User Registration System not working

Hello, I am trying to build a User Registration System but its not working at all. Can anybody find out what is wrong in my code?

A million thanks at the very beginning though.

<?php

	session_start();

	//Connect to Database
	require("conn.php");

	if (isset($_POST['register_btn'])) {
		$email = mysqli_real_escape_string($conn, $_POST['email']);
		$email = trim($email);
		$email = filter_var($email, FILTER_VALIDATE_EMAIL);

		$password = $_POST['password'];
		$password = password_hash($password, PASSWORD_DEFAULT);

		$c_password = $_POST['c_password'];

		if (empty($email) && empty($password) && empty($c_password)) {
			echo "All Fields are Required";
    			return false;
		}
		else {
			if ($password == $c_password) {
				$sql = "INSERT INTO users (Email, Password) VALUES ('$email', '$password')";
				$result = mysqli_query($conn, $sql) or die ('Error querying database.');
				mysqli_close($conn);
				echo "Registration Successful";
			}
			else {
				echo "Passwords Don't Match!";
			}
		}		
	}

?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Registration Page</title>
<link href="css/registration.css" rel="stylesheet" media="screen">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800" rel="stylesheet">
</head>
<body>

<div class="title_bar">Registration</div>

<div class="box">
<form method="post" action="register.php">
	<div class="row">
		<label>Email:</label> <input type="email" name="email">
	</div>
	<div class="row">
		<label>Password:</label> <input type="password" name="password">
	</div>
	<div class="row">
		<label>Password:</label> <input type="password" name="c_password">
	</div>
	<div class="row">
		 <input type="submit" name="register_btn" value="Submit">
	</div>
</form>
</div>

</body>
</html>

Update for now.
This line has some error. Disabling it solved the issue.
$password = password_hash($password, PASSWORD_DEFAULT);

Issue solved :slight_smile:
Sorry for bothering

Hi, @littlebirdy, I’m glad you solved your issue. People here might be interested in exactly what you did to fix the problem. You could turn it into a learning experience for some of us.

1 Like

Sure WebMachine.

OK I was doing the hashing for Password before the comparison of Password field and Confirm Password field. The hashing have to be done after the comparison which means that if the passwords match then hash the password and store it in Database.

Here is the updated code:

<?php

	//Connect to Database
	require("conn.php");

	if (isset($_POST['register_btn'])) {
		$email = mysqli_real_escape_string($conn, $_POST['email']);
		$email = trim($email);
		$email = filter_var($email, FILTER_VALIDATE_EMAIL);

		$password = $_POST['password'];
		$c_password = $_POST['c_password'];
		
		if (empty($email) && empty($password) && empty($c_password)) {
			echo "All Fields are Required";
    			return false;
		}
		else {
			$check=mysqli_query($conn,"select * FROM users where Email='$email' ");
			$checkrows=mysqli_num_rows($check);
			 
			if ($checkrows>0) {
			    echo "You are Already Registered";
			}

			else {
				if ($password == $c_password) {
					$password = password_hash($password, PASSWORD_DEFAULT);
					$sql = "INSERT INTO users (Email, Password) VALUES ('$email', '$password')";
					$result = mysqli_query($conn, $sql) or die ('Error querying database.');
					mysqli_close($conn);
					echo "Registration Successful";
				}
				else {
					echo "Passwords Don't Match!";
					//$_SESSION['message'] = "Passwords Don't Match!";
				}
			}			
		}		
	}

?>
1 Like

This bit of code:

if (empty($email) && empty($password) && empty($c_password)) {

needs to be changed, if the error message after it is correct. At the moment it will only cause the entry to be rejected if all fields are empty, not if one or more of the fields are empty.

3 Likes

Good catch. I think I have to use OR instead of AND.

1 Like

BTW, is their any need to validate or do sanitize sort of thing to the Password field? What is the best or recommended thing to do? :slight_smile:

I would think if the plain password never goes anywhere near the database until you’ve hashed it, it probably won’t make any difference.

But you should look at prepared statements in general, rather than appending strings into your queries as you do above.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.