Redirection Failing in Php 7?

uniqueideaman · March 9, 2017, 11:35pm

Hi,

I’m a beginner in php. Starting my learning at php 7 and not 5 or earlier.
I don’t understand why php 7 is acting weird. It give different result at different time. Do you guy mind checking if I got the coding wrong or if I’ve come across a php 7 bug ?
It is a basic member registration & login script.

How It Works:

When you register (username, password, email), it dumps the data onto a MySQL table “pending_users” and inserts “0” on “account activation” row. It will replace the “0” with “1” after you click the account activation link that gets emailed to you.
It sends you email with your account activation link that contains your account activation code (GET METHOD).
When you click the account activation link, your email gets verified and a new table in mysql gets created under your username. That table will contain data of your account activities.
Script replaces the “0” (table: pending_users, row: account activation) with “1” after you click the account activation link that gets emailed to you. If you click the link anytime, anyday after that then you get alerted a message asking you why you trying to activate an account you already activated.

That’s about it.

Pages: register.php AND account_activation.php.

The problems are in the account_activation.php. When you click the account activation link in your email then that page takes over. So far, so good. Now, notice that after you get the message that your account has been activated, you do not get redirected to home.php like the script says. Redirection failing in php 7.

PROBLEM 2: You will see you get errors not on the error file but on the activation_account.php page. The error:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'varchar(30) NOT NULL, Email varchar(50) NOT NULL, Forename varchar(30)' at line 3

OTHER ISSUE:
I am trying to learn php starting from php 7. Getting these codes watching youtube php channels. I update as much as I can to customize according to my needs. I fear the code may contain php 5 syntax and so if you spot any then kindly show me a php 7 syntax example and get a thumbs-up from here.

PS - Why don’t you guys open a php 7 tutorial channel and teach how to build Social Network like facebook, twitter and youtube etc. ? There are channels in youtube that teach these but they don’t regularly upload videos and and I hate the waiting.

Thanks

register.php

<!DOCTYPE html>
<html>
<head>
<title>Signup Page</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class = "container">
<center><h2>Loud Gobs Browser Signup Form</h2></center>
<form method="post" action="">
<div class="form-group">
<center><label for="username">Username:</label>
<input type="text" class="form-control" id="user" placeholder="Enter a unique Username" name="member_registration_username"></center>
</div>
<div class="form-group">
<center><label for="password">Password:</label>
<input type="password" class="form-control" id="pwd" placeholder="Enter new Password" name="member_registration_password"></center>
</div>
<div class="form-group">
<center><label for="password">Repeat Password:</label>
<input type="password" class="form-control" id="member_registration_repeat_pwd" placeholder="Repeat new Password" name="member_registration_password_confirmation"></center>
</div>
<div class="form-group">
<center><label for="forename">First Name:</label>
<input type="text" class="form-control" id="member_registration_first_name" placeholder="Enter your First Name" name="member_registration_forename"></center>
</div>
<div class="form-group">
<center><label for="surname">Surname:</label>
<input type="text" class="form-control" id="member_registration_last_name" placeholder="Enter your Surname" name="member_registration_surname"></center>
</div>
<div class="form-group">
<center><label for="email">Email:</label>
<input type="email" class="form-control" id="member_registration_email" placeholder="Enter your Email" name="member_registration_email"></center>
</div>
<div class="form-group">
<center><label for="email">Repeat Email:</label>
<input type="email" class="form-control" id="member_registration_repeat_email" placeholder="Repeat your Email" name="member_registration_email_confirmation"></center>
</div>
<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
</form>
</div>
</body>
</html>
<?php
require "conn.php";
if  (isset($_POST['submit']))
{
	if(!empty($_POST["member_registration_username"]) && !empty($_POST["member_registration_password"])&& !empty($_POST["member_registration_password_confirmation"])&& !empty($_POST["member_registration_email"])&& !empty($_POST["member_registration_email_confirmation"])&& !empty($_POST["member_registration_forename"])&& !empty($_POST["member_registration_surname"]))
	{
		$member_registration_account_activation = 0;
		$member_registration_random_numbers = random_int(0, 9999999999);
		
		
        $member_registration_username = trim($_POST["member_registration_username"]);
        $member_registration_forename = trim($_POST["member_registration_forename"]);
        $member_registration_surname = trim($_POST["member_registration_surname"]);
        $member_registration_password = trim($_POST["member_registration_password"]);
        $member_registration_password_confirmation = trim($_POST["member_registration_password_confirmation"]);
        $member_registration_email = trim($_POST["member_registration_email"]);
        $member_registration_email_confirmation = trim($_POST["member_registration_email_confirmation"]);
		$member_registration_account_activation_code = trim("$member_registration_random_numbers");       
		
        $member_registration_username = mysqli_real_escape_string($conn,$_POST["member_registration_username"]);
        $member_registration_forename = mysqli_real_escape_string($conn,$_POST["member_registration_forename"]);
        $member_registration_surname = mysqli_real_escape_string($conn,$_POST["member_registration_surname"]);
        $member_registration_password = mysqli_real_escape_string($conn,$_POST["member_registration_password"]);
        $member_registration_password_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_password_confirmation"]);
        $member_registration_email = mysqli_real_escape_string($conn,$_POST["member_registration_email"]);
        $member_registration_email_confirmation = mysqli_real_escape_string($conn,$_POST["member_registration_email_confirmation"]);	    
        $member_registration_account_activation_code = mysqli_real_escape_string($conn,$member_registration_account_activation_code);     
		
		if($member_registration_email != $member_registration_email_confirmation)
		{
            echo "<center>Your email inputs do not match! Try inputting again and then re-submit.</center>";
            $conn->close();
	        exit();
        }
        else
	    {
        }
        if($member_registration_password != $member_registration_password_confirmation)
		{
            echo "<center>Your password inputs do not match! Try inputting again and then re-submit.</center>";
            $conn->close();
	        exit();
        }
        else
        {
        }
		
        $sql_check_username_in_pending_users = "SELECT * FROM pending_users WHERE Username='".$member_registration_username."'";
        $result_username_in_pending_users = mysqli_query($conn,$sql_check_username_in_pending_users);
        if(mysqli_num_rows($result_username_in_pending_users)>0)
		{
		    echo "<script>alert('That Username $member_registration_username is pending registration!')</script>";
            exit();
        }
        		
		$sql_check_username_in_users = "SELECT * FROM users WHERE Username='".$member_registration_username."'";
        $result_username_in_users = mysqli_query($conn,$sql_check_username_in_users);
        if(mysqli_num_rows($result_username_in_users)>0)
		{
            echo "<script>alert('That Username $member_registration_username is already registered!')</script>";
            exit();
        }

        $sql_check_email_in_pending_users = "SELECT * FROM pending_users WHERE Email='".$member_registration_email."'";
        $result_email_in_pending_users = mysqli_query($conn,$sql_check_email_in_pending_users);
        if(mysqli_num_rows($result_email_in_pending_users)>0)
		{
            echo "<script>alert('That Email $member_registration_email is pending registration!')</script>";
            exit();
        }
		
		$sql_check_email_in_users = "SELECT * FROM users WHERE Email='".$member_registration_email."'";
        $result_email_in_users = mysqli_query($conn,$sql_check_email_in_users);
        if(mysqli_num_rows($result_email_in_users)>0)
		{
            echo "<script>alert('That Email $member_registration_email is already registered!')</script>";
            exit();
        }

	    $sql = "INSERT INTO pending_users(Username,Password,Email,Forename,Surname,Account_Activation_Code,Account_Activation) VALUES('".$member_registration_username."','".$member_registration_password."','".$member_registration_email."','".$member_registration_forename."','".$member_registration_surname."','".$member_registration_account_activation_code."','".$member_registration_account_activation."')";
        if($conn->query($sql)===TRUE)
	    {
	        echo "Data insertion into table success!";
        }
	    else    
	    {
            echo "Data insertion into table failure!";
	        $conn->close();
	        exit();
	    }
	
	    $to = "$member_registration_email";
	    $subject = "loudgobs Browser Account Activation!";
	    $body = "$member_registration_forename $member_registration_surname,\n\n You need to click the following link to confirm your email address and activate your account.\n\n\
	    http://www.loudgobs.com/loudgobs-browser/activate_account.php?email=$member_registration_email&&member_registration_account_activation_code=$member_registration_account_activation_code";
	    $from = "admin_loudgobs-browser@loudgobs.com";
	    $message = "from: $from";
	
	    mail($to,$subject,$body,$message);
	    echo "<script>alert('Check your email for further instructions!')</script>";
	    $conn->close();
    }
	else
	{
	    echo "<script>alert('You must fill-in all input fields!')</script>";
		$conn->close();
	}
}

?>

activate_account.php

<?php
session_start();
require "conn.php";

    //Grab account activator's email and account activation code from account activation link's url.
	
if(!isset($_GET["email"], $_GET["member_registration_account_activation_code"]) === TRUE) 
{
	echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account!')</script>";
    $conn->close();	
	header("location:register.php");
	exit();
}
else
{
	$confirmed_email = trim($_GET["email"]);
	$member_registration_account_activation_code = trim($_GET["member_registration_account_activation_code"]);
	
	$confirmed_email = mysqli_real_escape_string($conn,$confirmed_email);
	$member_registration_account_activation_code = mysqli_real_escape_string($conn,$member_registration_account_activation_code);
	
	
	//Check User's Username (against users tbl) if it has already been taken or not whilst User was in midst of activating his/her account.	
    
    $query = "SELECT * FROM users WHERE Email = '".$confirmed_email."'";
    $result = mysqli_query($conn,$query);
	$numrows = mysqli_num_rows($result);
	if($numrows != 0)
    {	
        echo "<script>alert('That email '".$confirmed_email."' is already registered!')</script>";
		$conn->close();
		exit();
	}
	else
    {
        //Grab User details from table "pending_users". Search data with confirmed Email Address.
			
		$query = "SELECT * FROM pending_users WHERE Email = '".$confirmed_email."'";
		$result = mysqli_query($conn,$query);
		$numrows = mysqli_num_rows($result);
		if($numrows = 0)
		{		
			echo "<script>alert('Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account!')</script>";
			$conn->close();
			exit();
		}
		else 
		{
		    while($row = mysqli_fetch_assoc($result)) 
		    {	  
				$db_id = $row["Id"];
				$db_username = $row["Username"];
				$db_password = $row["Password"];
				$db_email = $row["Email"];
				$db_forename = $row["Forename"];
				$db_surname = $row["Surname"];
				$db_account_activation_code = $row["Account_Activation_Code"];
				$db_account_activation = $row["Account_Activation"];		    
	    
				if($db_account_activation != 0)	
				{
					echo "<script>alert('Since your account is already activated, why are you trying to activate it again ?')</script>";
					$conn->close();
					exit();
				}
				else
				{
					$conn->query("UPDATE pending_users SET Account_Activation 1 WHERE Email = '".$confirmed_email."'");		
		            echo "Activating your account! Wait to be auto-logged-in to your account as that will be the sign that your account has been activated.";
					echo "Your email '".$confirmed_email."' has now been confirmed!";
				    echo "Activating your account! Wait to be auto-logged-in to your account as that will be the sign that your account has been activated.";
		
		
					//Create table under $username to hold user account activity data.

					$sql = "CREATE TABLE $db_username (
					Id INT(6) UNSIGNED AUTO_INCREMENT, PRIMARY KEY 
					Username varchar(30) NOT NULL,
					Email varchar(50) NOT NULL,
					Forename varchar(30) NOT NULL,
					Surname varchar(30) NOT NULL,
					Password varchar(32) NOT NULL,
					Profile_Pic (longblob) NOT NULL,
					Bio varchar(250) NOT NULL,
					Status varchar(100) NOT NULL)";
	 
					if ($conn->query($sql) != TRUE) 
					{
					    echo "Error creating table: " . mysqli_error($conn);
						$conn->close();
                    } 
					else 
					{
                        echo "Table $db_username created successfully";
									
			
						//Copy $user's registration data from table "pending_users" to table user.
	
						$sql = "INSERT INTO $db_username(Username,Password,Email,Forename,Surname,Account_Activation_Code) VALUES('$db_username','$db_password','$db_email','$db_forename','$db_surname','$db_account_activation_code')";

						if($conn->query($sql) != TRUE)
						{
							echo "inserting data into table $db_username failed! " . mysqli_error($conn);
							$conn->close();
							
						}
						else
						{	
							echo "inserted data into table $db_username!";
					
				
							//Copy $user's registration data from table "pending_users" to table users.
	
							$sql = "INSERT INTO users (Username,Password,Email,Forename,Surname,Account_Activation_Code) VALUES('$db_username','$db_password','$db_email','$db_forename','$db_surname','$db_account_activation_code')";

							if($conn->query($sql) != TRUE)
							{
								echo "inserting data into table users failed! " . mysqli_error($conn);
								$conn->close();
								
							}
							else
							{	
								echo "inserted data into table users!";
						
						
								//Redirect newly activated user to his/her account homepage.
								
								$user = $db_username;
								$userid = $db_id;
								$_SESSION["user"] = $user;
								
								header("location: home.php");
							}
						}	
					}	
				}
			}
		}
    }
}

?>

chorn · March 10, 2017, 7:20am

your comma is not set properly.

John_Betong · March 10, 2017, 8:54am

Try the following settings in the PHP file:

<?php
declare(strict_types=1); // Strict and ONLY file wide

error_reporting(-1); // SETS MAXIMUM ERROR REPORTING
ini_set( 'display_errors', 'true');  // DISPLAY ERRORS TO THE SCREEN

// your script goes here
// any errors or warning messages can be copied and pasted into a Google Search box

// example of errors and warnings:
 echo $x / $y;

No doubt you will produce many errors and warnings and the correct syntax can be found on the excellent online PHP Manual - become familiar with the layout and how to search for solutions.

A good place to start is the error handling features and to locate where the default error log is located.

droopsnoot · March 10, 2017, 10:25am

I didn’t think you could do a header redirect after you’ve output stuff to the screen. Don’t you get “headers already sent?” errors? I don’t do this a lot so I may be mistaken.

uniqueideaman · March 10, 2017, 8:59pm

Mmm. Something to ponder. Right ?

uniqueideaman · March 10, 2017, 9:09pm

Chorn,

So, how do I set it ? Can I see example ?

Cheers!

Mittineague · March 10, 2017, 9:44pm

That depends on what you want to do,

You can not have any output before header()
At times the output is not obvious (eg. whitespace) but in this case, you have echo before header. You can’t do that.

uniqueideaman · March 10, 2017, 11:22pm

Thank you Mittineague for being more indepth.

system · June 10, 2017, 6:27am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.