Successful registration, but does not write information in DB

[Fregbind]

Hello guys.

I got a problem that whenever you register on my page, the registration is successful, no errors, successful redirection to login page, but the registration does not write the information into database and I have no idea why... I'm sure that i'm connecting correctly, to the correct table, with the correct commands, but it kinda does not work... 

BTW (This registration and login and all worked a few weeks ago, but I got an sudden internal server error, so I had to delete and reupload all files, and I had to change database. I changed the database, created the same table with the same columns, also I overwrote ALL old database information to the new (password, dbname,name) and, so page works fine, but that registration does not...I'm including my code for registration and registration form)

Registration process CODE:
 

<?php
include_once 'db_connect.php';
include_once 'psl-config.php';

$error_msg = "";

if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}


$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);

// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//

$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);

// check existing email 
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
$stmt->close();
}
// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);

if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {
$error_msg .= '<p class="error">A user with this username already exists.</p>';
}

$stmt->close();
}

// TODO: 
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.

if (empty($error_msg)) {

// Create salted password 
$passwordHash = password_hash($password, PASSWORD_BCRYPT);

// Insert the new user into the database 
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password) VALUES (?, ?, ?)")) {
$insert_stmt->bind_param('sss', $username, $email, $passwordHash);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./continue.php');
}
}

and Registration form :

<div class="register-form">
    <center><h2>Registration</h2></center>
        <form action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>" 
                method="post" 
                name="registration_form">
            <center><p></p><input type='text' 
                name='username' 
                placeholder="Username"
                id='username' /><br></center>
            <center><p></p><input type="text" name="email" id="email" placeholder="Email" /><br></center>
            <center><p></p><input type="password"
                             name="password"
                             placeholder="Insert Password" 
                             id="password"/><br></center>
            <center><p></p><input type="password" 
                                     name="confirmpwd" 
                                     placeholder="Repeat Password"
                                     id="confirmpwd" /><br></center>
            <center><p></p><input type="submit" class="button"
                   value="Register" 
                   onclick="return regformhash(this.form,
                                   this.form.username,
                                   this.form.email,
                                   this.form.password,
                                   this.form.confirmpwd);" /> </center>
        </form>
        </div>

Anybody know where is problem? 

 

[Strider64]

I have two questions (they're probably stupid).

 

First, why do you think this problem is a Regex problem?

Second, if it doesn't store the user's info in the database table, how can you say that it works? Aren't you contradicting yourself? (Well, actually three but I can't count )

[Fregbind]

Where did I write that it works?

[ginerjm]

Are you just being a wiseguy or do you want help? In your first sentence you stated that the 'registration is successful'.

[maxxd]

If you format and re-read your code, I think you'll see what the issue is.

 

There are only 2 ways I can see that you're not going to be redirected to ./continue.php - if there's nothing in $_POST['username'], $_POST['email'], and $_POST['p'], or if your e-mail is invalid. You don't have an else clause for any of your prepare() statement checks, so the code skips those parts. Nothing is assigned to $error_msg so, when you check the value of $error_msg, it's empty, and you create a password hash only to fail (and therefor skip) the third prepare statement without an else clause, and lickety-split you're being redirected to ./continue.php.

 

Try adding

else{
    $error_msg = 'Yup. Failed a prepare';
}

after the closing brace of both the

if ($stmt) {
    ...
}

segments, and the

if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password) VALUES (?, ?, ?)")) {
    ...
}

segment of code and see what happens. I'm not saying that exactly this is happening, it just looks to me like the most likely possibility.