Improvements To Member Registration Site Reg.php

YEEEEHHHAAA!!!

Errors are gone now!
Thanks man! Yeah, I had changed the column names from capital to lower case on the first letters a wk ago and forgotten about it and so did not update the script. Like:
“Usernames” to “username” and so on. That is why it was not working and spitting errors!
Silly php! If only the errors were more self explaining then never would have wasted 1 wk trying to figure the nonsense! These errors are not that specific!
Anyway, I’m happy!
Happy for myself!
Happy for mlukac89, who practically gave me the code (unlike everyone else here and other places)!
And, happy for droopsnoot!

Yes, I know. I know. It is for my own good that you guys don;t just hand over codes to newbies like me so we scratch our heads and struggle a little to gain work experience and just handing codes over to us would result in us not making any efforts to learn things for ourselves and we’ll get spoiled. But, I did promise, I’d learn from your samples.
I’m gonna learn from mlukac89’s sample. That way, none of you guys can tell him “We told you so! Told you not to just give him any code on his plate, just like that. Now, he hasn’t learnt this subject and you’ve spoilt him!”. One day, SpaceShipTrooper can quiz me. I might aswell build the quizz script and he can just build the questions. droopsnoot can join in on the questioning part.
I did download a youtube tut on how to build a quiz script with php. Might aswell learn from that. I downloaded altogether 100 vids to learn php. :slight_smile:

Now, I need to add captcha.
And need help why the variable (url) does not load on the iframe:

One thing though. I din’t understand why the account activation link is not getting emailed to confirm user email. It was working 2wks back. Lines 96-106.
Here’s the code:


// insert query
			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_pass, $email2, $first_name, $surname, $gender, $member_registration_random_numbers, $activation);
			mysqli_stmt_execute($stmt);

			// check if query is inserted
			if (mysqli_stmt_insert_id($stmt)) {
				echo "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";

				// redirect to login page after 5 seconds
				header("refresh:5;url=login.php");

				// empty $_SESSION['error'] variable so no more in use, its empty now
				unset($_SESSION['error']);
				unset($_POST);
				exit(); 

				// check if email is sent
				/** EMAIL NOT ARRIVING !!!
				$to = $email;
			    $subject = "Your '".$site_name."' Account Activation!";
			    $body = "$first_name.' '.$surname."\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
			    $account_activation_link";
				$from = "$site_admin_email";
			    $headers = "from: $from";
			
			    if (mail($to,$subject,$body,$headers)) {
			    	$_SESSION['error'] = "Registration sucessfull. Check your email for further instructions!";
			    } else {
			    	$_SESSION['error'] = "Email not sent, please contact website administrator.";
			    }
			    */
			} else {
				$_SESSION['error'] = "There was a problem with registering, please try again.";
			}

Take care!

PS - Full script:


<?php
include 'config.php';

// check if user is already logged in
if (is_logged() === true) {
	die("You are logged in, can't register.");
}

if  (isset($_POST['submit']))
{
	if (isset($_POST["username"]) && 
	   isset($_POST["password"]) &&
	   isset($_POST["password_confirmation"]) && 
	   isset($_POST["email"]) && 
	   isset($_POST["email_confirmation"]) && 
	   isset($_POST["first_name"]) && 
	   isset($_POST["gender"]) &&
	   isset($_POST["surname"])) {

		// create random hash for email confirmation
	   	$member_registration_random_numbers = sha1(mt_rand(5, 30));

	   	// THIS IS NOT GETTING EMAILED !!!
		$account_activation_link = "http://www.'".$site_domain."'.com/'".$site_name."'/activate_account.php?email='".$_POST['email']."'&hash='".$member_registration_random_numbers."'";

   		// remove space in start of string
   		/*
		*	passwords and email are leaved unescaped here because
		*	if you put them into mysqli_real_escape_string they are not empty
   		*/
        $username 	= trim(mysqli_real_escape_string($conn, $_POST["username"]));
		$password 	= $_POST["password"];
		$password2 	= $_POST["password_confirmation"];
        $first_name	= trim(mysqli_real_escape_string($conn, $_POST["first_name"]));
        $surname 	= trim(mysqli_real_escape_string($conn, $_POST["surname"]));
		$gender 	= trim(mysqli_real_escape_string($conn, $_POST["gender"]));
        $email 		= $_POST["email"];
        $email_confirmation = $_POST["email_confirmation"];
        $email2 	= trim(mysqli_real_escape_string($conn, $email)); // Escaped email for inserting into database.
        $activation = 0; // 1 = active | 0 = not active

        // hashed password
        $hashed_pass = password_hash($password, PASSWORD_DEFAULT); 
	
        // select username and email to check if they exists.
		$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
		mysqli_stmt_bind_param($stmt, 'ss', $username, $email);
		mysqli_stmt_execute($stmt);
		$result = mysqli_stmt_get_result($stmt);

        $row = mysqli_fetch_array($result, MYSQLI_ASSOC);

		// check if username is registered
		if ($row['usernames'] == $username) {
			$_SESSION['error'] = "That username is already registered.";
		// check if username is between 6 and 30 characters long
		} elseif (strlen($username) < 6 || strlen($username) > 30) {
			$_SESSION['error'] = "Username must be between 6 and 30 characters long.";
		// check if email is registered
		} elseif ($row['emails'] == $email) {
			$_SESSION['error'] = "That email is already registered.";
		// check if emails match
		} elseif ($email != $email_confirmation) {
			$_SESSION['error'] = "Emails don't match.";
		// check if email is actual email
		} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
			$_SESSION['error'] = "Invalid email format.";
		// check if passwords match
		} elseif ($password != $password2) {
			$_SESSION['error'] = "Passwords don't match.";
		// check if password lenght is between 6 and 30 charaters long
		} elseif (strlen($password) < 6 || strlen($password) > 30) {
			$_SESSION['error'] = "Password must be between 6 and 30 characters long.";
		} else {

			// insert query
			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_pass, $email2, $first_name, $surname, $gender, $member_registration_random_numbers, $activation);
			mysqli_stmt_execute($stmt);

			// check if query is inserted
			if (mysqli_stmt_insert_id($stmt)) {
				echo "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";

				// redirect to login page after 5 seconds
				header("refresh:5;url=login.php");

				// empty $_SESSION['error'] variable so no more in use, its empty now
				unset($_SESSION['error']);
				unset($_POST);
				exit(); 

				// check if email is sent
				/** EMAIL NOT ARRIVING !!!
				$to = $email;
			    $subject = "Your '".$site_name."' Account Activation!";
			    $body = "$first_name.' '.$surname."\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
			    $account_activation_link";
				$from = "$site_admin_email";
			    $headers = "from: $from";
			
			    if (mail($to,$subject,$body,$headers)) {
			    	$_SESSION['error'] = "Registration sucessfull. Check your email for further instructions!";
			    } else {
			    	$_SESSION['error'] = "Email not sent, please contact website administrator.";
			    }
			    */
			} else {
				$_SESSION['error'] = "There was a problem with registering, please try again.";
			}

	    }
	}
}


?>
<!DOCTYPE html>
<html>
	<head>
		<title><?php $site_name ?> Signup Page</title>
	</head>
<body>
<div class ="container">

<?php

// error messages
if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}

?>

<form method="post" action="">
	<center><h2>Signup Form</h2></center>
	<div class="form-group">
		<center><label>Username:</label>
		<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Password:</label>
		<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
	</div>
	<div class="form-group">
		<center><label>Repeat Password:</label>
		<input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
	</div>
	<div class="form-group">
		<center><label>First Name:</label>
		<input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Surname:</label>
		<input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Gender:</label>
		<input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
	</div>
	<div class="form-group">
		<center><label>Email:</label>
		<input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Repeat Email:</label>
		<input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
	</div>
	<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
	<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>

</form>

</div>
</body>
</html>