-2

I followed this tutorial on youtube, for making a social network. I had to register my user. But when I register, nothing shows up on the database.. My files are:

index.php

 <?php include ("./inc/header.inc.php");?>
    <?php
    date_default_timezone_set('UTC');
    $reg = @$_POST['reg'];
    //declaring variables
    $fn = "";//First name
    $ln ="";//Last name
    $un = "";//Username
    $em = "";//Email
    $em2 = "";//Email 2
    $pswd = "";//Password
    $pswd2 = "";//Password 2
    $d = "";//Sign Up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day

if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
  if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to findFriends</h2>Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
 echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
    $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
    $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
    $md5password_login = md5($password_login);
    $sql = mysqli_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' AND closed='no' LIMIT 1"); // query the person
    //Check for their existance
    $userCount = mysqli_num_rows($sql); //Count the number of rows returned
    if ($userCount == 1) {
        while($row = mysqli_fetch_array($sql)){ 
             $id = $row["id"];
    }
         $_SESSION["id"] = $id;
         $_SESSION["user_login"] = $user_login;
         $_SESSION["password_login"] = $password_login;
         exit("<meta http-equiv=\"refresh\" content=\"0\">");
        } else {
        echo 'That information is incorrect, try again';
        exit();
    }
}
?>
<div style="float: left;">
            <h2>Already a Memeber? Login below ...</h2>
            <form action="index.php" method="post" name="form1" id="form1">
                <input type="text" size="40" name="user_login" id="user_login" class="auto-clear" title="Username ..." /><p />
                <input type="text" size="40" name="password_login" id="password_login" value="Password ..." /><p />
                <input type="submit" name="button" id="button" value="Login to your account">
            </form>
            </div>
           <div style="float: right; width: 240px;">
            <h2>Sign up Below ...</h2>
           <form action="#" method="post">
           <input type="text" size="40" name="fname"  class="auto-clear" title="First Name" value="<? echo $fn; ?>"><p />
           <input type="text" size="40" name="lname" class="auto-clear" title="Last Name" value="<? echo $ln; ?>"><p />
           <input type="text" size="40" name="username" class="auto-clear" title="Username" value="<? echo $un; ?>"><p />
           <input type="text" size="40" name="email" class="auto-clear" title="Email" value="<? echo    $em; ?>"><p />
           <input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" value="        <? echo $em2; ?>"><p />
           <input type="password" size="40" name="password" value="Password ..."><p />
           <input type="password" size="40" name="password2" value="Password ..."><p />
           <input type="submit" name="reg" value="Sign Up!">
           </form>
           </div>

connect.inc.php:

<?php

$con = mysqli_connect("localhost", "root", "password") or die("Unable to connect");
mysqli_select_db($con, "socialnetworkdatabase") or die("Could not open the db");

mysqli_close($con);

?>

When I open the database on phpmyadmin, It shows : MySQL returned an empty result set (i.e. zero rows). (Query took 0.0000 seconds.)

I edited the code index.php and it looks like this:

<?php include ("./inc/header.inc.php");?>
<?php include("./inc/connect.inc.php");?>
<?php
$con = mysqli_connect("localhost" ,"root" ,"iamanasian", "theworlddatabase" );
date_default_timezone_set('UTC');
if(isset($_POST['reg'])){
$reg = $_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
$un = "";//Username
$em = "";//Email
$em2 = "";//Email 2
$pswd = "";//Password
$pswd2 = "";//Password 2
$d = "";//Sign Up Date
$u_check = ""; // Check if username exists
//registration form
$fn = stripslashes($_POST['fname']);
$fn = mysqli_real_escape_string($con,$_POST['fname']);
$ln = stripslashes($_POST['lname']);
$ln = mysqli_real_escape_string($con,$_POST['lname']);
$un = stripslashes($_POST['username']);
$un = mysqli_real_escape_string($con,$_POST['username']);
$em = stripslashes($_POST['email']);
$em = mysqli_real_escape_string($con,$_POST['email']);
$em2 = stripslashes($_POST['email2']);
$em2 = mysqli_real_escape_string($con,$_POST['email2']);
$pswd = stripslashes($_POST['password']);
$pswd = mysqli_real_escape_string($con,$_POST['password']);
$pswd2 = stripslashes($_POST['password2']);
$pswd2 = mysqli_real_escape_string($con,$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysqli_query($con, "SELECT username FROM users WHERE username='$un'"); 
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysqli_query($con,"SELECT email FROM users WHERE email='$em'"); 
//Count the number of rows returned
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
  if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query($con,"INSERT INTO users (id, username, first_name, last_name, email, password, sign_up_date, activated ) VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to findFriends</h2>Login to your account to get started ..." ) or die(mysqli_error($con));
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
 echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
}  
?>
                <div style="width: 800px; margin: 0px auto 0px auto;">
                <table>
                        <tr>
                            <td width="60%" valign="top">
                                <h2>Enter the New World Today!</h2>
                            </td>
                            <td width="40%" valign="top">
                                <h2>Sign Up Below!</h2>
                                <form action="#" method="POST">
                                    <input type="text" name="fname" size="25" placeholder="First Name"><br/> <br/>  
                                    <input type="text" name="lname" size="25" placeholder="Last Name"><br/><br/>
                                    <input type="text" name="username" size="25" placeholder="Username"><br/><br/>
                                    <input type="text" name="email" size="25" placeholder="Email"><br/><br/>
                                    <input type="text" name="email2" size="25" placeholder="Re-enter Email"><br/><br/>
                                    <input type="password" name="password" size="25" placeholder="Password"><br/><br/>
                                    <input type="password" name="password2" size="25" placeholder="Re-enter Password"><br/><br/>
                                    <input type="submit" name="reg" value="Enter The World!">   
                                </form>
                            </td>
                        </tr>
                </table>

<?php include ("./inc/footer.inc.php");?>

And it's still not working

  • You're not checking for errors whatsoever. – Funk Forty Niner Oct 29 '14 at 13:58
  • For one thing `$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");` you are not passing DB connection to it. I.e.: `$u_check = mysqli_query($con, "SELECT username FROM users WHERE username='$un'");` - To check for errors, add error reporting to the top of your file(s) right after your opening ` – Funk Forty Niner Oct 29 '14 at 14:08
  • Same thing for `$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");` - do `$e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$em'");` and for `$query = mysqli_query("INSERT INTO users...` - `$query = mysqli_query($con, "INSERT INTO users...` – Funk Forty Niner Oct 29 '14 at 14:09
  • You're also potentially missing `session_start();` since you are using sessions. – Funk Forty Niner Oct 29 '14 at 14:13
  • Have you tried to to validate you input by inspecting the results using print_r or var_dump? Also u don't have a database connection – Edward Manda Oct 29 '14 at 14:41
  • I have connected to the database in the connect.inc.php Edward Manda –  Oct 29 '14 at 14:46
  • Don't paste variables into your queries. Use prepared statements and bind your variables. – h2ooooooo Oct 29 '14 at 14:56

1 Answers1

1

Firstly, you are not passing the DB connection variable $con to any of your queries, it's required.

$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");

$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");

$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");

$sql = mysqli_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' AND closed='no' LIMIT 1"); // query the person

Use it like this and do the same for the others:

mysqli_query($con, "SELECT ...

mysqli_query($con, "INSERT ...

Sidenote about your INSERT: It is best to include the actual columns when doing an INSERT.

I.e.: INSERT INTO table (column_x, column_y) VALUES ('value_x', 'value_y')

You're also potentially missing session_start(); since you are using sessions, it is required and to be placed at the top of every file using sessions.

You should be using or die(mysqli_error($con)) to mysqli_query() in order to get the errors, if any.

Also, adding this to the top of your files:

error_reporting(E_ALL);
ini_set('display_errors', 1);

Sidenote: Error reporting should only be done in staging, and never production.

Remove the @ symbols from your POST variables; they suppress potential errors.

Plus, instead of strip_tags() which strips out HTML and PHP tags from a string, use mysqli_real_escape_string() and stripslashes()

I.e.:

$fn = stripslashes($_POST['fname']);
$fn = mysqli_real_escape_string($con,$_POST['fname']);

and do the same for the others.

Use mysqli with prepared statements, or PDO with prepared statements.

For password storage, use any of the following and do not use MD5, it is old and considered broken.

Edit:

Place the following and wrap the braces within the code you wish to execute:

// This is related to your named submit button
if(isset($_POST['reg'])){

// code to execute

}

which is why you're getting an Undefined index: reg notice.

Edit #2:

Place the following and wrap the braces within the code you wish to execute:

<?php include ("./inc/header.inc.php");?>
<?php
date_default_timezone_set('UTC');

if(isset($_POST['reg'])){

$reg = $_POST['reg'];

//declaring variables
$fn = "";//First name
$ln ="";//Last name

// put the rest of your code

    }
}

} // closing brace for if(isset($_POST['reg']))
?>
<div style="float: left;">  

// rest of your code

Parse error: syntax error, unexpected '{

that is most likely caused by short tags not being set.

change

<?
//Login Script

to 

<?php
//Login Script
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Parse error repaired, but data is still not coming up on phpmyadmin, on the database –  Oct 29 '14 at 15:09
  • @AineshSootha Have you created all the columns and using the right types including the lengths being long enough to store the data? You're also not specifying the columns. Example `INSERT INTO table (column_x, column_y) VALUES ('value_x', 'value_y')` - use `or die(mysqli_error($con))` to `mysqli_query()` as stated in my answer. – Funk Forty Niner Oct 29 '14 at 15:11
  • @AineshSootha `$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')") or die(mysqli_error($con));` - Plus, you do have 12 columns in your table, correct? – Funk Forty Niner Oct 29 '14 at 15:20
  • and I have added the columns –  Oct 29 '14 at 15:23
  • @AineshSootha I'm not sure if it's relevant, but there are spaces in `value=" echo $em2; ?>"` remove them `value=" echo $em2; ?>"` see if that makes a difference. From this point on, you will need to start using `var_dump();` for your variables, including `print_r($query);` to see what is being passed through your INSERT query. Also `value=" echo $em2; ?>"` to `value=""` if short tags are not set/on and do the same for the others. – Funk Forty Niner Oct 29 '14 at 15:30