php signup form with image upload

[ianhaney50]

Hi

 

I am building a sign up form with image upload as I do know is better to store the images on the server within a folder and just store the image filepath within the database so that's what I have done and seems to be working and not at the same time

 

I created a user and it has registered successfully with all the data and has stored the image itself in the uploads folder on the server and in the database it has stored the image filepath but am getting the following errors on the register.php page

 

Notice: Undefined variable: error in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/register.php on line 25

Form has been submitted successfully.

Notice: Undefined index: uploadedfile in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/register.php on line 84 The file has been uploaded, and your information has been added to the directory

MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username'

 

The coding is below

<?php

if (isset($_POST['submit']) && $error == '') { // if there is no error, then process further
echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success message

## connect mysql server
	$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
	# check connection
	if ($mysqli->connect_errno) {
		echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
		exit();
	}
	
	//This is the directory where images will be saved
$target = "uploads/";
$target = $target . basename( $_FILES['photo']['name']);
	
## query database
	# prepare data for insertion
	$username	= mysqli_real_escape_string($mysqli, $_POST['username']);
	$password = md5($_POST['password']);
	
	$companyname	= mysqli_real_escape_string($mysqli, $_POST['companyname']);
	$email		= mysqli_real_escape_string($mysqli, $_POST['email']);
	$address1		= mysqli_real_escape_string($mysqli, $_POST['address1']);
	$address2		= mysqli_real_escape_string($mysqli, $_POST['address2']);
	$town		= mysqli_real_escape_string($mysqli, $_POST['town']);
	$county		= mysqli_real_escape_string($mysqli, $_POST['county']);
	$postcode		= mysqli_real_escape_string($mysqli, $_POST['postcode']);
	$telnumber		= mysqli_real_escape_string($mysqli, $_POST['telnumber']);
	$category		 = mysqli_real_escape_string($mysqli, $_POST['category']);
	$pic = ($_FILES['photo']['name']);

	# check if username and email exist else insert
	// u = username, e = emai, ue = both username and email already exists
	$exists = "";
	$result = $mysqli->query("SELECT username from users WHERE username = '{$username}' LIMIT 1");
	if ($result->num_rows == 1) {
		$exists .= "u";
	}	
	$result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1");
	if ($result->num_rows == 1) {
		$exists .= "e";
	}

	if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>";
	else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>";
	else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>";
	else {
		

		
		# insert data into mysql database
		$sql = "INSERT  INTO `users` (`id`, `username`, `password`, `companyname`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `category`, `photo`) 
				VALUES (NULL, '{$username}', '{$password}', '{$companyname}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$category}', '{$pic}')";
				
				//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
				
				$result = $mysqli->query($sql);

if ($mysqli->query($sql)) {
	
	$to = $_POST['email'];
   $subject = "Add Listing Confirmation and Login Credentials";
   $message = "Thank you for signing up and adding your listing, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}";
   $header = "From:noreply@domain.co.uk \r\n";
   $retval = mail ($to,$subject,$message,$header);
   if( $retval == true )  
   {
      echo "Message sent successfully...";
   }
   else
   {
      echo "Message could not be sent...";
   }
	
			redirect_to("login.php?msg=Registered successfully");
		} else {
			echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
			exit();
		}
		
	}
	
}

?>

<div id="column-whole">
<!-- The HTML registration form -->

<form method="post" action="<?=$_SERVER['PHP_SELF']?>" enctype="multipart/form-data">
	<label>Username:</label> <input type="text" name="username" required="required" placeholder="Please Enter your chosen username"/>
    <br />
	<label>Password:</label> <input type="password" name="password" required="required" placeholder="Please Enter your chosen password"/>
    <br />
	<label>Company Name:</label> <input type="text" name="companyname" required="required" placeholder="Please Enter your company name">
    <br />
	<label>Email:</label> <input type="email" name="email" required="required" placeholder="Please Enter your email"/>
    <br />
    <label>Address Line 1:</label> <input type="text" name="address1" required="required" placeholder="Please Enter the first line of your address"/>
    <br />
    <label>Address Line 2:</label> <input type="text" name="address2" required="required" placeholder="Please Enter the second line of your address"/>
    <br />
    <label>Town:</label> <input type="text" name="town" required="required" placeholder="Please Enter your town"/>
    <br />
    <label>County:</label> <input type="text" name="county" required="required" placeholder="Please Enter your county"/>
    <br />
    <label>Postcode:</label> <input type="text" name="postcode" required="required" placeholder="Please Enter your postcode"/>
    <br />
    <label>Telephone Number:</label> <input type="text" name="telnumber" required="required" placeholder="Please Enter your landline number"/>
    <br />
    <label>Category:</label> <input type="text" name="category" required="required" placeholder="Please Enter your chosen category"/>
<br><br>
<label>Upload Image: </label>
<input type="hidden" name="size" value="350000">
<input type="file" name="photo">
<br /><br />
<div class="box">
<label>I agree to the <a href="#" target="_blank">terms</a></label>
</div>
<input type="checkbox" class="checkbox" id="the-terms" value="I Agree">

<input type="submit" name="submit" value="Register" disabled="disabled" id="submitBtn" />
	<a class="haveaccount" href="login.php">I already have an account...</a>
</form>

Am confused about the errors as does seem to be working sort of

[maxxd]

At the top of your script, you're checking the value of $error before you've created the variable. use isset() instead. And further down in the script you switch from $_FILES['photo'] to $_FILES['uploadedfile'], which apparently doesn't exist.

[ianhaney50]

Ahh cool, thank you so much, have corrected them issues now and works perfect and only got one little one now

 

on the php page it comes up with the following

 

Form has been submitted successfully.

The file new-logo.jpg has been uploaded, and your information has been added to the directory

MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username' <---- NOT SURE WHAT IS CAUSING THIS ERROR

 

Also after submitting the form it should redirect to login.php with the following url

redirect_to("login.php?msg=Registered successfully");

but is just staying on register.php page with the message I pasted above with the MySQL error no 1062

[maxxd]

Sounds like you've got a unique constraint (or index) on the username column of your table. What's redirect_to()? That's not a php function.

[ianhaney50]

how can I fix the issue on the username within the database?

 

ahh should I use header location instead, is that it? was trying to remember off top of my head

[maxxd]

As long as you want unique usernames, the system is actually functioning as it should. While you're testing, either make up a new username for each manual test, or delete the inserted row after each manual test.

 

And yes,

header('location:login.php?msg=Registered_successfully');

is what you want (note that I removed the space in the value of msg).

[ianhaney50]

I have put the coding in for the header location just above and its still not redirecting and yeah I am deleting the inserted row and then signing up again but still getting the following on the php page

 

Form has been submitted successfully.

The file new-logo.jpg has been uploaded, and your information has been added to the directory

MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username'

[ianhaney50]

sorted it, in the database under indexes, username and email was set to UNIQUE so just changed it to INDEX and now works perfect and adds the data to the database and the image location is uploaded on the database and the actual image is added into the folder on the server and redirects to the login.php?msg=Registered Successfully now so all is good

[ianhaney50]

ahh maybe not, the record is duplicating in the database

[ianhaney50]

sorry sussed it, I had the querie being executed twice within the coding so took one out and is working perfect now and is not duplicating anymore in the database

[maxxd]

That would also explain why you were getting the duplicate entry error. Glad you got it fixed.

[fastsol]

You're not doing any kind of validation on the uploaded file, that is a very very bad idea.  At this point, anyone could upload literally any file they wanted and make it run on your server.  So a php file with malicious code, anything!!