0

I am very new to PHP but I am having issues with my first login system. It will say success is the browser but the user is not saved in the database. It is probably a very basic mistake. Thank you!

I need it so that when details are entered into my form they are transferred to the database for later use, the password. The database name is store, and the title of the records are UserID, uuid, Email, Pass, CartID, Admin. uuid needs to be filled in with the username, pass with the hashed password and email with the email entered. the rest should auto-fill when sent to the database.

This is one of my files.

<?php
if (isset($_POST['sign-up'])) {
    require 'dbh.php';

    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['pass'];
    
    if (empty($username) || empty($email) || empty($password)) {
        header("Location: ../register.php?error=emptyfields&username=".$username. "&email=".$email);
        exit();

    } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
        header("Location: ../register.php?error=invalidemail&username");
        exit();
    } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../register.php?error=invalidemail&username=".$username);
        exit();
    } elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
        header("Location: ../register.php?error=invalidusername&email=".$email);
        exit();
    } else {
        $sql = "SELECT * FROM accounts WHERE uuid =?";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../register.php?error=sqlerror");
            exit();
        } else {
            mysqli_stmt_bind_param($stmt, "s", $email);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
            $resultCheck = mysqli_stmt_num_rows($stmt);
            if ($resultCheck > 0) {
                header("Location: ../register.php?error=usernametaken&email=".$email);
                exit();
            } else {
                $sql = "INSERT INTO accounts(uuid, Email, Pass) ValUES(?, ?, ?)";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    header("Location: ../register.php?error=sqlerror");
                    exit();
                } else {
                    $hashedpass = password_hash($password, PASSWORD_DEFAULT);
                    mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedpass);
                    mysqli_stmt_execute($stmt);
                    header("Location: ../register.php?register=success");
                    exit();
                }
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);
} else {
    header("Location: ../register.php");
    exit();
}

This is the other file.

<?php

$servername = 'localhost';
$dbUsername = 'root';
$dbPassword = '';
$dbName = 'store';

$conn = mysqli_connect($servername, $dbUsername, $dbPassword, $dbName);

if (!$conn) {
    die("Connection failed:".mysqli_connect_error());
}

?>
Qirel
  • 25,449
  • 7
  • 45
  • 62
Hugo
  • 30
  • 7
  • 2
    You don't check if any rows was affected (use `mysqli_stmt_affected_rows($stmt) > 0`), nor do you check for any SQL errors (enable MySQLi exception mode by adding `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` at the top of your connection file `dbh.php` – Qirel Nov 03 '20 at 22:07
  • @Hugo check if $_POST['sign-up'] is come from form – Mike Foxtech Nov 03 '20 at 22:25

0 Answers0