I can't find out whats the problem here, would appreciate some input in how to think building my "if".
The problem is that I don't seem to catch if an email exists, nor if user exists and neither can I create a new user :/.
Appreciate your help alot!
<?php
// Start the session in case of errors to display within the page of user creation
session_start();
$err_msg = array();
$errflag = false;
// Check if the submit button was pressed
if ($_SERVER['REQUEST_METHOD'] === 'POST'
&& $_POST['submit'] === 'Skapa')
{
// Crypt password
$options = ['cost' => 10];
$username = strip_tags($_POST['uname']);
$password = strip_tags(password_hash($_POST['pword'], PASSWORD_DEFAULT, $options));
$email = strip_tags($_POST['uname'], '@');
// Check so all the fields are filled
if ($_POST['uname'] == '' || $_POST['pword'] == '' || $_POST['pwordcheck'] == '')
{
$err_msg[] = 'Please enter all fields<br>';
$errflag = true;
}
// See if passwords and confirm matches
if ($_POST['pword'] !== $_POST['pwordcheck'])
{
$err_msg[] = 'Passwords doesn\'t match!<br>';
$errflag = true;
}
// Check password length, atleast 8 characters
if (strlen($_POST['pword']) < 7)
{
$err_msg[] = 'Password must be atleast 8 characters long';
$errflag = true;
}
// Check if email exists
include_once('../includes/db.inc.php');
$db = new PDO(DB_INFO, DB_USER, DB_PASS);
$sql = "SELECT COUNT(*) AS count FROM movies WHERE email = :emailadress";
$stmt = $db->prepare($sql);
$stmt->bindParam(':emailadress', $email);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row > 0)
{
$err_msg[] = 'Email already taken!';
$errflag = true;
$db = NULL;
}
// Check if user exists
include_once('../includes/db.inc.php');
$db = new PDO(DB_INFO, DB_USER, DB_PASS);
$sql = "SELECT uname FROM users WHERE uname = :username";
$stmt = $db->prepare($sql);
$stmt->bindParam(':username', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row > 0)
{
$err_msg[] = 'User already exists';
$errflag = true;
$db = NULL;
}
if ($errflag = false)
{
// Everything passed, create the user!
include_once('../includes/db.inc.php');
$db = new PDO(DB_INFO, DB_USER, DB_PASS);
$sql = "INSERT INTO users (uname, pword, email) VALUES (:username, :password, :emailadress)";
$stmt = $db->prepare($sql);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->bindParam(':emailadress');
$stmt->execute();
$_SESSION['uname'] = $username;
header('Location: ../template/header.php');
exit;
}
// If any error, send the user back and display messages
if ($errflag == true)
{
$_SESSION['err_msg'] = $err_msg;
session_write_close();
header('Location: ../user/create.php');
exit;
}
}
else
{
$_SESSION['err_msg'] = $err_msg;
session_write_close();
header('Location: ../user/create.php');
exit;
}
?>