Hey guys, I have recently decided to start learning PHP, so I did what any sane person would do (votes are still out for this!) and I bought the PHP for dummies book, as it has exactly what I’m after to start with, a simple registration and login script.
Now, every thing seems to be working okay, except the key feature, the registering… I’ve followed every thing in the book, but it still seems to be going wrong.
Any help would be greatly appreciated, heres the page I think the issue is with:
[code]<?php
require_once(“functions.inc”);
//prevent access if user has not submitted the form
if (!isset($_POST[‘submit’])) {
die(header(“Location: registration.php”));
}
$_SESSION[‘formAttempt’] = true;
if (isset($_SESSION[‘error’])) {
unset($_SESSION[‘error’]);
}
$_SESSION[‘error’] = array();
$required = array(“username”, “email”, “password1”, “password2”, “fname”, “lname”, “mii_name”);
//Check required fields
foreach ($required as $requiredField) {
if (!isset($_POST[$requiredField]) || $_POST[$requiredField]
== “”) {
$_SESSION[‘error’][] = $requiredField . " is
required.";
}
}
//Makes sure Username is okay
if (!preg_match(’/^[\w .]+$/’,$_POST[‘username’])) {
$_SESSION[‘error’][] = “Username must be letters and numbers only”;
}
//Makes sure First Name is okay
if (!preg_match(’/^[\w .]+$/’,$_POST[‘fname’])) {
$_SESSION[‘error’][] = “First Name must be letters and numbers only”;
}
//Makes sure Last Name is okay
if (!preg_match(’/^[\w .]+$/’,$_POST[‘lname’])) {
$_SESSION[‘error’][] = “Last Name must be letters and numbers only”;
}
//Makes sure 3DS Mii Name is okay
if (!preg_match(’/^[\w .]+$/’,$_POST[‘mii_name’])) {
$_SESSION[‘error’][] = “Mii Avatar Name must be letters and numbers only”;
}
//Makes sure the email is valid
if (!filter_var($_POST[‘email’],FILTER_VALIDATE_EMAIL)) {
$_SESSION[‘error’][] = “Invalid e-mail address”;
}
//Makes sure passwords match
if ($_POST[‘password1’] != $_POST[‘password2’]) {
$_SESSION[‘error’][] = “Passwords do not match”;
}
//final disposition
if (count($_SESSION[‘error’]) > 0) {
die(header(“Location: registration.php”));
} else {
if(registerUser($_POST)) {
unset($_SESSION[‘formAttempt’]);
die(header(“Location: success.php”));
} else {
error_log(“Problem registering user: {$_POST[‘email’]}”);
$_SESSION[‘error’][] = “Problem registering account”;
die(header(“Location: registration.php”));
}
}
function registerUser($userData) {
$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB);
if ($mysqli->connect_errno) {
error_log("Cannot connect to MySQL: " . $mysqli->connect_error);
return false;
}
$email = $mysqli->real_escape_string($_POST[‘email’]);
//Check to see if email exists
$findUser = “SELECT id from Users where email = ‘($email)’”;
$findResult = $mysqli->query($findUser);
$findrow = $findResult->fetch_assoc();
if (isset($findRow[‘id’]) && $findRow[‘id’] != “”) {
$_SESSION[‘error’][] = “A user with that e-mail already exists”;
return false;
}
//Check to see if username exists
$findUser = “SELECT id from Users where username = ‘($username)’”;
$findResult = $mysqli->query($findUser);
$findrow = $findResult->fetch_assoc();
if (isset($findRow[‘id’]) && $findRow[‘id’] != “”) {
$_SESSION[‘error’][] = “This username has already been taken”;
return false;
}
$lastName = $mysqli->real_escape_string($_POST[‘lname’]);
$firstName = $mysqli->real_escape_string($_POST[‘fname’]);
$cryptedPassword = crypt($_POST[‘password1’]);
$password = $mysqli->real_escape_string($cryptedPassword);
if (isset($_POST[‘username’])) {
$username = $mysqli->real_escape_string($_POST[‘username’]);
} else {
$username = “”;
}
if (isset($_POST[‘mii_name’])) {
$mii_name = $mysqli->real_escape_string($_POST[‘mii_name’]);
} else {
$mii_name = “”;
}
if (isset($_POST[‘friend_code’])) {
$friend_code = $mysqli->real_escape_string($_POST[‘friend_code’]);
} else {
$friend_code = “”;
}
$query = “INSERT INTO Users (email,create_date,password,last_name,first_name,mii_name,friend_code) " .
" VALUES (’{$email}’,NOW(),’{$password}’,’{$lastName}’,’{$firstName}’,’{$username}’,’{$mii_name}’,’{$friend_code}’)”;
if ($mysqli->query($query)) {
$id = $mysqli->insert_id;
error_log(“Inserted {$email} as ID {$id}”);
return true;
} else {
error_log(“Problem inserting {$query}”);
return false;
}
} //end function registerUser
?>[/code]