Improvements To Member Registration Site Reg.php

Working code? From you? That’s a joke right? Anyways. I’m here because I’ve suggested something to the OP and he avoided my advice and here we are, 80 posts and still no solution yet. I’m not going to hand out free code to people who don’t want to do their part. So I’m not going to post any code until the OP takes the advice to LEARN HTML and CSS first because this “login” project should of been done with at #3 post.


With the codes you gave, it just opened up a whole new world of errors. So I’m just checking in to see how you all are progressing through this “project” of yours. Doesn’t look like much has changed from what I am gathering. Again, this whole “login” project should of been done with at post #3.

Its not problem for me to make a full working code, problem is that he got a script that i typed fast and as he want’s MYSQLI with prepared statements procedural and even he don’t know how to fix errors it’s not my fault.

If error logs are turned on and I get errors then it is natural for it not to work.
If it works then the error messages should not arrive.
Simple.
Unless, ofcourse, php complicates things. :unhappy:

Error reporting is an important part of debugging. It helps you very quickly pinpoint a problem in your scripts. Without it you are in the dark.

2 Likes

Yeah, I know. And that is why it is turned on. And since, I’m getting errors then something is wrong somewhere.
As for the typo mlukac89 mentions, I fixed that 2 nights ago but still get the other errors mentioned on my post (69). I thought, maybe my php version on latest version of xampp has a bug. After-all, php 7 is still in it’s infancy.

SpaceshipTrooper,

I am referring to your post (number 10).

What has the following got to do with css ? Ok, it has something to do with an html form, I admit.

$password = $_GET[‘member_registration_email’];

And, I already replied to your post number 10 that, that was a typo. If you check my latest code, that typo has been fixed.
As for basic html, I already know. Learnt it in 1998. Learnt a little css back in 2015. And learnt a little php around that time too:

If you really must know how much php I know then glance over that link. Forgotten most of it as I read through that tutorial in 2wks. So, there you go. That’s all I know about php.
Now learning from:

Then will move-on to:
https://phpdelusions.net/pdo
I will deal with css later. Design is not too important. Want to make the car engine first (php). Can work on the car body last (css). Ok ?
I don’t need help with the design. Only the engine.
Thanks for your concern for me to learn the right things at the right time, though!

Thanks and take care!
Have a good weekend! As for me, I’ll be busy the whole weekend trying to fix these prepared statement errors!

Leave him alone guys. Programmers are supposed to stick together and help each other and not back stab each other or even front stab. What would the php opposition camp think ? We’ll be the laughing stock!
mlukac89 was the only programmer kind enough to hand me out pdo prepared statements without any complaint! for me to learn from it. I asked him to switch it to mysqli since most of my code is in that and I am still elarning mysqli procedural style. He did it without any complaint, especially when he was busy. Now you guys are upsetting him and making him go against me. Making me lose a handy person! Don’t do that!
Not my fault, if most of my code is in mysqli and procedural style because the beginner tutorials I am learning are in mysqli procedural style. Not pdo. Pdo is intermediate stuffs. Don’t you guys want me to learn to walk first before running with pdo and oop ? I’m still a toddler.
Look, back in late 2015, I learnt a little php from:

And then forgot most of it as I gave a long 1.5yrs pause.
Now, learning or RE-learning from:

Now, show me where there is pdo or oop tutorial on any of those 2 links or even a tutorial on prepared statements pdo or mysqli procedural style ? NONE!
You want me to learn pdo from:
https://phpdelusions.net/pdo
And that is fine. But that is intermediate stuffs. I will only move-on to that, once I’ve learnt the basics or beginner level from tutorialspoint.com and maybe also from:
http://www.phptherightway.com/
So, until then, don’t expect too much from me regarding why I don’t know prepared statements etc. or why I don;t learn it because like I said, the beginner level tutorials DO NOT mention any prepared statements stuffs. I will get into that on the intermediate level, when I get there:
https://phpdelusions.net/pdo

Now, God bless you all and have a nice weekend! Don’t ruin mlukac’s weekend nor your own!
My weekend would be ruined trying to fix these errors that are way beyond my head!
Yes, I wanted a working mysqli prepared statement from someone so I can learn from it. Gain work experience on the side while I RE-learn the basics of php.

1 Like

It has everything to do with HTML and CSS because [quote=“uniqueideaman, post:1, topic:260491”]
<center>
[/quote]

Is a deprecated HTML 4 element. Again, IF you took the advice I gave you to use the HTML and CSS validators, you would see that the w3.org (NOTICE, IT’S NOT w3school - THE FAN SITE, BUT THE OFFICIAL w3.org website) will complain about the lines you are using <center> for.

You should refresh yourself with HTML then because things have changed a lot in HTML since the 90s.

Your analogy is not very accurate. If you want to use the analogy of the car. Then here’s a proper analogy for PHP using a car.

HTML


HTML is the blueprint and final body structure of the car. Without this, the car has no form. It would just be a clump of random metals put together in different positions. It wouldn’t make much sense for the car to run without a proper structure. An example can be a missing car door. A missing car door could be a missing div tag or improper nesting.

CSS


CSS defines the beauty of the car. The car would be colorless if it doesn’t have paint on it as would a web document if you don’t use CSS. The web page looses interest if the web page isn’t designed with CSS.

Javascript


Javascript is what makes the car function. Without Javascript, the car’s functionality would be meaningless. If you were to turn the wheel of a car, the tires on the car wouldn’t move. This is the functionality of Javascript. Without Javascript in a web page, things like carousel or sticky navbars wouldn’t function properly. But in today’s world, a lot of people disable Javascript on their browser due to advertisements and random popups. You necessarily aren’t required to use Javascript in your website at all. It is just an optional thing if you want your car to function correctly.

PHP


PHP is the final part of the webpage. PHP is like the person behind the steering wheel. If the person behind the steering wheel isn’t acting in their right mind, they could get into car crashes and even kill someone with a 2 ton moving metal. That is why PHP SHOULD ALWAYS be the last part to learn because if you don’t write it correctly, you’re going to drive that 2 ton moving metal to a person (most likely a customer or a user on your website).


But I mean you don’t have to listen to me at all. It aint my fault if your website gets hacked and all of your user’s information gets leaked and then you’ll most likely have to pay some kind of fine to keep the law suits from coming in. Not saying it’ll happen, but who knows. I aint in charge here.

1 Like

Correct html and correct css will not prevent hackers. And, no incorrect html or incorrect css will give hackers any chance to hack into my website. I know what I’m talking about. Hackers don’'t hack your website finding weaknesses in your html or css since html or css do not communicate with mysql, which the hackers target. It is the mysql db hackers hack into. And that, through weaknesses in php code because php is the terminal or gateway to mysql.
See, even if I know very little about php, I know these basic stuffs. I’ve been online since 1997.
I know <center> is no longer on php 5 but I did reply to you to ignore my outdated html on my code. Outdated html are in my code because the youtube tutorials showed these outdated html. I just PLAY-PAUSED and copied their code (html, css & php).
And, I did say to you earlier, that I’m not stuck on html or css and that is why I’m not writing too much of them here. I’m stuck on php and so need help on that to prevent sql injection or hacking. I said, I need help on mysqli prepared statement. Once that is out of the way, I will deal with html and css, the 2 less important stuff.
Actually, on another youtube tutorial, I found proper html code (html 5) along with uptodate css but I did not include them in this code of mine in this thread because I did not want to clutter it up for you guys and so just gave you rough skeleton of the bad html I got from the early youtube tutorials that had the outdated html <center>.
If you want, I can add the new html 5 and the upto date css (which I got from the latest youtube tutorials) and clutter the code up and then add the php and then paste it all here and then ask for your help to help me sort the php errors out. But, a lot of programmers would hate me for it and most of them won’t bother going through the lengthy code (html, css & php). It’s hard enough wading through lines & lines of php. Why should I clutter it up with html & css, now ? I can add all that at the end when I display my final code in this forum somewhere if not in this thread. Until then, I need to fix these errors on mysqli prepared statement.

I am being logical.

Learning HTML and CSS doesn’t prevent you from hackers. No one said it did. I’m proposing that you should start with HTML and CSS because you don’t even have a keen grasp of proper HTML. If you can’t even do that, how are you going to properly write PHP? That is why it is essential for you to learn HTML and CSS first so when you learn how to properly write a web page using HTML, you can then tackle PHP after that.

Anyways, I’ll just sit back and watch how far this goes because again, it should of been solved by the 3rd post.

1 Like

You were php programming before css even existed.
Anyway, on my latest code, where is the outdated html or css ? I might aswell fix the html, if it hasn’t already been fixed. And then, you can help me fix the errors on mysqli prepared statements. Deal ?

Did you try running the query directly in phpmyadmin to see whether that helps spot the problem? Do the column names match those in your database, for example? I am not that familiar with mysqli, but if it’s returning false when you try to prepare a statement (which is what those error messages suggest), then either the database connection is a problem, or the query itself has a problem. It can’t be related to the data you’re trying to bind, because it doesn’t get that far.

1 Like

YEEEEHHHAAA!!!

Errors are gone now!
Thanks man! Yeah, I had changed the column names from capital to lower case on the first letters a wk ago and forgotten about it and so did not update the script. Like:
“Usernames” to “username” and so on. That is why it was not working and spitting errors!
Silly php! If only the errors were more self explaining then never would have wasted 1 wk trying to figure the nonsense! These errors are not that specific!
Anyway, I’m happy!
Happy for myself!
Happy for mlukac89, who practically gave me the code (unlike everyone else here and other places)!
And, happy for droopsnoot!

Yes, I know. I know. It is for my own good that you guys don;t just hand over codes to newbies like me so we scratch our heads and struggle a little to gain work experience and just handing codes over to us would result in us not making any efforts to learn things for ourselves and we’ll get spoiled. But, I did promise, I’d learn from your samples.
I’m gonna learn from mlukac89’s sample. That way, none of you guys can tell him “We told you so! Told you not to just give him any code on his plate, just like that. Now, he hasn’t learnt this subject and you’ve spoilt him!”. One day, SpaceShipTrooper can quiz me. I might aswell build the quizz script and he can just build the questions. droopsnoot can join in on the questioning part.
I did download a youtube tut on how to build a quiz script with php. Might aswell learn from that. I downloaded altogether 100 vids to learn php. :slight_smile:

Now, I need to add captcha.
And need help why the variable (url) does not load on the iframe:

One thing though. I din’t understand why the account activation link is not getting emailed to confirm user email. It was working 2wks back. Lines 96-106.
Here’s the code:


// insert query
			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_pass, $email2, $first_name, $surname, $gender, $member_registration_random_numbers, $activation);
			mysqli_stmt_execute($stmt);

			// check if query is inserted
			if (mysqli_stmt_insert_id($stmt)) {
				echo "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";

				// redirect to login page after 5 seconds
				header("refresh:5;url=login.php");

				// empty $_SESSION['error'] variable so no more in use, its empty now
				unset($_SESSION['error']);
				unset($_POST);
				exit(); 

				// check if email is sent
				/** EMAIL NOT ARRIVING !!!
				$to = $email;
			    $subject = "Your '".$site_name."' Account Activation!";
			    $body = "$first_name.' '.$surname."\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
			    $account_activation_link";
				$from = "$site_admin_email";
			    $headers = "from: $from";
			
			    if (mail($to,$subject,$body,$headers)) {
			    	$_SESSION['error'] = "Registration sucessfull. Check your email for further instructions!";
			    } else {
			    	$_SESSION['error'] = "Email not sent, please contact website administrator.";
			    }
			    */
			} else {
				$_SESSION['error'] = "There was a problem with registering, please try again.";
			}

Take care!

PS - Full script:


<?php
include 'config.php';

// check if user is already logged in
if (is_logged() === true) {
	die("You are logged in, can't register.");
}

if  (isset($_POST['submit']))
{
	if (isset($_POST["username"]) && 
	   isset($_POST["password"]) &&
	   isset($_POST["password_confirmation"]) && 
	   isset($_POST["email"]) && 
	   isset($_POST["email_confirmation"]) && 
	   isset($_POST["first_name"]) && 
	   isset($_POST["gender"]) &&
	   isset($_POST["surname"])) {

		// create random hash for email confirmation
	   	$member_registration_random_numbers = sha1(mt_rand(5, 30));

	   	// THIS IS NOT GETTING EMAILED !!!
		$account_activation_link = "http://www.'".$site_domain."'.com/'".$site_name."'/activate_account.php?email='".$_POST['email']."'&hash='".$member_registration_random_numbers."'";

   		// remove space in start of string
   		/*
		*	passwords and email are leaved unescaped here because
		*	if you put them into mysqli_real_escape_string they are not empty
   		*/
        $username 	= trim(mysqli_real_escape_string($conn, $_POST["username"]));
		$password 	= $_POST["password"];
		$password2 	= $_POST["password_confirmation"];
        $first_name	= trim(mysqli_real_escape_string($conn, $_POST["first_name"]));
        $surname 	= trim(mysqli_real_escape_string($conn, $_POST["surname"]));
		$gender 	= trim(mysqli_real_escape_string($conn, $_POST["gender"]));
        $email 		= $_POST["email"];
        $email_confirmation = $_POST["email_confirmation"];
        $email2 	= trim(mysqli_real_escape_string($conn, $email)); // Escaped email for inserting into database.
        $activation = 0; // 1 = active | 0 = not active

        // hashed password
        $hashed_pass = password_hash($password, PASSWORD_DEFAULT); 
	
        // select username and email to check if they exists.
		$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
		mysqli_stmt_bind_param($stmt, 'ss', $username, $email);
		mysqli_stmt_execute($stmt);
		$result = mysqli_stmt_get_result($stmt);

        $row = mysqli_fetch_array($result, MYSQLI_ASSOC);

		// check if username is registered
		if ($row['usernames'] == $username) {
			$_SESSION['error'] = "That username is already registered.";
		// check if username is between 6 and 30 characters long
		} elseif (strlen($username) < 6 || strlen($username) > 30) {
			$_SESSION['error'] = "Username must be between 6 and 30 characters long.";
		// check if email is registered
		} elseif ($row['emails'] == $email) {
			$_SESSION['error'] = "That email is already registered.";
		// check if emails match
		} elseif ($email != $email_confirmation) {
			$_SESSION['error'] = "Emails don't match.";
		// check if email is actual email
		} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
			$_SESSION['error'] = "Invalid email format.";
		// check if passwords match
		} elseif ($password != $password2) {
			$_SESSION['error'] = "Passwords don't match.";
		// check if password lenght is between 6 and 30 charaters long
		} elseif (strlen($password) < 6 || strlen($password) > 30) {
			$_SESSION['error'] = "Password must be between 6 and 30 characters long.";
		} else {

			// insert query
			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_pass, $email2, $first_name, $surname, $gender, $member_registration_random_numbers, $activation);
			mysqli_stmt_execute($stmt);

			// check if query is inserted
			if (mysqli_stmt_insert_id($stmt)) {
				echo "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";

				// redirect to login page after 5 seconds
				header("refresh:5;url=login.php");

				// empty $_SESSION['error'] variable so no more in use, its empty now
				unset($_SESSION['error']);
				unset($_POST);
				exit(); 

				// check if email is sent
				/** EMAIL NOT ARRIVING !!!
				$to = $email;
			    $subject = "Your '".$site_name."' Account Activation!";
			    $body = "$first_name.' '.$surname."\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
			    $account_activation_link";
				$from = "$site_admin_email";
			    $headers = "from: $from";
			
			    if (mail($to,$subject,$body,$headers)) {
			    	$_SESSION['error'] = "Registration sucessfull. Check your email for further instructions!";
			    } else {
			    	$_SESSION['error'] = "Email not sent, please contact website administrator.";
			    }
			    */
			} else {
				$_SESSION['error'] = "There was a problem with registering, please try again.";
			}

	    }
	}
}


?>
<!DOCTYPE html>
<html>
	<head>
		<title><?php $site_name ?> Signup Page</title>
	</head>
<body>
<div class ="container">

<?php

// error messages
if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}

?>

<form method="post" action="">
	<center><h2>Signup Form</h2></center>
	<div class="form-group">
		<center><label>Username:</label>
		<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Password:</label>
		<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
	</div>
	<div class="form-group">
		<center><label>Repeat Password:</label>
		<input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
	</div>
	<div class="form-group">
		<center><label>First Name:</label>
		<input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Surname:</label>
		<input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Gender:</label>
		<input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
	</div>
	<div class="form-group">
		<center><label>Email:</label>
		<input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Repeat Email:</label>
		<input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
	</div>
	<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
	<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>

</form>

</div>
</body>
</html>

Yeah, everyone to blame: PHP is silly, errors are absurd, manual pages are unclear, forums are inconvenient, forum members aren’t jumping to write a code at a fingers snap. And amidst these rough seas of incompetence stands le bon chevalier sans peur et sans reproche.

I bit of modesty never hurts. And it’s not just an empty sermon but the very practical approach. For a programmer it is very important to understand that every error in their code is their own fault. Although the idea that there is a bug in PHP or that PHP manual has been written by imbeciles could be self-flattering, it won’t help to resolve a problem. The idea that there is someone sitting around all day long only waiting to be asked to fix your code is quite tempting too. But in reality digging through one’s own code with help of error messages and Google is the only way to find the solution.

2 Likes

Try change to this before mail()

$to = $email;
$subject = "Your ".$site_name." account activation !";
$body  = nl2br("
===============================\r\n
".$site_name." \r\n
===============================\r\n
From: ".$site_admin_email."\r\n
To: ".$email."\r\n
Subject: Yours ".$subject." account activation \r\n
Message: ".$first_name." ".$surname."\r\n You need to click on following <a href=".$site_domain.'activate_account.php?hash='.$account_activation_link.">link</a> to confirm your email address and activate your account. \r\n");
$headers = "From: " . $site_admin_email . "\r\n";

If you put code in code editor this like is not good

$body = "$first_name.' '.$surname."\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
		    $account_activation_link";
1 Like

In this bit of code, if the query worked, and before you format and send the mail:

if (mysqli_stmt_insert_id($stmt)) {
  echo "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";

  // redirect to login page after 5 seconds
  header("refresh:5;url=login.php");

  // empty $_SESSION['error'] variable so no more in use, its empty now
  unset($_SESSION['error']);
  unset($_POST);
  exit();    

  // check if email is sent
  /** EMAIL NOT ARRIVING !!!

you do a header redirect and an exit(). Might that be why the mail doesn’t arrive, because you exit the script before you even try to send it?

Changing column names from mixed case (‘Usernames’) to lower case (‘usernames’) will not make any difference as (if my old book is still correct) column names are case-insensitive. However, changing the name from ‘usernames’ in any case to ‘username’ in any case will make all the difference, which is why I suggested you run the query in phpmyadmin, which would have told you the problem straight away. It’s not down to PHP to report errors in your queries, though you can retrieve MySQL errors if you have a problem, as long as you check.

2 Likes

Yea this need to be added in mail() function if it success, i didn’t used because i worked on localhost

this is go if mail is successfully

echo "<h3 style='text-align:center'>Thank you for your registration.<br /> Redirecting to login page ...</h3>";
  // redirect to login page after 5 seconds
  header("refresh:5;url=login.php");
  // empty $_SESSION['error'] variable so no more in use, its empty now
  unset($_SESSION['error']);
  unset($_POST);
  exit();
1 Like

Ha! Ha! Ha! Ha! Ha!

Anyway, what’s with the hiding face with hand img ?

1 Like

Yes, and not where it is now, before the mail is sent.

Yes it is made to work like this, because user can’t activate account if he don’t get email to activate account.