I am having problems figuring out what is wrong with my php code for a sign up and login form
the following is the sign up form which isnt executing the query
[php] <?php
ob_start();
session_start();
if( isset($_SESSION[‘user’])!="" ){
header(“Location: Profile.php”);
}
include_once ‘Config.php’;
$error = false;
if ( isset($_POST[‘btn-signup’]) ) {
// clean user inputs to prevent sql injections
$name = trim($_POST[‘name’]);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$email = trim($_POST[‘email’]);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST[‘pass’]);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// basic name validation
if (empty($name)) {
$error = true;
$nameError = “Please enter your full name.”;
} else if (strlen($name) < 3) {
$error = true;
$nameError = “Name must have atleat 3 characters.”;
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
$error = true;
$nameError = “Name must contain alphabets and space.”;
}
// email validation
if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = “Please enter valid email address.”;
} else {
// check if email already exists
$query = “SELECT Email FROM ‘Users’ WHERE Email=’$email’”;
$result = mysqli_query($db,$query);
$count = mysqli_num_rows($result);
if($count!=0){
$error = true;
$emailError = “Provided Email is already in use.”;
}
}
// password validation
if (empty($pass)){
$error = true;
$passError = “Please enter password.”;
} else if(strlen($pass) < 6) {
$error = true;
$passError = “Password must have atleast 6 characters.”;
}
// password encrypt using SHA256()
$password = hash(‘sha256’, $pass);
// if there’s no error, continue to signup
if( !$error ) {
if ($stmt = $db->prepare(“INSERT INTO Users (Username, Password, Email) VALUES (? , ?, ?)”)) {
$stmt->bind_param(“sss”, $username, $password, $email);
$stmt->execute();
if($stmt->execute()){
$result = $stmt->get_result();
}
}
if ($result) {
$errTyp = “success”;
$errMSG = “Successfully registered, you may login now”;
unset($name);
unset($email);
unset($pass);
} else {
$errTyp = “danger”;
$errMSG = “Something went wrong, try again later…”;
}
}
}
?>[/php]
This one is the login form that seems to have the same issue
[php]<?php
ob_start();
session_start();
include_once ‘Config.php’;
// it will not let you open login page if session is set
if ( isset($_SESSION[‘user’])!="" ) {
header(“Location: Profile.php”);
exit;
}
$error = false;
if( isset($_POST[‘btn-login’]) ) {
//prevent sql injections/ clear user invalid inputs
$email = trim($_POST[‘email’]);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST[‘pass’]);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
if(empty($email)){
$error = true;
$emailError = “Please enter your email address.”;
} else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = “Please enter valid email address.”;
}
if(empty($pass)){
$error = true;
$passError = “Please enter your password.”;
}
// if there’s no error, continue to login
if (!$error) {
$password = hash(‘sha256’, $pass); // password hashing using SHA256
$stmt = $db->prepare(“SELECT * FROM Users
WHERE Email = ? && Password
= ?”);
$stmt->bind_param(“ss”, $email, $password);
$stmt->execute();
if($stmt->num_rows == 1) {
$_SESSION[‘user’] = $email;
header(“Location: Profile.php”);
}
else {
$errMSG = “Incorrect Credentials, Try again…”;
}
}
}
?>[/php]