Jump to content

Register


anevins

Recommended Posts

Hi there,

There's something wrong with this register form, it's submitting without validation.

 

<?php
  require_once('./includes/connectvars.php');

  // Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

  if (isset($_POST['submit'])) {
    // Grab the profile data from the POST
    $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1']));
    $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2']));
$firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
$lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name']));

    if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) {
      // Make sure someone isn't already registered using this username
      $query = "SELECT * FROM users WHERE username = '$username'";
      $data = mysqli_query($dbc, $query);
      if (mysqli_num_rows($data) == 0) {
        // The username is unique, so insert the data into the database
	$query = "INSERT INTO users (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')";

        mysqli_query($dbc, $query);

        // Confirm success with the user
        echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';

        mysqli_close($dbc);
        exit();
      }
      else {
        // An account already exists for this username, so display an error message
        echo '<p class="error">An account already exists for this username. Please use a different address.</p>';
        $username = "";
      }
    }
    else {
      echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
    }
  }

  mysqli_close($dbc);
?>

  <p>Please enter your username and desired password to sign up to Mismatch.</p>
  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
      <legend>Registration Info</legend>
      <label for="username">Username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
      <label for="password1">Password:</label>
      <input type="password" id="password1" name="password1" /><br />
      <label for="password2">Password (retype):</label>
      <input type="password" id="password2" name="password2" /><br />
  <label for="first_name">first name:</label>
      <input type="text" id="first_name" name="first_name" /><br />
  <label for="last_name">last name:</label>
      <input type="text" id="last_name" name="last_name" /><br />
    <input type="submit" value="Sign Up" name="submit" />
  </form>
</body> 
</html>

 

I've had this problem for a while now and can't figure it out, any suggestions are appreciated.

Thank you.

Link to comment
Share on other sites

Sorry for being unclear, what I meant as 'without validation' is the form submits but does not enter data.

I've now noticed when I enter data into the input fields and press on the submit button, I get an error for another form; a log in form which works fine by itself.

 

Here's the error I get when I submit my register form with input data:

An error occurred in script 'G:\xampp\htdocs\xampp\wp\assignment2\framework\modules\login.php' on line 16:

<br />Undefined index: password

 

I'll show you code for both files; since it seems both are involed.

 

register.php

<?php
  require_once('./includes/connectvars.php');

  // Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

  if (isset($_POST['submit'])) {
    // Grab the profile data from the POST
    $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1']));
    $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2']));
$firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
$lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name']));

    if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) {
      // Make sure someone isn't already registered using this username
      $query = "SELECT * FROM users WHERE username = '$username'";
      $data = mysqli_query($dbc, $query);
      if (mysqli_num_rows($data) == 0) {
        // The username is unique, so insert the data into the database
	$query = "INSERT INTO users (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')";

        mysqli_query($dbc, $query);

        // Confirm success with the user
        echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';

        mysqli_close($dbc);
        exit();
      }
      else {
        // An account already exists for this username, so display an error message
        echo '<p class="error">An account already exists for this username. Please use a different address.</p>';
        $username = "";
      }
    }
    else {
      echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
    }
  }

  mysqli_close($dbc);
?>

  <p>Please enter your username and desired password to sign up to Mismatch.</p>
  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
      <legend>Registration Info</legend>
      <label for="username">Username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
      <label for="password1">Password:</label>
      <input type="password" id="password1" name="password1" /><br />
      <label for="password2">Password (retype):</label>
      <input type="password" id="password2" name="password2" /><br />
  <label for="first_name">first name:</label>
      <input type="text" id="first_name" name="first_name" /><br />
  <label for="last_name">last name:</label>
      <input type="text" id="last_name" name="last_name" /><br />
    <input type="submit" value="Sign Up" name="submit" />
  </form>
</body> 
</html>

 

login.php

<?php
  require_once('./includes/connectvars.php');


  // Clear the error message
  $error_msg = "";

  // If the user isn't logged in, try to log them in
  if (!isset($_SESSION['user_id'])) {
    if (isset($_POST['submit'])) {
      // Connect to the database
      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

      // Grab the user-entered log-in data
      $user_username = mysqli_real_escape_string($dbc, trim($_POST['username']));
  $user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));  



      if (!empty($user_username) && !empty($user_password)) {
        // Look up the username and password in the database
        $query = "SELECT user_id, username FROM users WHERE username = '$user_username' AND password = SHA('$user_password')";
        $data = mysqli_query($dbc, $query);

        if (mysqli_num_rows($data) == 1) {
          // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
          $row = mysqli_fetch_array($data);
          $_SESSION['user_id'] = $row['user_id'];
          $_SESSION['username'] = $row['username'];        	  
	  setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30));    // expires in 30 days
          setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30));  // expires in 30 days
          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
          header('Location: ' . $home_url);
	  
        }
        else {
          // The username/password are incorrect so set an error message
          $error_msg = 'Invalid';
        }
      }
      else {
        // The username/password weren't entered so set an error message
        $error_msg = 'Enter all fields';
      }
    }
  }
  
// If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in
  if (empty($_SESSION['user_id'])) {
    echo '<p>' . $error_msg . '</p>';
?>


  <form id="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<span style=" padding-left:52px;"> <legend>Log In or <a href="index.php?p=register">Register</a></span></legend>
<table>
      <tr>
	<td>
		<label for="username">Username:</label>
	</td>
	<td>
		<input type="text" name="username" value="<?php if (!empty($user_username)) echo $user_username; ?>" /><br />
	</td>
  </tr>
  <tr>
	<td>
		<label for="password">Password:</label>
	</td>
	<td>
		<input type="password" name="password" />
	</td>
	<td>
		<input type="submit" value="Log In" name="submit" />
	</td>
      </tr> 
</table>
  </form>

<?php
  }
  else {
    // Confirm the successful log-in
    echo '<p>You are logged in as ' . $_SESSION['username'] . '.</p>';
echo '<br /><a href="index.php?p=logout">Log Out (' . $_SESSION['username'] . ')</a>';
echo '<br /><a href="index.php?p=viewprofile">View Profile</a></p>';


}
  
?>

 

If you're wondering about sessions, I've already sent them in another file.

 

Thanks

Link to comment
Share on other sites

This is line 16 of your login script:

 

	  $user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));  

 

The form did not send "password", that is causing the error.

 

Are you saying that you got an error from login.php when you submitted the register.php form?  Is the data getting submitted to the wrong script?

Link to comment
Share on other sites

Can you "view source" on the form on your register page, and see what this line looks like:

 

  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"

 

It's the contents of the action field that I'm interested in.

Link to comment
Share on other sites

I think PHP_SELF might not be the right action for your form.  What url do you see in the address bar when viewing the register script?  You should be seeing the same url in the form action for submitting that script.  Or at least the path portion, such as "/register.php"

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.