0

I'm trying to create a simple PHP registration and login form. Prior to adding styling and HTML to the register.php file, all worked as expected. Now when Register is clicked, instead of saying thankyou for registering, nothing happens.

    <html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div id="wrapper">
<div class="form">

<?php
echo "<h1>Register</h1>";

$submit = $_POST['submit'];

// form data

$fullname = STRIP_TAGS($_POST['fullname']);
$username = STRIP_TAGS($_POST['username']);
$password = STRIP_TAGS($_POST['password']);
$repeatpassword = STRIP_TAGS($_POST['repeatpassword']);
$date = date("Y-m-d");

if ($submit)
{   
    if($fullname&&$username&&password&&$repeatpassword)
    {


    if ($password==$repeatpassword)
    {
        //check char length of username and fullname
        if(strlen($username)>25||strlen($fullname)>25)
        {
            echo "Length of username or fullname is too long!";
        }
        else
        {   //check password length

            if (strlen($password)>25||strlen($password)<6)
            {
            echo "Password must be between 6 and 25 characters";
            }
            else 
            {   //register the user!
                // encrypt password
            $password = md5($password);
            $repeatpassword = md5($repeatpassword);

                //open database

            $connect = mysql_connect("localhost", "Matt", "password123");
            mysql_select_db("phpsignin");

            $queryreg = mysql_query("
            INSERT INTO users VALUES ('','$fullname','$username','$password','$date')`

            ");

            die ("Thankyou for registering! <a href='index.php'> Return to login page</a>");
            }
        }


    }   
    else
        echo "Your passwords do not match!";
    }
    else
        echo "Please fill in <b>all</b> fields!";

}

?>
<form id="login" action='register.php' method='POST'>
    <fieldset>
            <ol>
            <li>
            <label>Your Full Name:
            <input type="text" name='fullname' value='<?php echo $fullname; ?>'>
            </label>
            </li>

            <li>
            <label>Choose a username:
            <input type="text" name='username' value='<?php echo $username;?>'>
            </label>
            </li>

            <li>
            <label>Choose a password:
            <input type="password" name='password'>
            </label>
            </li>

            <li>
            <label>Confirm Your Password:
            <input type="password" name='repeatpassword'>
            </label>
            </li>
    </fieldset>
    <div id="buttonHolder">
    <button type="submit" name="submit">Register</button>
    </div>
</form>

</div>
</div>
</body>
</html>
WibblyWobbly
  • 145
  • 3
  • 7
  • 18
  • 5
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Feb 19 '13 at 20:02
  • What do you mean by nothing happen? A White page? You are probably getting an exception, have you checked your apache logs? – Hugo Dozois Feb 19 '13 at 20:03
  • You are performing password hashing with MD5 and no salt, both of which render the hashing rather ineffective. See the [PHP FAQ on passwords](http://www.php.net/manual/en/faq.passwords.php). – Quentin Feb 19 '13 at 20:03
  • Why `STRIP_TAGS` and not `STRLEN`? – Waleed Khan Feb 19 '13 at 20:04

2 Answers2

2

Your submit button has no value, so if ($submit) will never be a true value and that branch of your logic will never run.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
1

Change:

$submit = $_POST['submit'];

To:

$submit = $_POST;
Artur Couto
  • 498
  • 1
  • 6
  • 19