0

Hey everyone, I'm working on a project that allows the user to register but am running into an issue where when the registration page is submitted the user receives a blank page and no confirmation(database record isn't entered). I've read and re-read the code and can't seem to find the issue. The only thing I can come up with is that I'm using incorrect syntax in the INSERT statement. Any help that can be offered would be greatly appreciated.

//begin registration page//
require('./includes/config.inc.php');
require(MYSQL);
$page_title = 'Registration';
include('./includes/header.html');



//adding form functionality//

require_once('./includes/form_functions.inc.php');

//reg_errors definition//
//array that stores the form errors//
$reg_errors = array();

//Checking for a form submission//
    //Is Form Completely Filled Out?//
    //First Name//
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) {
        $fn = escape_data($_POST['first_name'], $dbc);
            } else {
                $reg_errors['first_name'] = 'Please enter your first name!';
                }
    //Last Name//           
        if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) {
        $ln = escape_data($_POST['last_name'], $dbc);
            } else {
                $reg_errors['last_name'] = 'Please enter your last name!';
                }
    //Username//
        if (preg_match('/^[A-Z0-9]{2,45}$/i', $_POST['username'])) {
        $u = escape_data($_POST['username'], $dbc);
            } else {
                $reg_errors['username'] = 'Please enter a desired name using only letters and numbers!';
                }
    //email//
        if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) {
        $e = escape_data($_POST['email'], $dbc);
            } else {
                $reg_errors['email'] = 'Please enter a valid email address!';
                }
    //password entered and does it match the verification//
        if (preg_match('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,}$/', $_POST['pass1']) ) {
            if ($_POST['pass1'] === $_POST['pass2']) {
                $p = $_POST['pass1'];
                    } else {
                        $reg_errors['pass2'] = 'Your password did not match the confirmed password!';
                        }
                    } else {
                        $reg_errors['pass1'] = 'Please enter a valid password!';
                        }
    //INSERT USER INTO DATABASE
            if(empty($reg_errors)){
                $q = "SELECT email, username FROM users WHERE email='$e' OR username='$u'";
                $r = mysqli_query($dbc, $q);
                $rows = mysqli_num_rows($r);
                    if ($rows === 0) {
                    $q = "INSERT INTO users (username, email, pass, first_name,
                    last_name, date_expires) VALUES ('$u', '$e', '". password_hash($p, PASSWORD_BCRYPT). "', 
                    '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH)";
                $r = mysqli_query($dbc, $q);
    //If user is successfully registered
                if(mysqli_affected_rows($dbc) === 1) {
                echo '<div class="alert alert-success"><h3>Thank you for registering!</h3>
                    <p>Thank you for registering.  You may now log in and access the your music theory lessons</p>
                </div>';

                include('./includes/footer.html');
                exit();
                } else {
                trigger_error('You could not be registered due to a system error. We apologize for the inconvenience and are working to correct this error ASAP.');
                }

    //If USERNAME OR EMAIL IS ALREADY REGISTERED//
                if($rows === 2){
                $reg_errors['email']= 'This email address has alreadt been registered.  If you have forgotten your password, use the link to the left to have your password sent to you.';
                $reg_errors['username'] ='This username has already been registered. Please try another.';
                } else {
                $row = mysqli_fetch_array($r, MYSQLI_NUM);
                if ( ($row[0] === $_POST['email']) && ($row[1] === $_POST['username'])) {
                 $reg_errors['email'] = 'This email address has already been registered.  If you have forgotten your password, user the link to the left to have your password sent to you.';
                 $reg_errors['username'] = 'This username has already been registered with this email address. If you have forgotten your password, use the link to the left to have your password sent to you.';
                 } elseif ($row[0] === $_POST['email']) {$reg_errors['email'] = 'This email address has alreadt been registered.  If you have forgotten your password, use the link to the left to have your password sent to you.';
                 } elseif ($row[1] === $_POST['username']) {$reg_errors['username'] = 'This username has already been registered. Please try another.';
                }
                }


                }
                }

    }

?>
4
Contributors
12
Replies
50
Views
1 Year
Discussion Span
Last Post by Taywin
Featured Replies
  • 1
    cereal 1,419   1 Year Ago

    Hi, the insert query is missing the `VALUES` closing parenthesis: ... ADDDATE(NOW(), INTERVAL 1 MONTH)) When in doubt add `mysqli_error()`: * http://php.net/manual/en/mysqli.error.php Bye! Read More

  • 1
    broj1 316   1 Year Ago

    Test the insert statement. Put this simple debug code just before line 60: die($q); This will echo the insert query on screen and stop the script. Now inspect the query whether it is OK and copy and test it in phpmyadmin (or whatever you use). Also, you check if user … Read More

  • 1
    broj1 316   1 Year Ago

    Sory I ment to put the die statement after line 60, that is before line 63, so the insert query gets displayed. This way you test the insert query is constructed correctly. It is actually hard o test your case since there are some include statements. But if nothing else … Read More

  • 1

    If you do a proper indentation, you would have found an issue... //Checking for a form submission// //Is Form Completely Filled Out?// if ($_SERVER['REQUEST_METHOD'] === 'POST') { //First Name// if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) { $fn = escape_data($_POST['first_name'], $dbc); } else { $reg_errors['first_name'] = 'Please enter your first name!'; } //Last … Read More

  • So I found the cause of the issue. My MYSQL instance name was incorrect, as well as some spacing errors. the `die($q);`was also very helpful as I was able to debug the created INSERT Statement in PHPMyAdmin. Long story short, it is working now, and I appreciate all of the … Read More

0

While I see that this was missing and appreciate the assistance, when adding the closing ), error is still present... Any other ideas?

Thanks in advance for any help you can provide.

1

Test the insert statement. Put this simple debug code just before line 60:

die($q);

This will echo the insert query on screen and stop the script. Now inspect the query whether it is OK and copy and test it in phpmyadmin (or whatever you use).

Also, you check if user exists:

$q = "SELECT email, username FROM users WHERE email='$e' OR username='$u'";

and the if it does not exist if ($rows === 0), you do an insert, which is OK. But your oter condition if($rows === 2) is strange since if user is registered, you should find one row only, shouldn't you?

0

I've added the die($q); at line 60 and it displays:
SELECT email, username FROM users WHERE email='test@test.com' OR username='test'

I tried your other suggestion and it made no change either.

I'm still at a loss. I'm concerned that the AddDate line is incorrect due to it putting data into a date field not a timestamp field... This has been the most frustrating bit of code I've dealt with....

0

As test, try to replace line 63 (the insert query) with:

if( ! mysqli_query($dbc, "INSERT INTO ...")) {
    printf("Errormessage: %s\n", mysqli_error($dbc));
}

If the problem is related to the insert query, then it should display the error returned by the database.

1

Sory I ment to put the die statement after line 60, that is before line 63, so the insert query gets displayed. This way you test the insert query is constructed correctly.

It is actually hard o test your case since there are some include statements. But if nothing else helps I will do this. In that case post complete script and at least the form_functions.inc.php script

1

If you do a proper indentation, you would have found an issue...

//Checking for a form submission//
//Is Form Completely Filled Out?//
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  //First Name//
  if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) {
    $fn = escape_data($_POST['first_name'], $dbc);
  }
  else {
    $reg_errors['first_name'] = 'Please enter your first name!';
  }
  //Last Name//   
  if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) {
    $ln = escape_data($_POST['last_name'], $dbc);
  }
  else {
    $reg_errors['last_name'] = 'Please enter your last name!';
  }
  //Username//
  if (preg_match('/^[A-Z0-9]{2,45}$/i', $_POST['username'])) {
    $u = escape_data($_POST['username'], $dbc);
  }
  else {
    $reg_errors['username'] = 'Please enter a desired name using only letters and numbers!';
  }
  //email//
  if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) {
    $e = escape_data($_POST['email'], $dbc);
  }
  else {
    $reg_errors['email'] = 'Please enter a valid email address!';
  }
  //password entered and does it match the verification//
  if (preg_match('/^(\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*){6,}$/', $_POST['pass1']) ) {
    if ($_POST['pass1'] === $_POST['pass2']) {
      $p = $_POST['pass1'];
    }
    else {
      $reg_errors['pass2'] = 'Your password did not match the confirmed password!';
    }
  }
  else {
    $reg_errors['pass1'] = 'Please enter a valid password!';
  }

  //INSERT USER INTO DATABASE
  if(empty($reg_errors)) {
    $q = "SELECT email, username FROM users WHERE email='$e' OR username='$u'";
    $r = mysqli_query($dbc, $q);
    $rows = mysqli_num_rows($r);
    if ($rows === 0) {
      $q = "INSERT INTO users (username, email, pass, first_name,
          last_name, date_expires) VALUES ('$u', '$e', '". password_hash($p, PASSWORD_BCRYPT)."', 
          '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH)";
      $r = mysqli_query($dbc, $q);
      //If user is successfully registered
      if(mysqli_affected_rows($dbc) === 1) {
        echo '<div class="alert alert-success"><h3>Thank you for registering!</h3>
        <p>Thank you for registering.  You may now log in and access the your music theory lessons</p>
        </div>';
        include('./includes/footer.html');
        exit();
      }
      else {
        trigger_error('You could not be registered due to a system error. We apologize for the inconvenience and are working to correct this error ASAP.');
      }

      //If USERNAME OR EMAIL IS ALREADY REGISTERED//
      if($rows === 2) {
        $reg_errors['email']= 'This email address has alreadt been registered.  If you have forgotten your password, use the link to the left to have your password sent to you.';
        $reg_errors['username'] ='This username has already been registered. Please try another.';
      }
      else {
        $row = mysqli_fetch_array($r, MYSQLI_NUM);
        if ( ($row[0] === $_POST['email']) && ($row[1] === $_POST['username'])) {
         $reg_errors['email'] = 'This email address has already been registered.  If you have forgotten your password, user the link to the left to have your password sent to you.';
         $reg_errors['username'] = 'This username has already been registered with this email address. If you have forgotten your password, use the link to the left to have your password sent to you.';
        }
        elseif ($row[0] === $_POST['email']) {
          $reg_errors['email'] = 'This email address has alreadt been registered.  If you have forgotten your password, use the link to the left to have your password sent to you.';
        }
        elseif ($row[1] === $_POST['username']) {
          $reg_errors['username'] = 'This username has already been registered. Please try another.';
        }
      }
    }
  }
}

Did you see the logical error? Look at where if(mysqli_affected_rows($dbc) === 1) { and if($rows === 2) { are... They are inside if ($rows === 0) { scope...

PS: Line 27 and 33, do you want to accept all white spaces, all dots, all hyphens, or all single quotation with length of 2 or longer as first and/or last name? I would expect someone's name starting with at least a letter before that...

Edited by Taywin

Votes + Comments
Found the logic error thanks for the help.
1

So I found the cause of the issue. My MYSQL instance name was incorrect, as well as some spacing errors. the die($q);was also very helpful as I was able to debug the created INSERT Statement in PHPMyAdmin.

Long story short, it is working now, and I appreciate all of the help. As for the logic error in the USERNAME and EMAIL check, I'm going to start looking into that now so my error messages appear.

Thanks for all of the help everyone!

0

Found the logic error. New code is:

      //If user is successfully registered
      if(mysqli_affected_rows($dbc) === 1) {
        echo '<div class="alert alert-success"><h3>Thank you for registering!</h3>
        <p>Thank you for registering.  You may now log in and access the your music theory lessons</p>
        </div>';


        include('./includes/footer.html');
        exit();
           }
      else {
        trigger_error('You could not be registered due to a system error. We apologize for the inconvenience and are working to correct this error ASAP.');
        }
      }
      //If USERNAME OR EMAIL IS ALREADY REGISTERED//
      if($rows === 2) {
        $reg_errors['email'] = 'This email address has alreadt been registered.  If you have forgotten your password, use the link to the left to have your password sent to you.';
        $reg_errors['username'] = 'This username has already been registered. Please try another.';
      }
      else {
        $row = mysqli_fetch_array($r, MYSQLI_NUM);
        if ( ($row[0] === $_POST['email']) && ($row[1] === $_POST['username'])) {
         $reg_errors['email'] = 'This email address has already been registered.  If you have forgotten your password, user the link to the left to have your password sent to you.';
         $reg_errors['username'] = 'This username has already been registered with this email address. If you have forgotten your password, use the link to the left to have your password sent to you.';
        }
        elseif ($row[0] === $_POST['email']) {
          $reg_errors['email'] = 'This email address has alreadt been registered.  If you have forgotten your password, use the link to the left to have your password sent to you.';
        }
        elseif ($row[1] === $_POST['username']) {
          $reg_errors['username'] = 'This username has already been registered. Please try another.';
        }
      }
    }
  }
?>

Thanks everyone for all of the assistance. Each of you gave me a piece to this puzzle.
-Turk

0

Hmm... One of the bug still exists and I forgot to point it out to you. If, by any chance, there are more than 2 duplicated records found, your page will not show any warning or error. You may need to change from if($rows===2) to if($rows>=2) to catch the bug...

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.