Jump to content

Recommended Posts

Hello guys.

I got a problem that whenever you register on my page, the registration is successful, no errors, successful redirection to login page, but the registration does not write the information into database and I have no idea why... I'm sure that i'm connecting correctly, to the correct table, with the correct commands, but it kinda does not work... 

BTW (This registration and login and all worked a few weeks ago, but I got an sudden internal server error, so I had to delete and reupload all files, and I had to change database. I changed the database, created the same table with the same columns, also I overwrote ALL old database information to the new (password, dbname,name) and, so page works fine, but that registration does not...I'm including my code for registration and registration form)

Registration process CODE:
 

<?php
include_once 'db_connect.php';
include_once 'psl-config.php';

$error_msg = "";

if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}


$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);

// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//

$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);

// check existing email 
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
$stmt->close();
}
// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);

if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {
$error_msg .= '<p class="error">A user with this username already exists.</p>';
}

$stmt->close();
}

// TODO: 
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.

if (empty($error_msg)) {

// Create salted password 
$passwordHash = password_hash($password, PASSWORD_BCRYPT);

// Insert the new user into the database 
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password) VALUES (?, ?, ?)")) {
$insert_stmt->bind_param('sss', $username, $email, $passwordHash);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./continue.php');
}
}

and Registration form :

<div class="register-form">
    <center><h2>Registration</h2></center>
        <form action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>" 
                method="post" 
                name="registration_form">
            <center><p></p><input type='text' 
                name='username' 
                placeholder="Username"
                id='username' /><br></center>
            <center><p></p><input type="text" name="email" id="email" placeholder="Email" /><br></center>
            <center><p></p><input type="password"
                             name="password"
                             placeholder="Insert Password" 
                             id="password"/><br></center>
            <center><p></p><input type="password" 
                                     name="confirmpwd" 
                                     placeholder="Repeat Password"
                                     id="confirmpwd" /><br></center>
            <center><p></p><input type="submit" class="button"
                   value="Register" 
                   onclick="return regformhash(this.form,
                                   this.form.username,
                                   this.form.email,
                                   this.form.password,
                                   this.form.confirmpwd);" /> </center>
        </form>
        </div>

Anybody know where is problem? 

 

I have two questions (they're probably stupid).

 

First, why do you think this problem is a Regex problem?

Second, if it doesn't store the user's info in the database table, how can you say that it works? Aren't you contradicting yourself? (Well, actually three but I can't count :happy-04: )

If you format and re-read your code, I think you'll see what the issue is.

 

There are only 2 ways I can see that you're not going to be redirected to ./continue.php - if there's nothing in $_POST['username'], $_POST['email'], and $_POST['p'], or if your e-mail is invalid. You don't have an else clause for any of your prepare() statement checks, so the code skips those parts. Nothing is assigned to $error_msg so, when you check the value of $error_msg, it's empty, and you create a password hash only to fail (and therefor skip) the third prepare statement without an else clause, and lickety-split you're being redirected to ./continue.php.

 

Try adding

else{
    $error_msg = 'Yup. Failed a prepare';
}

after the closing brace of both the

if ($stmt) {
    ...
}

segments, and the

if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password) VALUES (?, ?, ?)")) {
    ...
}

segment of code and see what happens. I'm not saying that exactly this is happening, it just looks to me like the most likely possibility.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.