0

I'm currently working on a project that has a registration form that should theoretically work as far as I know for the registration but I can't seem to identify what I'm doing wrong.

The code below is the front-end section for the registration form

<form style="border: 3px solid #ddd; border-radius: 10px; padding: 10px;" class="uk-form-stacked js-register">

        <div class="uk-margin">
            <label class="uk-form-label" for="form-stacked-text"><b>Username:</b></label>
            <div class="uk-form-controls">
                <input id="user_name" style="border-radius: 10px;" class="uk-input" name="form-stacked-text" type="text" required='required' placeholder="Insert Username">
            </div>
        </div>
        <div class="uk-margin">
            <label class="uk-form-label" for="form-stacked-text"><b>Email:</b></label>
            <div class="uk-form-controls">
                <input id="user_email" class="uk-input" style="border-radius: 10px;" name="form-stacked-text" type="email" required='required' placeholder="Insert Email">
            </div>
        </div>
        <div class="uk-margin">
            <label class="uk-form-label" for="form-stacked-text"><b>Password:</b></label>
            <div class="uk-form-controls">
                <input id="user_pass" class="uk-input" style="border-radius: 10px;" name="user_pass" type="Password" required='required' placeholder="Insert Password">
            </div>
        </div>
        <div class="uk-margin">
            <label class="uk-form-label" for="form-stacked-text"><b>Confirm Password:</b></label>
            <div class="uk-form-controls">
                <input id="user_pass_check" class="uk-input" style="border-radius: 10px;" name="user_pass_check" type="Password" required='required' placeholder="Confirm Password">
            </div>
        </div>
        <div class="uk-margin">
            <div class="uk-form-controls">
                <div class="captcha">

                    <div align="center" class="g-recaptcha" data-sitekey="-" data-callback="recaptcha_callback"></div>
                </div>
                <br>
            </div>
        </div>

        <div class="uk-margin uk-alert-danger js-error" style='display: none;'></div>

        <div class="uk-margin">
            <label><center>Already have an account? <a href='/~za1180x/comp1687/login.php'>login now!</a></center></label>
            <br>
            <center><button id="registerbtn" name="registerbtn" class="uk-button uk-button-default"  type="submit"><b>REGISTER</b></button></center>
        </div>

    </form>

The backend code responsible for submitting the information to the database is as follow

if($_SERVER['REQUEST_METHOD'] != 'POST')
{
    $return = [];
    $email = Filter::String( $_POST['user_email']);
    $password = Filter::String( $_POST['user_pass']);
    $username = Filter::String( $_POST['user_name']);

    $user_found = User::Find($email, $username);

    mysqli_report ( MYSQLI_REPORT_ALL);

    if($user_found) {
        // User exists
        // We can also check to see if they are able to log in.
        $return['error'] = "You already have an account";
        $return['is_logged_in'] = false;
    } else  {

        // User does not exist, add them now.
        $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
        // make sure the user CAN be added AND is added.
        $addUser = $con->prepare("INSERT INTO users(user_name, user_email, user_pass) VALUES(:user_name, LOWER(:user_email), :user_pass)");
        $addUser->bindParam(':username', $username, PDO::PARAM_STR);
        $addUser->bindParam(':email', $email, PDO::PARAM_STR);
        $addUser->bindParam(':password', $password, PDO::PARAM_STR);
        $addUser->execute();

        $user_id = $con->lastInsertId();

        $_SESSION['user_id'] = (int) $user_id;

        $return['is_logged_in'] = true;

        $return['redirect'] = 'C:\wamp64\www\index.php?message=welcome';


    }
    // return the proper information back to Javascript to redirect us.

    echo json_encode($return, JSON_PRETTY_PRINT);
} else {
    //Kill the script. Redirect the user.
    exit('Invalid URL');
}

The code below is the class that I've created that makes the connection for the database.

class DB {

    protected static $con;

    private function __construct(){
        try {

            self::$con = new PDO( 'mysql:charset=latin1;host=localhost;port=3306;dbname=webenterprise', 'root', ''); //change connection string
            self::$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
            self::$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
            self::$con->setAttribute( PDO::ATTR_PERSISTENT, false );
            self::$con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

        } catch (PDOException $e) {
            echo "Could not connect to database."; exit;
        }
    }


    public static function getConnection() {
        //If this instance has not been started, start it.
        if (!self::$con) {
            new DB();
        }
        //Return the writeable db connection
        return self::$con;
    }

   }
Improve this question
16
  • 1
    While this may work, you should not use SQL commands like this: LOWER(:user_email) on placeholders as they are not really what you would expect. Modify those strings outside of your prepare statement. Commented Feb 20, 2019 at 18:05
  • Have you checked your error logs? Commented Feb 20, 2019 at 18:06
  • How would I do that? and what would be wrong if I carried on using this method? Commented Feb 20, 2019 at 18:07
  • @JayBlanchard I don't seem to be getting errors on my log. Maybe my xedebug isn't set up properly. Commented Feb 20, 2019 at 18:07
  • 2
    In your insert you have :user_name and bind to :username - check your bind names! Commented Feb 20, 2019 at 18:13

1 Answer 1

Reset to default
1

I can see different problems:

  • You don't have a method attribute in you form element (GET is the default method);
  • You don't have an action attribute in you form element;
  • Your name attributes in your form don't correspond with the $_POST variables you're using (maybe a mix up with ids?);
  • You start your backend code with if($_SERVER['REQUEST_METHOD'] != 'POST') but you're using $_POST variables after: you should use if($_SERVER['REQUEST_METHOD'] == 'POST') instead.

Maybe I missed some.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.