PHP multi-step registration process

Question

I am working on a registration system which comprises of 3 total steps.

Step 1 - user enters a username, system searches the database for the username. IF the username is found, it checks the account status (ie: no password created, complete but not verified, registered and verified).

If user is not found, user is directed to Step 2.

If status = no password created, the user is directed to Step 3.

If status = complete but not verified / registered and verified, Display error message.

Step 2 - user enters personal details.

The page stores user inputs

Step 3 - user creates a password, the system connects to the database and INSERTs user info to the user table. A success message is displayed.

I have managed to figure out and complete the coding for the first 2 steps, by displaying a new form when the previous form has been submitted.

Problem: However, I have just realised that I am unable to retrieve data from the previous form (ie: at step 3 I am unable to retrieve the Username from Step 1). I have tried using the 'header('location: ?user=$uname');' approach however this doest work because the URL gets reset when I submit the new form and I lose the username again. How do I create a proper multi-step form using ONLY PHP and how do I store the input values so I could use them at the last step. Below is my code:

<?php
include 'includes/session_info.php';
if(isset($_SESSION['user_id'])){
    header('Location: index.php');
}
$errors = array();
if(empty($_POST['user_info']) === false){
    require ('core/dbcon.php');
    $usr_email = mysqli_real_escape_string($con, $_POST['email']);
    $usr_joined = mysqli_real_escape_string($con, $_POST['joined']);
    $usr_recruited = mysqli_real_escape_string($con, $_POST['recruited']);
    if($usr_email){
        //direct user to password form
    }else{
        $errors[] = 'Please complete all fields marked with a Red Asterisk.';
    }
    $form2 = $usr_email.'<br>'.$usr_joined.'<br>'.$usr_recruited;
}
if(empty($_POST['username_chck']) === false){
    require ('core/dbcon.php');
    $username = mysqli_real_escape_string($con, $_POST['uname']);
    $rpt_uname = mysqli_real_escape_string($con, $_POST['r_uname']);
    if($username && $rpt_uname){
        if($username == $rpt_uname){
            $query = mysqli_query($con, "SELECT status FROM users WHERE username = '$username'") or die(mysqli_error($con));
            // Display registration form if Username is not found.
            if(mysqli_num_rows($query) == 0){
                $form1;
            }
            // Actions performed If username entered already exists in the database.
            elseif(mysqli_num_rows($query) == 1){
                $status = mysqli_fetch_assoc($query);
                if($status['status'] == 0){
                    $errors[] = '<b>'.$username.'</b> is already registered and awaiting to be verified by our admins. Feel free to contact an Admin via the website or in-game to get verified.';
                }elseif($status['status'] == 1){
                    //header("Location:?create_pwd&user=$username");
                }elseif($status['status'] > 1){
                    $errors[] = '<b>'.$username.'</b> is already registered and verified by our Admins. Please log in to access you account.
                    If you have forgotten your password you can rest your password <a class="navbar-link error_link" id="intext-link" href="login.php?fp"><b>here</b></a>.';
                }
            }elseif(mysqli_num_rows($query) > 1){
                $errors[] = 'An error has occurred. Looks like a there is more than one member with that username. Please contact the Administrator for assistance.';
            }
        }else{
            $errors[] = 'Please ensure that the username entered in both fields match.';

        }
    }else{
        $errors[] = 'Please complete all required fields.';
    }
}

?>

<html>
<div class="row">
    <div class="col-md-6 col-md-offset-3">
        <?php   
            if(empty($_POST['username_chck']) === false){
                if(empty ($errors) === false){
        ?>          
                    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
                        <div class="form-group">
                            <label for="Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Username: </label><br>
                            <input type="text" name="uname" class="form-control" placeholder="Please enter your Runescape username." id="Uname" required>
                        </div>
                        <div class="form-group">
                            <label for="repeat_Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Repeat Username: </label><br>
                            <input type="text" name="r_uname" class="form-control" id="repeat_Uname"  placeholder="Please re-enter your Runescape username." required>
                        </div>
                        <input type="submit" name="username_chck" class="btn btn-default" value ="Next">
                    </form>
        <?php
                }else{ echo $reg_uname;
        ?>
                    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
                        <div class="form-group">
                            <label for="Email"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Email: </label>
                            <input type="email" name="email" class="form-control" id="Email"  <?php if (isset($_POST['email'])=== true){echo 'value="', strip_tags($_POST['email']),'"';}?>>
                        </div>
                        <div class="form-group">
                            <label for="Joined">Date Joined: </label><br>
                            <small class="notice">If you do not remember the exact date please select the first day of the month and year you joined (eg: 01/02/2001).</small><br>
                            <input type="date" name="joined" class="form-control" id="Joined" <?php if (isset($_POST['joined'])=== true){echo 'value="', strip_tags($_POST['joined']),'"';}?>>
                        </div>
                        <div class="form-group">
                            <label for="recruited">Recruited by: </label>
                            <select name="recruited" class="form-control" id="recruited">
                                <option value="" selected disabled>Select a Member</option>
                                <?php
                                    require ('core/dbcon.php');
                                    $usr_qry = mysqli_query($con, "SELECT user_id, username FROM users")or die(mysqli_error($con));
                                    while($usr = mysqli_fetch_array($usr_qry)){
                                        echo '<option value="'.$usr['user_id'].'">'.$usr['username'].'</option>';
                                    }
                                ?>
                            </select>
                        </div>
                        <input type="submit" name="user_info" class="btn btn-default" value ="Next">
                    </form>
        <?php
                }
            }elseif(empty($_POST['user_info']) === false){
                if(empty ($errors) === false){
        ?>
                    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
                        <div class="form-group">
                            <label for="Email"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Email: </label>
                            <input type="email" name="email" class="form-control" id="Email"  <?php if (isset($_POST['email'])=== true){echo 'value="', strip_tags($_POST['email']),'"';}?>>
                        </div>
                        <div class="form-group">
                            <label for="Joined">Date Joined: </label><br>
                            <small class="notice">If you do not remember the exact date please select the first day of the month and year you joined (eg: 01/02/2001).</small><br>
                            <input type="date" name="joined" class="form-control" id="Joined" <?php if (isset($_POST['joined'])=== true){echo 'value="', strip_tags($_POST['joined']),'"';}?>>
                        </div>
                        <div class="form-group">
                            <label for="recruited">Recruited by: </label>
                            <select name="recruited" class="form-control" id="recruited">
                                <option value="" selected disabled>Select a Member</option>
                                <?php
                                    require ('core/dbcon.php');
                                    $usr_qry = mysqli_query($con, "SELECT user_id, username FROM users")or die(mysqli_error($con));
                                    while($usr = mysqli_fetch_array($usr_qry)){
                                        echo '<option value="'.$usr['user_id'].'">'.$usr['username'].'</option>';
                                    }
                                ?>
                            </select>
                        </div>
                        <input type="submit" name="user_info" class="btn btn-default" value ="Next">
                    </form>
        <?php
                }else
                    echo $reg_uname.'<br>'. $reg_email.'<br>'.$reg_joined.'<br>'.$reg_recruited.'<br>';
            }else{
        ?>
                <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
                    <div class="form-group">
                        <label for="Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Username: </label><br>
                        <input type="text" name="uname" class="form-control" placeholder="Please enter your Runescape username." id="Uname" required>
                    </div>
                    <div class="form-group">
                        <label for="repeat_Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Repeat Username: </label><br>
                        <input type="text" name="r_uname" class="form-control" id="repeat_Uname"  placeholder="Please re-enter your Runescape username." required>
                    </div>
                    <input type="submit" name="username_chck" class="btn btn-default" value ="Next">
                </form>
        <?php
            }
        ?>
    </div>
</div>
</html>

Ps. I have looked into creating a session which gets destroyed when the user navigates away from the page Destroy PHP session on page leaving. However I find that it's not very user friendly as it doesn't work properly if the user has multiple tabs open. I understand that I need to implement a javascript function to make it work properly. I do not know how to code in javascript and would really appreciate your assistance on making a better multi-step registration process.

Answer 1

As mentioned above, store the POST data from each step in the session variable.

// Step 1 submit
$_SESSION['steps'][1] = $_POST;

// Step 2 submit
$_SESSION['steps'][2] = $_POST;

// Step 3 submit
$_SESSION['steps'][3] = $_POST;

You can then use something like currentStep in the session to determine where they last were.

$currentStep = $_POST['step'];

And compare to what data you need available, or just use it directly from the array.

Answer 2

I opted to follow the 'hidden variable' method where I store the values form the previous form in hidden inputs of the current form. Thus enabling me to pass the values on to the next form. A sort of snowball effect, if you will. Below is an example:

Form 1

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <div class="form-group"> <label for="Uname">Username: </label><br> <input type="text" name="uname" class="form-control" id="Uname" required> </div> <div class="form-group"> <label for="repeat_Uname">Repeat Username: </label><br> <input type="text" name="r_uname" class="form-control" id="repeat_Uname" required> </div> <input type="submit" name="username_chck" class="btn btn-default" value ="Next"> </form>

Form 2

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
    <label for="Email">Email: </label>
    <input type="email" name="email" class="form-control" id="Email" required <?php if (isset($_POST['email'])=== true){echo 'value="', strip_tags($_POST['email']),'"';}?>>
</div>
<input type="hidden" name="username" <?php if (isset($_POST['username'])=== true){echo 'value="', strip_tags($_POST['username']),'"';}else{echo "value=\"$username\"";}?>>
<input type="submit" name="user_info" class="btn btn-default" value ="Next">

Explanation

Below is a skeleton of my code which should help you understand how I have displayed the forms

if(empty($_POST['form1'])=== false){
       $username = mysqli_real_escape_string($con, $_POST['username']);
       // display form 2
}elseif(empty($_POST['form2'])=== false){
       //display form 3
}

Note the hidden input type before the submit button in the second form.

While I have opted to include the if statements within the tags for the sake of this example, you could alternatively choose to process the forms at the top of your page (before the tag).