So your script would need to look like this.
And you can set a one more password field so user can verify password, its implemented in most of registration scripts. And put in captcha to prevent spam on your form.
<?php
/*
* ini_set('display_errors', 1);
* ini_set('display_startup_errors', 1);
* For All Error, Warning and Notice
* error_reporting(E_ALL); OR error_reporting(-1);
* For All Errors
* error_reporting(E_ERROR);
* For All Warnings
* error_reporting(E_WARNING);
* For All Notice
* error_reporting(E_NOTICE);
*/
error_reporting(E_ALL);
//Connect to DB.
require "conn.php";
//Grab basic site details.
require "site_details.php";
//Perform following action when user registration "Submit button is clicked".
if (isset($_POST['submit']))
{
//Check if user filled-in "Username", "Password" and "Email" fields or not. If not, give alert to fill them in.
if(isset($_POST['member_registration_username']) && isset($_POST['member_registration_password']) && isset($_POST['member_registration_email'])) {
// just remove space from start of string
$username = trim($_POST['member_registration_username']);
$password = trim($_POST['member_registration_password']);
$email = trim($_POST['member_registration_email']);
//Check for username and email match in "Usernames and Email" column in "users" table.
$stmt = $mysqli->prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
$stmt->bindParam(1, $username);
$stmt->bindParam(2, $email);
$stmt->execute();
$rows = $stmt->fetch();
// check if username exists
if ($rows['usernames'] == $username) {
echo "Username in use, please choose another one.";
// check if email exists
} elseif ($rows['email'] == $email) {
echo "Email in use, please choose another one.";
// validate email
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Invalid email format";
// check the lenght of password
} elseif (strlen($password) < 8 || strlen($password) > 20) {
echo "Password must be between 8 and 20 characters long.";
} else {
// hash password
$password = password_hash($password, PASSWORD_DEFAULT);
// make prepared statement
$stmt = $mysqli->prepare("INSERT INTO tbl_users (name, password, email) VALUES (?, ?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $password);
$stmt->bindParam(3, $email);
$stmt->execute();
// check if connection is returning last inserted id
if ($mysqli->lastInsertId()) {
echo "User registered.";
/*
* redirect user or send activation email
* if you want to send activation mail make a hash and store it into database
* when user gets email give him link to activation page + hash
* then on activation page check hash from url against hash stored in database
* if hash exists, remove it and that mean user is active
*/
} else {
echo "User not registered.";
}
}
// Close connection
$mysqli->close();
} else {
echo "You must fill-in all input fields!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $site_name ?> Signup Page</title>
<meta charset="utf-8">
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h2>Signup Form</h2></center>
<div class="form-group">
<center><label>Username:</label>
<input type="text" name="member_registration_username" required [A-Za-z0-9]></center>
</div>
<div class="form-group">
<center><label>Password:</label>
<input type="password" name="member_registration_password" required [A-Za-z0-9]></center>
</div>
<div class="form-group">
<center><label>Email:</label>
<input type="email" name="member_registration_email" required [A-Za-z0-9]></center>
</div>
<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
</form>
</div>
</body>
</html>