new password!';
}
if(empty($errors))
{
$q = "SELECT id FROM users WHERE (email='$e' AND password='$p')";
$r = mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if($num == 1)
{
$row = mysqli_fetch_array($r, MYSQLI_NUM);
$q = "UPDATE users SET password='$np' WHERE id = '$row[0]'";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1 )
{
echo "You have succesfully update your password.";
}
else
{
echo "Your password could not be changed due to a system error, please try again.";
}
mysqli_close($dbc);
}
else
{
echo "The Email and the password were in correct.";
}
}
else
{
echo "Error! The following error(s) occured: <br />";
foreach($errors as $msg)
{
echo $msg."<br />";
}
}
}
?>
<h1>Change Password</h1>
<form action="update.php" method="post">
<p>Email: <input type="text" name="email" size="20" maxlenght="30" value="<?php if(isset($_POST['email'])){echo $_POST['email'];} ?>" /></p>
<p>Current Password: <input type="password" name"password" size="20" maxlength="30" value="<?php if(isset($_POST['password'])){echo $_POST['password'];} ?>" /></p>
<p>New Password: <input type="password" name"newpass" size="20" maxlength="30" value="<?php if(isset($_POST['newpass'])){echo $_POST['newpass'];} ?>" /></p>
<p>Confirm Password: <input type="password" name"conpass" size="20" maxlength="30" value="<?php if(isset($_POST['conpass'])){echo $_POST['conpass'];} ?>" /></p>
<p><input type="submit" name="submit" value="Change Password" /></p>
</form>
You have syntax errors in your HTML code.
You missed = signs at these lines:
<input type="password" name"password" ...
should be <input type="password" name = "password"
<input type="password" name"newpass" ...
should be <input type="password" name = "password"
<input type="password" name"conpass" ...
should be <input type="password" name = "conpass"
The name tag is important for GET and POST methods. Thats what allows data to be sent from the input fields to the server.
OK, here is updated version of your code:
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
include ('connection.php');
$errors = array();
$email=trim($_POST['email']);
$password=trim($_POST['password']);
$newpass=trim($_POST['newpass']);
$conpass=trim($_POST['conpass']);
if (empty($email)) {
$errors[] = 'Require your email! ';
} else {
$e = mysqli_real_escape_string($dbc, $email);
}
if (empty($password)) {
$errors[] = 'Require your password!';
} else {
$p = mysqli_real_escape_string($dbc, $password);
}
if (!empty($newpass)) {
if ($newpass != $conpass){
$errors[] = "Your new password does not match the confirmed password!";
} else {
$np = mysqli_real_escape_string($dbc, $newpass));
}
} else {
$errors[] = 'You forgot to enter your new password!';
}
if(empty($errors)){
$q = "SELECT `id` FROM `users` WHERE (`email` LIKE '$e' AND `password` LIKE '$p') LIMIT 0, 1";
$r = mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if($num == 1){
$row = mysqli_fetch_array($r, MYSQLI_NUM);
$q = "UPDATE `users` SET `password` LIKE '$np' WHERE `id = '$row[0]'";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1 ){
echo "You have succesfully update your password.";
} else {
echo "Your password could not be changed due to a system error, please try again.";
}
mysqli_close($dbc);
} else {
echo "The Email and the password were in correct.";
}
} else {
echo "Error! The following error(s) occured: <br />";
foreach($errors as $msg){
echo $msg."<br />";
}
}
}
First before empty() check you need to trim() POST's, Also in MySQL query strings you need to search with LIKE for password and email, not = becouse that is string not integer.
Also:
<p>Email: <input type="text" name="email" size="20" maxlenght="30" value="<?php if(isset($_POST['email'])){echo $_POST['email'];} ?>" /></p>
<p>Current Password: <input type="password" name="password" size="20" maxlength="30" value="<?php if(isset($_POST['password'])){echo $_POST['password'];} ?>" /></p>
<p>New Password: <input type="password" name="newpass" size="20" maxlength="30" value="<?php if(isset($_POST['newpass'])){echo $_POST['newpass'];} ?>" /></p>
<p>Confirm Password: <input type="password" name="conpass" size="20" maxlength="30" value="<?php if(isset($_POST['conpass'])){echo $_POST['conpass'];} ?>" /></p>
<p><input type="submit" name="submit" value="Change Password" /></p>
You forgot to put = after name attributes.
I'm trying to make a simple register and login form.
I want to use SHA1 to save the encrypted password in database.
But when I try to login with the password, it seems it does not work.
There are three files - index.php, register.php ,login.php
Please help me to solve this problem.
//index.php
<form action="register.php" method="post" enctype="multipart/form-data">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Register</button>
</form>
<form action="login.php" method="post">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Login</button>
</form>
//register.php
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$regist_day=date('d-m-Y (H:i)');
if (!empty($email) && !empty($password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "INSERT INTO member(email,password,regist_day)";
$sql .= "VALUES ('$email',SHA1('$password'),'$regist_day')";
mysqli_query($dbc,$sql);
echo("
<script>
location.href='try.php'
</script>
") ;
}
else{
echo "You need to enter Email and Password";
}
?>
//login.php
<?php
$user_email = $_POST['email'];
$user_password = SHA1($_POST['password']);
if (!empty($user_email) && !empty($user_password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "SELECT * FROM member WHERE email = '$user_email'";
$result = mysqli_query($dbc,$sql);
$num_match = mysqli_num_rows($result);
if (!$num_match) {
echo "No result";
}
else{
$sql = "SELECT * FROM member WHERE password = '$user_password' ";
$result = mysqli_query($dbc,$sql);
$password_match = mysqli_num_rows($result);
if (!$password_match) {
echo "SHA1 does not work";
exit;
}
else{
echo"success";
}
}
}
else{
echo "You need to enter both Email and Password";
}
?>
I am working on this registration system where I have a captcha control at the end. I have error reporting included, no error appears. Output page says capcha successfull. While I can see in DB no data being inserted..
Form:
<h2>Registration Form</h2>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
PHP:
include 'db_connect.php';
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
if ($username=='')
{
echo 'Please choose an username for yourself.';
exit();
}
if ($password1=='')
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if ($password2=='')
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if ($name=='')
{
echo 'Please enter your first and the last name.';
exit();
}
if ($phone=='')
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if ($email=='')
{
echo 'Please enter your email address.';
exit();
}
//duplicate Entry Validation
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
//Data Insertion
$query = "insert into users (username,password,name,phone,email) value ('$username','$password1','$name','$phone','$email')";
if(mysql_query($query)) {
echo "Registration Successfull";
}
}
//Captcha Validation
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
?>
MySQL is deprecated already, you should use MySQLi instead. Try this:
PHP:
<?php
/* ESTABLISH CONNECTION */
session_start();
$con=mysqli_connect("YouHost","YouUsername","YourPassword","YourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
if (isset($_POST['register'])) { /* THIS SHOULD BE register, BECAUSE YOU NAMED YOUR SUBMIT BUTTON register, NOT submit */
$username = mysqli_real_escape_string($con,$_POST['username']);
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password2 = mysqli_real_escape_string($con,$_POST['password2']);
$name = mysqli_real_escape_string($con,$_POST['name']);
$phone = mysqli_real_escape_string($con,$_POST['phone']);
$email = mysqli_real_escape_string($con,$_POST['email']);
/* YOU SHOULD PRACTICE USING ESCAPE_STRING TO PREVENT SOME OF SQL INJECTIONS */
if (empty($username))
{
echo 'Please choose a username for yourself.';
exit();
}
if (empty($password1))
{
echo 'Oops, looks like you forgot to enter the password. Please enter the password.';
exit();
}
if (empty($password2))
{
echo 'Oops, looks like you forgot to re-enter the password. Please enter the password.>';
exit();
}
if (empty($name))
{
echo 'Please enter your first and the last name.';
exit();
}
if (empty($phone))
{
echo 'Please enter your house phone or mobile number.';
exit();
}
if (empty($email))
{
echo 'Please enter your email address.';
exit();
}
/* duplicate Entry Validation */
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysqli_query($con,$check_email);
if(mysqli_num_rows($run)>0) {
echo "Alert('Email $email already exist in our database!)";
exit();
}
/* Data Insertion. YOU SHOULD ALSO CONSIDER IF THE PASSWORD 1 AND 2 ARE THE SAME */
if($password1==$password2 && !empty($username) && !empty($name) && !empty($phone) && !empty($email)){ /* IF PASSWORD1 IS THE SAME WITH PASSWORD2 */
/* INSERT QUERY */
$query = mysqli_query($con,"INSERT INTO users (username,password,name,phone,email) VALUES ('$username','$password1','$name','$phone','$email')");
echo "Registration Successfull";
} /* END OF IF PASSWORD1 IS EQUALS TO PASSWORD2 */
else {
echo "Alert('Password is not the same.')";
exit();
}
/* Captcha Validation */
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect Captcha Code Entered.</strong>';
} else {
echo '<strong>Captcha Verification successful.</strong>';
};
} /* END OF ISSET SUBMIT */
?>
Your HTML file:
<html>
<body>
<h2>Registration Form</h2>
<form action='YourPHPFile' method='POST'>
Username:<input type="text" name="username" id="username" size="5" class="username" />
Password:<input type="password" name="password1" id="password" />
Repeat Password:<input type="password" name="password2" id="password" />
Full Name:<input type="text" name="name" id="username" class="username" / >
Mobile/Phone:<input type="text" name="phone" id="username" class="username" />
Email Address:<input type="text" name="email" id="username" class="username" />
<img src="captcha.php"><input type="text" name="vercode" />
<input type="submit" name="register" id="button" value="Sign Up" />
</form>
</body>
</html>
I'd like to know if there are any errors/exploits in this piece of coding, and also can someone help me because I register but it doesn't insert data into the database. If there are any mistakes can you correct them please. I want it so if the username exists, redirect them to error?=1, and so on with passwords not matching. Any help is appreciated.
Register.php
<form action="register_acc.php" method="post">
<input type="text" name="username" class="input" value="" autocomplete="off" placeholder="Username" maxlength="25" /><br />
<br />
<input type="password" name="password" class="input" value="" autocomplete="off" placeholder="Password" maxlength="20" /><br />
<br />
<input type="password" name="password2" class="input" value="" autocomplete="off" placeholder="Password again" maxlength="20" /><br />
<br />
<input type="text" name="email" class="input" value="" autocomplete="off" placeholder="Email" maxlength="255" /><br />
<br />
<input type="submit" name="submit "class="submit" value="Sign up">
</form>
register_acc.php
<?php
error_reporting(1);
include 'site/inc/config.php';
if (isset($_POST['submit'])) {
session_start();
$username = $_POST['username'];
$password = md5($_POST['password']);
$pass_conf = md5($_POST['password2']);
$email = $_POST['email'];
$ip = $_SERVER['REMOTE_ADDR'];
$date= date("d-m-Y");
$q = "SELECT * FROM `users` WHERE username = '$username'";
$r = mysql_query($q);
if (empty($username)) {
header("Location: register.php?error=1");
exit;
}
if ($password != $pass_conf) {
header("Location: /site/register.php?error=2");
exit;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: /site/register.php?error=3");
exit;
}
if (mysql_num_rows($r) == 0) {
// Continue w/ registration, username is available!
$query = "INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
VALUES (0, '$username', '$password', '$email', '$ip', 1, '$date'())";
$run = mysql_query($query);
header("Location: /site/register.php?succsess=1");
}
}
else {
header("Location: register.php?error=4");
}
?>
You don't concatenate the $username variable into the query.
Try this:
"SELECT * FROM `users` WHERE username = '".$username."'"
Also your INSERT query looks a bit weird with the date() function. Try this:
$date = date("Y-m-d");
"INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
VALUES (0, '$username', '$password', '$email', '$ip', 1, '".$date."')"
EDIT: SCRIPT EXAMPLE
<?php
if(!isset($_POST['username'])||!isset($_POST['email'])||!isset($_POST['password']))//enter more values if necessary
{
header("Location: error_page.php?error=1");
}
else
{
//do whatever, eg execute query
}
?>
I am a beginner PHP coder. I want it to be if when they register for my php code, it echos "You have been registered", instead of just showing a blank page. This is my code:
<?php
require('config.php');
if(isset($_POST['submit'])){
//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Carry on.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`,
`pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1',
'$pass1')");
}else{
echo "Sorry, your passwords do not match<br><br>";
exit();
}
}else{
echo "Sorry, your emails do not match.<br><br>";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
As you can see, there is no echo for if everything works. Please help me add an echo if they're registrations gets registered!!
Just check the return of the insert query.
$result = mysql_query("INSERT ...");
if ($result) {
echo "Created!";
} else {
echo "Uh oh! Something went wrong!";
}
In your case - You could just type:
echo "Congratulations, You've been submitted";
or whatever you want to say just under the insert statement
before the last
}else{
in your code put
echo "You have signed up";
and that's it :)