The following is a "forgot password" script I have on my site. I have one MYSQL table where I store the email addresses of users. It is called 'members' and has 2 columns: 'user' (users' email addresses) and 'pass' (their passwords).
The email address adamjwilkins1604#gmail.com exists in the members table. When I input this email address in the forgot password form, I get this error. I am having a lot of trouble debugging this.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com' at line 1
Forgot password script:
<?php // forgot_password.php
include_once 'header.php';
if (isset($_POST['submitted']))
{ // Handle the form.
if (empty($_POST['email']))
{
$uid = FALSE;
echo 'You forgot to enter your registered email address!';
}
else
{
// Check for the existence of the inputted email address.
$email = trim(sanitizeString($_POST['email']));
$result = queryMysql("SELECT user FROM members WHERE user='$email'");
if (mysql_num_rows($result) == 1)
{
// Retrieve the user's email address
list($uid) = mysql_fetch_array ($result, MYSQL_NUM);
}
else
{
echo '<p><font color="red" size="+1">The submitted email address does not match those on file!</font></p>';
$uid = FALSE;
}
}
if ($uid)
{
$p = substr(md5(uniqid(rand(),1)),3,10);
$result = queryMysql("UPDATE members SET pass=SHA('$p') WHERE user = $uid");
if (mysql_affected_rows() == 1)
{
// If it ran OK, send an email.
$email = trim(sanitizeString($_POST['email']));
$body = "Your password has been temporarily changed to '$p'. Please log in using this password and your username.";
mail ($email, 'Your temporary password.', $body, 'From: admin#mywebsite.com');
echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking on the "change password" link.</h3>';
mysql_close(); // Close the database connection.
}
else
{
// If it did not run OK.
echo '<p><font color="red" size="+1">Your password could not be changed due to a system error. We apologize for any inconvenience.</font></p>';
}
}
else // Failed the validation test.
{
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}
} // End of the main Submit conditional.
?>
<h1>Reset Your Password</h1>
<p>Enter your email address below and your password will be reset.</p>
<form action="forgot_password.php" method="post">
<fieldset>
<p><b>Your registered email address:</b> <input type="text" name="email" size="20" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
</fieldset>
<div align="center"><input type="submit" name="submit" value="Reset My Password" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</div>
You forgot to quote $uid in your UPDATE statement. And you forgot to escape it as well.
Related
I am not sure why I am getting the following errors for my code, I would be grateful if someone could explain it to me.
Managed to reduce all errors other than this one, I think the code is failing to check if the email is already registered but not sure why.
if (empty($_POST['email']))
{$errors[] = 'Please enter your email.';}
else
{$e = mysqli_real_escape_string($dbc,
trim($_POST['email']));}
if (empty($errors))
{
$q = "SELECT user_id FROM users WHERE email='$e'";
$r = mysqli_query ($dbc,$q);
if (mysqli_num_rows($r) != 0)
{$errors[] = 'Email address already registered.
Login';}
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in C:\Abyss Web Server\htdocs\register1.php on line 59
<!DOCTYPE HTML>
<html lang="en">
<head><meta charset="UTF-8">
<title>Surf Shop Registration</title>
</head>
<body>
<?php
$page_title = 'Register';
include ('includes/header.html');
# conditional test to only execute contained statements if form has been submitted.
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
# statements to be inserted here.
# open database connection and initialise array for error messages.
require ('../surfshop_db.php');
$errors = array();
# stores error msg if firstname field remains empty, or store value in a variable.
if (empty($_POST['first_name']))
{$errors[] = 'Please enter your first name.';}
else
{$fn = mysqli_real_escape_string($dbc,
trim($_POST['first_name']));}
# stores error msg if lastname field remains empty, or store value in a variable.
if (empty($_POST['last_name']))
{$errors[] = 'Please enter your last name.';}
else
{$ln = mysqli_real_escape_string($dbc,
trim($_POST['last_name']));}
# stores error msg if email field remains empty, or store value in a variable.
if (empty($_POST['email']))
{$errors[] = 'Please enter your email.';}
else
{$e = mysqli_real_escape_string($dbc,
trim($_POST['email']));}
# stores password as a variable if both password fields match, or store an error msg if not matching or first field is empty.
if (!empty($_POST['pass1']))
{
if ($_POST['pass1'] != $_POST['pass2'])
{$errors[] = 'Passwords do not match.';}
else
{$p = mysqli_real_escape_string($dbc,
trim($_POST['pass1']));}
}
else {$errors[] = 'Please enter your password.';}
# stores error msg if email already exists in database.
if (empty($errors))
{
$q = "SELECT user_id FROM users WHERE email='$e'";
$r = mysqli_query ($dbc,$q);
if (mysqli_num_rows($r) != 0)
{$errors[] = 'Email address already registered.
Login';}
}
# stores user data in database and displays a confirmation message when registration is successful, closes the database connection and includes a page footer as well as exit the script.
if (empty($errors))
{
$q = "INSERT INTO users
(first_name, last_name, email, password, reg_date)
VALUES ('$fn', '$ln', '$e', SHA1('$p'), NOW())";
$r = mysqli_query ($dbc,$q);
if ($r)
{
echo '<h1>Registered!</h1>
<p>You are now registered.</p>
<p>Login</p>';
}
mysqli_close($dbc);
include ('includes/footer.html');
exit();
}
# displays all stored error msg when registration fails and closes database connection.
else
{
echo '<h1>Error!</h1>
<p id="err_msg">The following error(s) occurred:<br>';
foreach ($errors as $msg)
{
echo " -$msg<br>";
}
echo 'Please try again.</p>';
mysqli_close($dbc);
}
}
?>
<!--Sticky HTML form-->
<h1>Register</h1>
<form action="register1.php" method="POST">
<p>
First Name: <input type="text" name="first_name"
value="<?php if (isset($_POST['first_name']))
echo $_POST['first_name'];?>">
Last Name: <input type="text" name="last_name"
value="<?php if (isset($_POST['last_name']))
echo $_POST['last_name'];?>">
</p><p>
Email Address: <input type="text" name="email"
value="<?php if (isset($_POST['email']))
echo $_POST['email'];?>">
</p><p>
Password: <input type="password" name="pass1"
value="<?php if (isset($_POST['pass1']))
echo $_POST['pass1'];?>">
Confirm Password: <input type="password" name="pass2"
value="<?php if (isset($_POST['pass2']))
echo $_POST['pass2'];?>">
</p><p>
<input type="submit" value="Register"> </p>
</form>
<?php include ('includes/footer.html');?>
</body>
</html>
I have a table and one of the field is TempPass which is blank for all users. When user requests to change the password, instead of updating their existing password, my script adds the temporary password which is emailed to the user, to the TempPass field using SHA. The following line shows the change:
$query = "UPDATE users SET TempPass=SHA('$p') WHERE UserID=$uid";
I save the password during registration using the following line:
$password = md5(mysql_real_escape_string($_POST['password']));
The following if my HTML file:
<?php include "config.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="theStylesScripts/lostPassStyle.css" type="text/css" media="all" />
<title>Reset Password</title>
</head>
<body>
<?php
include("mailerClass/class.phpmailer.php");
include("mailerClass/class.smtp.php");
if (isset($_POST['submitted'])) { // Handle the form.
if (empty($_POST['email'])) { // Validate the email address.
$uid = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
}
if (empty($_POST['temppass'])) { // Validate the email address.
$uid = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your temporary password!</font></p>';
}
if (empty($_POST['newpass'])) { // Validate the email address.
$uid = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your new password!</font></p>';
}
else {
// Check for the existence of that email address.
$query = "SELECT UserID FROM users WHERE EmailAddress='". mysql_real_escape_string($_POST['email']) . "'";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
if (mysql_num_rows($result) == 1) {
// Retrieve the user ID.
list($uid) = mysql_fetch_array ($result, MYSQL_NUM);
}
else {
echo '<p><font color="red" size="+1">The submitted email address does not match those on file!</font></p>';
$uid = FALSE;
}
}
if ($uid) { // If everything’s OK.
// Make the query.
$query = "THIS IS THE QUERY THAT WILL COMPARE THE USEREMAIL WITH THE TEMPORARY PASSWORD ASSIGNED AND EMAILED TO WHAT THE USER ENTERED IN THE FORM";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
if ("USEREMAIL WITH THE AUTO ASSIGNED TEMPORARY PASSWORD MATCHES WITH THE TEMPORARY PASSWORD ENTERED BY THE USER") { // If it ran OK.
$query = "THIS IS THE QUERY THAT WILL UPDATE THE EXISTING PASSWORD WITH THE NEW PASSWORD ENTERED BY USER";
$query = "SET TEMPPASS BACK TO NULL FOR THAT USERID";
echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking on the "Change Password" link.</h3>';
mysql_close(); // Close the database connection.
//include (‘./includes/footer.html’); // Include the HTML footer.
exit();
} else { // If it did not run OK.
echo '<p><font color="red" size="+1">Your password could not be changed due to a system error. We apologize for any inconvenience.</font></p>';
}
}
else { // Failed the validation test.
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}
} // End of the main Submit conditional.
?>
<h1>Reset Your Password</h1>
<p>Enter your email address below and your password will be reset.</p>
<form action="resetPass.php" method="post">
<fieldset>
<p><b>Email Address:</b> <input type="email" name="email" size="20" maxlength="40" value="" /></p>
<p><b>Temporary Password:</b> <input type="text" name="temppass" size="20" maxlength="40" value="" /></p>
<p><b>New Password:</b> <input type="text" name="newpass" size="20" maxlength="40" value="" /></p>
</fieldset>
<div align="center"><input type="submit" name="submit" value="Create New Password" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</div>
</body>
</html>
How do I modify the following codes to achieve what I am looking to do:
if ($uid) { // If everything’s OK.
// Make the query.
$query = "THIS IS THE QUERY THAT WILL COMPARE THE USEREMAIL WITH THE TEMPORARY PASSWORD ASSIGNED AND EMAILED TO WHAT THE USER ENTERED IN THE FORM";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
if ("USEREMAIL WITH THE AUTO ASSIGNED TEMPORARY PASSWORD MATCHES WITH THE TEMPORARY PASSWORD ENTERED BY THE USER") { // If it ran OK.
$query = "THIS IS THE QUERY THAT WILL UPDATE THE EXISTING PASSWORD WITH THE NEW PASSWORD ENTERED BY USER";
$query = "SET TEMPPASS BACK TO NULL FOR THAT USERID";
echo 'password changed';
mysql_close(); // Close the database connection.
exit();
} else { // If it did not run OK.
echo 'no change. error';
}
}
Also, should I save the new password in md5 format?
Please note: I will be updating to mysqli soon.
if ($uid) { // If everything’s OK.
// Make the query.
$query = "SELECT * FROM users WHERE EmailAddress='".mysql_real_escape_string($_POST['email'])."' AND TempPass='".mysql_real_escape_string($_POST['temppass'])."'";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
if (mysql_row_count($result)==1) { // If it ran OK.
$query = "UPDATE users SET password=SHA2('".mysql_real_escape_string($_POST['newpass'])."',512) WHERE EmailAddress='".mysql_real_escape_string($_POST['email'])."'";
$query = "UPDATE users SET TempPass='' WHERE EmailAddress='".mysql_real_escape_string($_POST['email'])."'";
echo 'password changed';
mysql_close(); // Close the database connection.
exit();
} else { // If it did not run OK.
echo 'no change. error';
}
}
It's not secure to store new passwords in MD5, because it has been cracked, use some other hashing like SHA512.
Below is my code for register.php on my website. This code allows the user to register for my website, creating a MySQL entry for username, email, password, etc. on clicking the submit button.
The button is named "reg" and uses a $_POST. Upon clicking the submit button the PHP code runs through multiple if statements to ensure the information the user entered is valid and does not preexist.
If a user exists, or an error is made in submission it sets PHP variable $errormessage and is supposed to echo it out. Right now, my SUBMIT button does not act like it is being pressed. No error messages, no SQL row is inserted, nothing.
<?php
if( $_POST['reg']){
/* Make sure values are correct and valid */
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['password'];
$getrepass = $_POST['retypepassword'];
/* Check to see if username entererd */
if($getuser){
/* Check to see if email entererd */
if($getemail){
/* Check to see if password entererd */
if($getpass){
/* Check to see if retyped password entererd */
if($getrepass){
/* Check to see if passwords are the EXACT same */
if($getpass === $getrepass){
/* Check to see if VALID email is entered */
if( (strlen($getemail) >= 7) &&
(strstr($getemail, "#")) &&
(strstr($getemail, ".")) ){
/* Email is valid mysql query */
require ("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username ='$getuser'");
/* If mysql returns zero, the user does not exist. */
$numrows = mysql_num_rows($query);
/* Check if email exists */
if($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email ='$getemail'");
$numrows = mysql_num_rows($query);
if($numrows == 0){
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES ('', '$getuser', '$getpass', '$getemail', '0', '$code', '$date')");
$query = mysql_query ("SELECT ALL * FROM users WHERE username = '$getuser'");
$numrows = mysql_num_rows($query);
/* Check to make user was generated */
if($numrows == 1){
$site = "http://www.midnightnachos.com/gs";
$webmaster = "universitydb#gmail.com";
$headers = "From: $webmaster";
$subject = "Activate Your Account";
$message = "Thanks for registering. Click the link below to activate your account.\n";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormessage = "You have been registered. You must activate your account from the activation link sent to your email.";
echo $form;
$getuser = "";
$getpass = "";
}
else
echo "An error has occured. Your activation email was not sent.";
}
else
$errormessage = "An error has occurred. Account not created.";
}
else
$errormessage = "Email address already in use.";
}
else
$errormessage = "Username already exists.";
mysql_close;
}
else
$errormessage = "You did not enter a valid email.";
}
else
$errormessage = "Your passwords did not match.";
}
else
$errormessage = "You must retype your password.";
}
else
$errormessage = "You must enter your password.";
}
else
$errormessage = "You must enter an email to register.";
}
else
$errormessage = "You must enter a username to register.";
echo $form;
}
$form = "
<div class='splash'>
<h1>Register for Game Swap</h1>
<p>Register for Game Swap to browse what games other local
users have added to their library. Propose trades,
chat, and meet to swap games. Your email address
will only be used to notify you when someone has
sent a trade offer. No newsletters, advertisements or
updates will be sent by us. We will also never sell
your contact information to third parties.</p>
<br />
<p align='center'>Fill out the form below to get started</p>
<br />
<form align='center' action='./register.php' method='POST'>
<input type='text' name='user' value='$getuser' class='box' size='30' placeholder='Username' /><br />
<input type='password' name='password' class='box' size='30' placeholder='Password' /><br />
<input type='password' name='retypepassword' class='box' size='30' placeholder='Retype Password' /><br />
<input type='text' name ='email' value='$getemail' class='box' size='30' placeholder='Email Address' /><br />
<input type='button' name='reg' class='loginbutton' value='Register' /><br />
</form>
</div>
<br/> $errormessage";
echo $form;
?>
</body>
</html>
I think you mixed up the button's type attribute, i.e. it's not button, but submit.
So, I guess you have a normal text input field, but your CSS is cheating your eyes. Try writing into it :)
To submit forms via buttons you can use:
<input type="submit" name="reg" value="Register!"/>
<button name="reg" value="1-or-anything">Register!</button>
And as for a possible different way of coding (getting all the validation errors at once):
$error_list = array();
if ($condition1) $error_list[] = 'My Error message 1';
if ($condition2) $error_list[] = 'My Error message 2';
if ($condition3) $error_list[] = 'My Error message 3';
...
if (empty($error_list)) the_fun_part();
else {
foreach($error_list as $msg)
echo "{$msg}<br/>";
}
Basically, in the following code:
<?php
$hostname = '';
$username = '';
$password = '';
$dbn = '';
try {
$dbh = mysqli_connect($hostname , $username, $password ,$dbn);
//echo 'Connected to database';
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if (isset($_POST['formsubmitted'])) {
$fullname = $_POST['fullname'];
$username = $_POST['username'];
$email1 = $_POST['email1'];
$password1 = $_POST['password1'];
$dob = $_POST['dob'];
$query_verify_email = "SELECT * FROM User WHERE Email = '$email1'";
$result_verify_email = mysqli_query($dbh, $query_verify_email);
if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
echo ' Database Error Occured ';
}
if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email .
// Create a unique activation code:
$activation = md5(uniqid(rand(), true));
//$id= uniqid();
$query_insert_user = "INSERT INTO `User` ( `Name`, `Username`, `Email`, `Password`, `DOB`, `Activation`) VALUES ( '$fullname', '$username', '$email1', '$password1', '$dob', '$activation')";
$result_insert_user = mysqli_query($dbh, $query_insert_user);
if (!$result_insert_user) {
echo 'Query did not work ';
}
if (mysqli_affected_rows($dbh) == 1) { //If the Insert Query was successfull.
// Send the email:
$message = " To activate your account, please click on this link:\n\n";
$message .= 'http://website' . '/active.php?email=' . urlencode($email1) . "&key=$activation";
mail($email1, 'Registration Confirmation', $message, 'From: a#b.com');
// Flush the buffered output.
// Finish the page:
echo '<div class="success">Thank you for registering! A confirmation email has been sent to '.$email1.' Please click on the Activation Link to Activate your account </div>';
} else { // If it did not run OK.
echo '<div class="errormsgbox">You could not be registered due to a system error. We apologize for any inconvenience.</div>';
}
} else { // The email address is not available.
echo '<div class="errormsgbox" >That email address has already been registered.
</div>';
}
mysqli_close($dbh);//Close the DB Connection
}// End of the main Submit conditional.
?>
<html>
<head>
</head>
<body>
<form name="f1" action="Main.php" method="post">
<p>Full name: <br/><input class="tb10" type="text" name="fullname" /></p>
<p>Username: <br/><input class="tb10" type="text" id="username" name="username" /><br/>
<p>Email: <br/><input class="tb10" type="text" id="email1" name="email1" /></p>
<p>Re-Enter Email: <br/><input class="tb10" type="text" name="email2" /></p> <br/>
<p>Password: <br/><input class="tb10" type="password" name="password1" /></p>
<p>Re-Enter Password: <br/><input class="tb10" type="password" name="password2" /></p><br/>
<p>Date of Birth: <br/><input class="tb10" type="text" name="dob" /></br><img src="img/calendar1.gif" alt="Calendar" onclick="displayCalendar(document.forms[0].dob,'yyyy/mm/dd',this)"/></p><br/>
<div class="submit">
<input type="hidden" name="formsubmitted" value="TRUE" />
<input type="submit" value="Submit" class="button" />
</div>
</form>
</body>
</html>
The problem is I want to show the message that show up in the top (before the html part) in the body part. That means when the user completes the registration, the message will show up instead of the fields in the body section (Name, UserName, Email ,....).
To illustrate it:
If the registration is valid, I want the message:
Thank you for registering! A confirmation email has been sent to '.$email1.' Please click on the Activation Link to Activate your account
Appears in the body part (instead of the fields).
I hope you understand my explanation.
You set a variable, let it be regSuccess, in the php part to either true to false depending on whether user registration was successfull or not
Then in the html part, you checkk for the value of this variable in an if condition and output the corresponding html.
<?php
if($regSuccess == TRUE) {
?>
Thank you message
<?php
}
else
{ ?>
the input fields
<?php
} ?>
you could create a variable to store you error message instead of echo it directly.
And add a 'IF' case in the <body> for validation occur error, echo the error, otherwise print the register form.
Utilize a $_SESSION variable to indicate that the user successfully registered. You will start a session on your page and check if that value is set before doing anything else. If the variable exists, then display the activation message, otherwise provide the registration fields and continue with your existing code.
The reason for utilizing $_SESSION is to persist state information between page requests.
<?php
session_start();
if(isset($_SESSION['registered_email'])){
//Display message indicating user has already registered
echo 'Thank you for registering! A confirmation email has been sent to '. $_SESSION['registered_email'] .' Please click on the Activation Link to Activate your account';
}else{
// The rest of your code
...
// set session variable to indicate the registration was successful
$_SESSION['registered_email'] = $email1;
...
}
?>
For some reason my form is not checking the database to see if the email already exists. Are you able to identify anything wrong with my code?
// If the form submit button is set and the email and zip fields are not empty, proceed and process
if (isset($_POST['submit']) && !empty($_POST['email']) && !empty($_POST['zip'])) {
// Create variables for form input fields
$email = $_POST['email'];
$zip = $_POST['zip'];
// Create an array to capture errors
$errors = array();
// Create variable to capture success message
$success = "Thanks for signing up!";
// Email Validation
// Check to see if user entered a valid email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = "Invalid email address.";
}
// Check email length
if (strlen($email) < 6) {
$errors[] = "Sorry your email is too short.";
}
// Check email length
if (strlen($email) > 50) {
$errors[] = "Sorry your email is too long.";
}
// Zip Code Validation
// Check to see if zip code is a number
if (!is_numeric($zip)) {
$errors[] = "Zip code must be a number.";
}
// Check to see if zip code equals 5 characters
if (strlen($zip) != 5) {
$errors[] = "Sorry not a valid zip code.";
}
// Include database config file and establish db connection
require("includes/config.php");
$connection = mysql_connect(DB_HOST,DB_USERNAME,DB_PASSWORD) or die("Database Connection Error");
$database = mysql_select_db(DB_NAME) or die("No Database Found");
// Check to see if email already exists in database
$email_check_query = "SELECT email FROM shotgun";
$run_email_check_query = mysql_query($email_check_query);
// If MySQL query returns any results, user has already signed up
if (mysql_fetch_assoc($run_email_check_query) == $email) {
$errors[] = "Looks like you already signed up...";
}
// If there are no errors above run this block of code
if (count($errors) == 0) {
// Include database config file and establish db connection
require("includes/config.php");
$connection = mysql_connect(DB_HOST,DB_USERNAME,DB_PASSWORD) or die("Database Connection Error");
$database = mysql_select_db(DB_NAME) or die("No Database Found");
// Insert email and password into database
$insert_email_query = "INSERT INTO shotgun (email,zip) VALUES ('$email','$zip')";
$run_insert_email_query = mysql_query($insert_email_query);
}
}
?>
Site
</head>
<body>
<header>
<div class="logo">
<h1>Site</h1>
</div>
</header>
<div class="content">
<div class="comingsoon"></div>
<h1>Sign Up Now</h1>
<p class="description">Description</p>
<form action="index.php" method="post">
<input type="email" class="email" name="email" placeholder="Email Address">
<input type="text" class="zip" name="zip" max="5" placeholder="Zip Code">
<input type="submit" class="submit" name="submit" value="Submit">
<span class="errors">
<?php
if (count($errors) != 0) {
foreach($errors as $error) {
echo $error . "<br />";
}
} else {
echo $success;
}
?>
</span>
</form>
</div>
<footer></footer>
</body>
$email_check_query = "SELECT email FROM datingshotgun";
should be
$email_check_query = "SELECT email FROM datingshotgun WHERE email='$email'";
Right now you allways query ALL emails and compare the new email to the first in the DB.
EDIT: After tracking your code, you need:
$dbemail=mysql_real_escape_string($email, $connection);
$email_check_query = "SELECT email FROM datingshotgun WHERE email='$dbemail'";