0

I have this PHP file stored i a server. It creates a new user for the DB. The registration is success but the response message is always NULL.

Here is my register.php file where i post the values

 <?php

require_once 'DB_Functions.php';
$db = new DB_Functions();

// json response array
$response = array("error" => FALSE);

if (($_POST['name']) && ($_POST['surname']) && ($_POST['email']) && ($_POST['password']) && ($_POST['telephone'] && ($_POST['country']) ) ) 
{ 
    // receiving the post params
    $name = $_POST['name'];
    $surname = $_POST['surname'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $telephone = $_POST['telephone'];
    $country = $_POST['country'];

    // check if user is already existed with the same email
    if ($db->isOwnerExisted($email)) {
        // user already existed
        $response["error"] = TRUE;
        $response["error_msg"] = "User already exists with " . $email;
        echo json_encode($response);
    } else {
        // create a new user
        $user = $db->storeOwner($name, $surname, $email, $password, $telephone, $country);        
        if ($user) {
            // user stored successfully           
            $response["error"] = FALSE;
            $response["oid"] = $user["oid"];
            $response["user"]["name"] = $user["name"];
            $response["user"]["surname"] = $user["surname"];
            $response["user"]["country"] = $user["country"];
            $response["user"]["email"] = $user["email"];
            $response["user"]["password"] = $user["password"];
            $response["user"]["telephone"] = $user["telephone"];

            echo json_encode($response);
        } else {
            // user failed to store
            $response["error"] = TRUE;
            $response["error_msg"] = "Unknown error occurred in registration!";
            echo json_encode($response);
        }
    }
} else {
    $response["error"] = TRUE;
    $response["error_msg"] = "Required parameters are missing!";
    echo json_encode($response);
}
?>

And the storeOwner function

public function storeOwner($name, $surname, $email, $password, $telephone, $country) {
    $hash = $this->hashSSHA($password);
    $encrypted_password = $hash["encrypted"]; // encrypted password
    $salt = $hash["salt"]; // salt
    $stmt = $this->conn->prepare("INSERT INTO owner (oid, name, surname, country, email, password, salt, telephone) VALUES(?, ?, ?, ?, ?, ?, ?, ?)");
    $stmt->bind_param("isssssss", $oid, $name, $surname, $country, $email, $encrypted_password, $salt, $telephone);
    $result = $stmt->execute();
    $stmt->close();

    // check for successful store
    if ($result) {
        $stmt = $this->conn->prepare("SELECT * FROM owner WHERE email = ?");
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $user = $stmt->bind_result($user['oid'], $user['name'], $user['surname'], $user['country'], $user['email'], $user['password'], $user['salt'], $user['telephone']);
        while ($stmt->fetch()) {
                //printf("%s %s\n", $email, $password);
        }
        $stmt->close();

        return $user;
    } else {
        return false;
    }
}

The output is something like

{"error":false,"uid":null,"user":{"name":null,"surname":null,"country":null,"email":null,"password":null,"telephone":null}}

Why is every field null?

Improve this question
11
  • Where does $oid get defined? $user = $stmt->bind_result(...) will set $user to true or false (since that method returns a boolean). Commented May 17, 2017 at 23:45
  • the $oid is an auto increment value in the DB, i am not defining it Commented May 17, 2017 at 23:47
  • 1
    You should also check your log file for errors. Have you checked that the record actually gets created? A suggestion would also be to catch any potential errors when you're making your queries so you can handle them correctly. You should also look into password_hash() and password_verify() when you're hashing passwords, since thats's the recommended way to do it. Commented May 17, 2017 at 23:51
  • 2
    I would start with removing the $user = from $user = $stmt->bind_result(...). And before that row, add $user = []. Here's how to display all errors and warnings and where the error logs are depends on your setup. Apache on Ubuntu stores them in /var/log/apache2/error.log. Commented May 18, 2017 at 0:00
  • 1
    WARNING: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern development framework like Laravel comes with a robust authentication system built-in. At the absolute least follow recommended security best practices and never store passwords with a uselessly weak hash like SHA1 or MD5. Commented May 18, 2017 at 0:09

1 Answer 1

Reset to default
6

When you're fetching the user, you're currently overwriting the bound results with the response from that method:

$user = $stmt->bind_result($user['oid'], ...);

The method $stmt->bind_result() returns a boolean (true on success and false on error). So your code first sets the values and when that's done, it overwrites them with the result from the method (the boolean).

It should be:

$user = []; // You should create the array before using it.
$stmt->bind_result($user['oid'], ...);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.