0

Below is my code for register.php on my website. This code allows the user to register for my website, creating a MySQL entry for username, email, password, etc. on clicking the submit button.

The button is named "reg" and uses a $_POST. Upon clicking the submit button the PHP code runs through multiple if statements to ensure the information the user entered is valid and does not preexist.

If a user exists, or an error is made in submission it sets PHP variable $errormessage and is supposed to echo it out. Right now, my SUBMIT button does not act like it is being pressed. No error messages, no SQL row is inserted, nothing.

        <?php
            if( $_POST['reg']){

                /* Make sure values are correct and valid */
                $getuser = $_POST['user'];
                $getemail = $_POST['email'];
                $getpass = $_POST['password'];
                $getrepass = $_POST['retypepassword'];

                /* Check to see if username entererd */
                if($getuser){

                    /* Check to see if email entererd */
                    if($getemail){

                        /* Check to see if password entererd */
                        if($getpass){

                            /* Check to see if retyped password entererd */
                            if($getrepass){

                                /* Check to see if passwords are the EXACT same */
                                if($getpass === $getrepass){

                                    /* Check to see if VALID email is entered */
                                    if( (strlen($getemail) >= 7) &&
                                        (strstr($getemail, "@")) &&
                                        (strstr($getemail, ".")) ){

                                        /* Email is valid mysql query */
                                        require ("./connect.php");

                                        $query = mysql_query("SELECT * FROM users WHERE username ='$getuser'");

                                        /* If mysql returns zero, the user does not exist. */
                                        $numrows = mysql_num_rows($query);

                                        /* Check if email exists */
                                        if($numrows == 0) {
                                            $query = mysql_query("SELECT * FROM users WHERE email ='$getemail'");
                                            $numrows = mysql_num_rows($query);
                                            if($numrows == 0){
                                                $date = date("F d, Y");
                                                $code = md5(rand());

                                                mysql_query("INSERT INTO users VALUES ('', '$getuser', '$getpass', '$getemail', '0', '$code', '$date')");

                                                $query = mysql_query ("SELECT ALL * FROM users WHERE username = '$getuser'");
                                                $numrows = mysql_num_rows($query);

                                                /* Check to make user was generated */
                                                if($numrows == 1){
                                                    $site = "http://www.midnightnachos.com/gs";
                                                    $webmaster = "[email protected]";
                                                    $headers = "From: $webmaster";
                                                    $subject = "Activate Your Account";
                                                    $message = "Thanks for registering. Click the link below to activate your account.\n";
                                                    $message .= "$site/activate.php?user=$getuser&code=$code\n";
                                                    $message .= "You must activate your account to login.";

                                                    if (mail($getemail, $subject, $message, $headers)){
                                                        $errormessage = "You have been registered. You must activate your account from the activation link sent to your email.";
                                                        echo $form;
                                                        $getuser = "";
                                                        $getpass = "";
                                                    }
                                                    else
                                                        echo "An error has occured. Your activation email was not sent.";
                                                }
                                                else
                                                    $errormessage = "An error has occurred. Account not created.";
                                            }
                                            else
                                                $errormessage = "Email address already in use.";
                                        }
                                        else
                                            $errormessage = "Username already exists.";

                                        mysql_close;
                                    }
                                    else
                                        $errormessage = "You did not enter a valid email.";
                                }
                                else
                                    $errormessage = "Your passwords did not match.";
                            }
                            else
                                $errormessage = "You must retype your password.";
                        }
                        else
                            $errormessage = "You must enter your password.";
                    }
                    else
                        $errormessage = "You must enter an email to register.";
                }
                else
                    $errormessage = "You must enter a username to register.";

                echo $form;
            }

            $form = "
                <div class='splash'>
                  <h1>Register for Game Swap</h1>
                  <p>Register for Game Swap to browse what games other local
                     users have added to their library. Propose trades,
                     chat, and meet to swap games. Your email address
                     will only be used to notify you when someone has
                     sent a trade offer. No newsletters, advertisements or
                     updates will be sent by us. We will also never sell
                     your contact information to third parties.</p>
                  <br />
                  <p align='center'>Fill out the form below to get started</p>
                  <br />
                  <form align='center' action='./register.php' method='POST'>
                      <input type='text' name='user' value='$getuser' class='box' size='30' placeholder='Username' /><br />
                      <input type='password' name='password' class='box' size='30' placeholder='Password' /><br />
                      <input type='password' name='retypepassword' class='box' size='30' placeholder='Retype Password' /><br />
                      <input type='text' name ='email' value='$getemail' class='box' size='30' placeholder='Email Address' /><br />
                      <input type='button' name='reg' class='loginbutton' value='Register' /><br />
                  </form>
                </div>
                <br/> $errormessage";

            echo $form;
        ?>

    </body>
</html>
Improve this question
5
  • 3
    that's some interesting nesting going on Commented Aug 8, 2013 at 21:17
  • That's not gonna fix your problem, but don't use deprecated functions of mysql_... Use mysqli or PDO instead Commented Aug 8, 2013 at 21:18
  • 2
    You're going to want to investigate sql injection, if my username was 1'; DROP TABLE users; --, I could ruin your whole day. Commented Aug 8, 2013 at 21:18
  • I'm just beginning. I could not think of a different way to code it. Commented Aug 8, 2013 at 21:19
  • I'm doing to sanitize my strings for php once I get the ground level login/register coded. Commented Aug 8, 2013 at 21:20

1 Answer 1

Reset to default
0

I think you mixed up the button's type attribute, i.e. it's not button, but submit.

So, I guess you have a normal text input field, but your CSS is cheating your eyes. Try writing into it :)

To submit forms via buttons you can use:

<input type="submit" name="reg" value="Register!"/>

<button name="reg" value="1-or-anything">Register!</button>

And as for a possible different way of coding (getting all the validation errors at once):

$error_list = array();
if ($condition1) $error_list[] = 'My Error message 1';
if ($condition2) $error_list[] = 'My Error message 2';
if ($condition3) $error_list[] = 'My Error message 3';
...
if (empty($error_list)) the_fun_part();
else {
    foreach($error_list as $msg)
        echo "{$msg}<br/>";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.