0

Ok so i spent 5 minuted coming up with a decent title which would give the reader a good understanding of my problem. I have a form, a php code to add a new user(the user registration part of any website) and a database. I have decent enough error checking in the php code. However when i fill the form and click register, no error is shown. Under normal circumstances, it means success, but in this case, the data from the form does not go into the database. Am i missing something? I am fairly new to php user authorization / validation so it could mean i am missing something. The code is as follows:

form:

<form class="form-inline" method="post" name="login_form">
       <form action="useradd.php" method="post">
              <p><input type="text" class="span2" name="firstname" id="firstname" placeholder="First Name"></p>
              <p><input type="text" class="span2" name="lastname" id="Last Name" placeholder="Last Name"></p>
              <p><input type="text" class="span2" name="username" id="username" placeholder="Username"></p>
              <p class="help-block" style="font-size:12px"> Username should be between 4-20 characters long.</p>
              <p><input type="Password" class="span2" name="Password" placeholder="Password"></p>
              <p class="help-block" style="font-size:12px"> Password must be between 4-20 characters long. Must be alpha-numeric</p>
              <p><input type="Password" class="span2" name="Password" placeholder="Re-Enter Password"></p>
              <p><input type="text" class="span4" name="emailid" id="emailid" placeholder="Emaid ID - [email protected]"></p>
              <p><input type="text" class="span2" name="teamname" id="teamname" placeholder="Team name"></p>
              <p class="help-block" style="font-size:12px"> Select your Unique team name.</p>
              <p>
                  <select class="selectpicker">
                     <option>The name of the city where you were born</option>
                     <option>The name of your first pet</option>
                     <option>What is your mother's maiden name</option>
                  </select>
                </p>
                <p><input type="text" class="span2" name="secretanswer" id="secretanswer" placeholder="Secret Answer"></p>
                <p>
                <input type="hidden" name="form_token" value="<?php echo $form_token; ?>" /><br />
              <p><button type="submit" class="btn btn-primary">Register</button></p>
            </form>

php file - named useradd.php

<?php
/*** begin our session ***/
session_start();

/*** first check that both the username, password, form token etc have been sent ***/
if(!isset( $_POST['firstname'],$_POST['lastname'],$_POST['username'], $_POST['password'],$_POST['emailid'],$_POST['teamname'],$_POST['secret_question'],$_POST['secret_answer'], $_POST['form_token']))
{
    $message = 'Please make sure you have the filled the form correctly';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
    $message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
    $message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
    $message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
    /*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
        /*** if there is no match ***/
        $message = "Password must be alpha numeric";
}
else
{
    /*** if we are here the data is valid and we can insert it into database ***/
    $firstname = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    $lastname = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
    $password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
    $emailid = filter_var($_POST['emailid'], FILTER_SANITIZE_STRING);
    $teamname = filter_var($_POST['teamname'], FILTER_SANITIZE_STRING);
    $secret_question = filter_var($_POST['secret_question'], FILTER_SANITIZE_STRING);
    $secret_answer = filter_var($_POST['secret_answer'], FILTER_SANITIZE_STRING);


    /*** now we can encrypt the password ***/
    $password = sha1( $password );

    /*** connect to database ***/
    /*** mysql hostname ***/
    $mysql_hostname = 'localhost';

    /*** mysql username ***/
    $mysql_username = 'root';

    /*** mysql password ***/
    $mysql_password = 'hassan28';

    /*** database name ***/
    $mysql_dbname = 'adb project';

    try
    {
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the insert ***/
        $stmt = $dbh->prepare("INSERT INTO users (firstname,lastname,username,password,emailid,teamname, secret_question,secret_answer ) VALUES (:firstname,:lastname,:username,:password, :emailid,:teamname,:secret_question,:secret_answer)");

        /*** bind the parameters ***/
        $stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
        $stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
        $stmt->bindParam(':username', $username, PDO::PARAM_STR);
        $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
        $stmt->bindParam(':emailid', $emailid, PDO::PARAM_STR);
        $stmt->bindParam(':teamname', $teamname, PDO::PARAM_STR);
        $stmt->bindParam(':secret_question', $secret_question, PDO::PARAM_STR);
        $stmt->bindParam(':secret_answer', $secret_answer, PDO::PARAM_STR);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** unset the form token session variable ***/
        unset( $_SESSION['form_token'] );

        /*** if all is done, say thanks ***/
        $message = 'New user added';
    }
    catch(Exception $e)
    {
        /*** check if the username already exists ***/
        if( $e->getCode() == 23000)
        {
            $message = 'Username already exists';
        }
        else
        {
            /*** if we are here, something has gone wrong with the database ***/
            $message = 'We are unable to process your request. Please try again later"';
        }
    }
}
?>

<html>
<head>
<title>Login</title>
</head>
<body>
<p><?php echo $message; ?>
</body>
</html>
Improve this question
5
  • Are you getting "New user added" or nothing at all on submission? If you echo back out $dbh do you see what you expect? Commented Nov 25, 2013 at 21:01
  • Neither. The "new user added" message doesnt show up and the data is not being stored in the database. Thats why is frustrating. Commented Nov 25, 2013 at 21:04
  • 1
    You have two <form> tags at the start; you're only closing one. I suspect that your browser might be trying to parse that into a single <form> tag, which might be losing your action attribute. You should try combining the two form tags into a single one, for a start. Otherwise - on the first line of useradd.php, add var_dump($_POST) to see what your form is actually submitting. Commented Nov 25, 2013 at 21:11
  • I am beginning to suspect that might be th issue. I have two forms in the html file. It has one form for new user registration, and one for login of a registered user. Commented Nov 25, 2013 at 21:14
  • Ok fo i just realised something in my form was off. I had two form opening tags. I just rectified that. It works cause it gives me the error - please make sure the form is filled correctly ( check the if isset statement in useradd.php Commented Nov 25, 2013 at 21:20

2 Answers 2

Reset to default
1

Check secretanswer (in html) vs secret_answer (in php). Should be:

<p><input type="text" class="span2" name="secret_answer" id="secret_answer" placeholder="Secret Answer"></p>

Also your PHP requires a value for "secret_question" but your form is not submitting that. You want something like this:

<select class="selectpicker" id="secret_question" name="secret_question">
  <option value="city_born">The name of the city where you were born</option>
  <option value="first_pet">The name of your first pet</option>
  <option value="mom_maiden_name">What is your mother's maiden name</option>
</select>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

i am using secret_answer.
where? in the form? If so please update your question to include the code you are actually using.
0

In your MySQL query, you are using the field name secret answer, which should be secret_answer.

-- Connor

Improve this answer

2 Comments

i am using secret_answer
I meant secret_question, sorry.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.