Jump to content

php signup form with image upload


ianhaney50

Recommended Posts

Hi

 

I am building a sign up form with image upload as I do know is better to store the images on the server within a folder and just store the image filepath within the database so that's what I have done and seems to be working and not at the same time

 

I created a user and it has registered successfully with all the data and has stored the image itself in the uploads folder on the server and in the database it has stored the image filepath but am getting the following errors on the register.php page

 

Notice: Undefined variable: error in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/register.php on line 25

Form has been submitted successfully.

Notice: Undefined index: uploadedfile in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/register.php on line 84 The file has been uploaded, and your information has been added to the directory

MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username'

 

The coding is below

<?php

if (isset($_POST['submit']) && $error == '') { // if there is no error, then process further
echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success message

## connect mysql server
	$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
	# check connection
	if ($mysqli->connect_errno) {
		echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
		exit();
	}
	
	//This is the directory where images will be saved
$target = "uploads/";
$target = $target . basename( $_FILES['photo']['name']);
	
## query database
	# prepare data for insertion
	$username	= mysqli_real_escape_string($mysqli, $_POST['username']);
	$password = md5($_POST['password']);
	
	$companyname	= mysqli_real_escape_string($mysqli, $_POST['companyname']);
	$email		= mysqli_real_escape_string($mysqli, $_POST['email']);
	$address1		= mysqli_real_escape_string($mysqli, $_POST['address1']);
	$address2		= mysqli_real_escape_string($mysqli, $_POST['address2']);
	$town		= mysqli_real_escape_string($mysqli, $_POST['town']);
	$county		= mysqli_real_escape_string($mysqli, $_POST['county']);
	$postcode		= mysqli_real_escape_string($mysqli, $_POST['postcode']);
	$telnumber		= mysqli_real_escape_string($mysqli, $_POST['telnumber']);
	$category		 = mysqli_real_escape_string($mysqli, $_POST['category']);
	$pic = ($_FILES['photo']['name']);

	# check if username and email exist else insert
	// u = username, e = emai, ue = both username and email already exists
	$exists = "";
	$result = $mysqli->query("SELECT username from users WHERE username = '{$username}' LIMIT 1");
	if ($result->num_rows == 1) {
		$exists .= "u";
	}	
	$result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1");
	if ($result->num_rows == 1) {
		$exists .= "e";
	}

	if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>";
	else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>";
	else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>";
	else {
		

		
		# insert data into mysql database
		$sql = "INSERT  INTO `users` (`id`, `username`, `password`, `companyname`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `category`, `photo`) 
				VALUES (NULL, '{$username}', '{$password}', '{$companyname}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$category}', '{$pic}')";
				
				//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
				
				$result = $mysqli->query($sql);

if ($mysqli->query($sql)) {
	
	$to = $_POST['email'];
   $subject = "Add Listing Confirmation and Login Credentials";
   $message = "Thank you for signing up and adding your listing, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}";
   $header = "From:noreply@domain.co.uk \r\n";
   $retval = mail ($to,$subject,$message,$header);
   if( $retval == true )  
   {
      echo "Message sent successfully...";
   }
   else
   {
      echo "Message could not be sent...";
   }
	
			redirect_to("login.php?msg=Registered successfully");
		} else {
			echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
			exit();
		}
		
	}
	
}

?>

<div id="column-whole">
<!-- The HTML registration form -->

<form method="post" action="<?=$_SERVER['PHP_SELF']?>" enctype="multipart/form-data">
	<label>Username:</label> <input type="text" name="username" required="required" placeholder="Please Enter your chosen username"/>
    <br />
	<label>Password:</label> <input type="password" name="password" required="required" placeholder="Please Enter your chosen password"/>
    <br />
	<label>Company Name:</label> <input type="text" name="companyname" required="required" placeholder="Please Enter your company name">
    <br />
	<label>Email:</label> <input type="email" name="email" required="required" placeholder="Please Enter your email"/>
    <br />
    <label>Address Line 1:</label> <input type="text" name="address1" required="required" placeholder="Please Enter the first line of your address"/>
    <br />
    <label>Address Line 2:</label> <input type="text" name="address2" required="required" placeholder="Please Enter the second line of your address"/>
    <br />
    <label>Town:</label> <input type="text" name="town" required="required" placeholder="Please Enter your town"/>
    <br />
    <label>County:</label> <input type="text" name="county" required="required" placeholder="Please Enter your county"/>
    <br />
    <label>Postcode:</label> <input type="text" name="postcode" required="required" placeholder="Please Enter your postcode"/>
    <br />
    <label>Telephone Number:</label> <input type="text" name="telnumber" required="required" placeholder="Please Enter your landline number"/>
    <br />
    <label>Category:</label> <input type="text" name="category" required="required" placeholder="Please Enter your chosen category"/>
<br><br>
<label>Upload Image: </label>
<input type="hidden" name="size" value="350000">
<input type="file" name="photo">
<br /><br />
<div class="box">
<label>I agree to the <a href="#" target="_blank">terms</a></label>
</div>
<input type="checkbox" class="checkbox" id="the-terms" value="I Agree">

<input type="submit" name="submit" value="Register" disabled="disabled" id="submitBtn" />
	<a class="haveaccount" href="login.php">I already have an account...</a>
</form>

Am confused about the errors as does seem to be working sort of

Link to comment
Share on other sites

At the top of your script, you're checking the value of $error before you've created the variable. use isset() instead. And further down in the script you switch from $_FILES['photo'] to $_FILES['uploadedfile'], which apparently doesn't exist.

Link to comment
Share on other sites

Ahh cool, thank you so much, have corrected them issues now and works perfect and only got one little one now

 

on the php page it comes up with the following

 

Form has been submitted successfully.

The file new-logo.jpg has been uploaded, and your information has been added to the directory

MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username' <---- NOT SURE WHAT IS CAUSING THIS ERROR

 

Also after submitting the form it should redirect to login.php with the following url

redirect_to("login.php?msg=Registered successfully");

but is just staying on register.php page with the message I pasted above with the MySQL error no 1062

Link to comment
Share on other sites

As long as you want unique usernames, the system is actually functioning as it should. While you're testing, either make up a new username for each manual test, or delete the inserted row after each manual test.

 

And yes,

header('location:login.php?msg=Registered_successfully');

is what you want (note that I removed the space in the value of msg).

Link to comment
Share on other sites

I have put the coding in for the header location just above and its still not redirecting and yeah I am deleting the inserted row and then signing up again but still getting the following on the php page

 

Form has been submitted successfully.

The file new-logo.jpg has been uploaded, and your information has been added to the directory

MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username'

Link to comment
Share on other sites

sorted it, in the database under indexes, username and email was set to UNIQUE so just changed it to INDEX and now works perfect and adds the data to the database and the image location is uploaded on the database and the actual image is added into the folder on the server and redirects to the login.php?msg=Registered Successfully now so all is good

Link to comment
Share on other sites

You're not doing any kind of validation on the uploaded file, that is a very very bad idea.  At this point, anyone could upload literally any file they wanted and make it run on your server.  So a php file with malicious code, anything!!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.