-3

I am writing basic user register page, My register page contain : usermail ,password, plan type. There are three plans for plan type. Three plans are: basic, sliver and gold.

The register_main.php is to store user information in Mysql.

I met issue that is when I click basic or sliver or gold plan, the page will go to register_main page . I want sent user information only to server ,when they click sign in.

Can anyone help me to solve this issue?

HTML Code:

    <html>
        <head>
                <title>Register</title>
                <meta charset="UTF-8">
                <!-- Include JS File Here -->
                <script src="Script/register_validate.js">
                <script type="text/javascript"
                    src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
                <script type="text/javascript"
                    src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js"></script>
                </script>
        </head>
<body>
        <form name="registerform" action="register_main.php" method="post" onsubmit="return validate()">
              <p id="benefits_text" class="white size_8">Benefits:</p>
              <input id="type_basic" type ="image" name="basicPlan" " src="basic.png">
              <input id="type_silver" type ="image" name="silverPlan" " src="silver.png">
              <input id="type_gold" type ="image" name="goldPlan" " src="gold.png">
              <div id="userinfo_content">
                   <p id="email_text" class="white size_8">Email Address</p>
                   <input id="email_input" name="userEmail" type="text"class="sign_input">
                   <p id="password_text" class="white size_8">Password</p>
                   <input id="password_input" name="password" type="password">
                   <p id="confirmPW_text" class="white size_8">Confirm Password</p>
                   <input id="confirmPW_input" name="confirm_password" type="password">
                  <input id="btn_signin" type ="image" alt ="submit" src="signin.png">
              </div>
    </form></body>
    </html>

register_main.php

include ("config.php");
require ("encrypt.php");
session_start ();

if ($_SERVER ["REQUEST_METHOD"] == "POST") {

    // Get userEmail from client side and create a legal SQL string that you can use in an SQL statement.
    $user_emailaddress = mysqli_real_escape_string ( $db, $_POST ['userEmail'] );
    // Get password from client side and create a legal SQL string that you can use in an SQL statement.
    $user_password = mysqli_real_escape_string ( $db, $_POST ['password'] );
    // Get planType from client side and create a legal SQL string that you can use in an SQL statement.
    $user_planType = mysqli_real_escape_string ( $db, $_POST ['planType'] );
    // Create user.
    // Note user Id is generated when a new record is inserted into a table.
    $sql = "INSERT INTO admin (emailAddress,passcode,planType) VALUES ('$user_emailaddress','$user_Newpassword','$user_planType')";
    $result = mysqli_query ( $db, $sql );


    // if create user a successfully, jump to welcome page.
    // otherwise print error information
    if ($result ) {
        echo "New record created successfully";
        $_SESSION ['login_user'] = $user_emailaddress;
        header ( "location: welcome.php" );
    } else {
        echo "Error: " . $sql . "<br>" . mysqli_error ( $db );
    }
    // Close Database
    mysqli_close ( $db );
}
?>
awd
  • 35
  • 9
  • Where is your validation function? – nicovank Dec 05 '16 at 18:02
  • I edited my question. – awd Dec 05 '16 at 18:03
  • Do you have `event.preventDefault()` or `return false` in your Javascript validation code? Depend how you code it, you might need them to stop you from sending the form before validation. – Asuka165 Dec 05 '16 at 18:08
  • simple: you're outputting before header here `echo "New record created successfully"; $_SESSION ['login_user'] = $user_emailaddress; header ( "location: welcome.php" );` and PHP's error reporting would have told you about it. – Funk Forty Niner Dec 05 '16 at 18:08
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Dec 05 '16 at 18:21

1 Answers1

0

the problem with your form is that the input tag with type="image" acts as a submit button when clicked. Check out this link: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/image.

I guess that in your use case, you want these images to act as selection buttons for the available plan types. So I think you could replace then for an image tag with a radio button, or a select input with the three plans.

Henrique Vieira
  • 151
  • 1
  • 4
  • 1
    You have a point there, however that isn't the only problem in their code. Even as an input, their code will still fail. – Funk Forty Niner Dec 05 '16 at 18:21
  • @Henrique Thanks, I change type to radio. How to pass radio button value in my php file? – awd Dec 05 '16 at 18:44
  • @awd Sorry awd, but I don't know php to help you out in terms of code. But there should be some builtin function in php or some php framework to get the form fields from the post request you received. – Henrique Vieira Dec 05 '16 at 19:32
  • @Fred-ii- I understand that, but I just worked on the problem he reported in his question. Of course everybody wants all their problems to be solved when they post a question here, but when you make a post pointing a specific issue and explicitly say: "Can anyone help me to solve this issue?", then I guess an answer that solves only this specific issue is a valid one. – Henrique Vieira Dec 05 '16 at 19:44
  • 1
    I'm glad to see your answer was accepted. However, and for future readers to the question, it does not fully solve the question. @HenriqueVieira – Funk Forty Niner Dec 05 '16 at 19:45