1

So, I've got a register form that I want all the usernames (email adresses) have to be unique, I made it so the database entries have to be unique, but then the error that the user gets is my generic one (see $message), which I could change to another message, but then the user wouldn't know whether the account hasn't been created due to an error server side or a duplicate email address.

$message = 'Sorry there must have been an issue creating your account';

What I have been struggling to get is a way to have a custom error that says something like: "Sorry this email is already in use" when the username is already in use.

Below is the code for my register form (i didnt make this)):

<?php

session_start();

if( isset($_SESSION['user_id']) ){
    header("Location: restricted.php");
}

require 'database.php';

$message = '';

if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['surname'])):

    // Enter the new user in the database
    $sql = "INSERT INTO users (email, password, firstname, surname) VALUES (:email, :password, :firstname, :surname)";
    $stmt = $conn->prepare($sql);

    $stmt->bindParam(':email', $_POST['email']);
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
    $stmt->bindParam(':firstname', $_POST['firstname']);
    $stmt->bindParam(':surname', $_POST['surname']);


    if( $stmt->execute() ):
    $message = 'Successfully created new user';
    else:
    $message = 'Sorry there must have been an issue creating your account';
    endif;

endif;

?>

<!DOCTYPE html>
<html>
<head>
    <title>Register</title>
    <?php include '../header.php'; ?>
</head>
<body>

    <?php if(!empty($message)): ?>
        <p><?= $message ?></p>
    <?php endif; ?>

    <h1>Register</h1>
    <span>or <a href="login.php">login here</a></span>

    <form action="register.php" method="POST">

        <input type="text" placeholder="Enter your email" name="email">
        <input type="password" placeholder="and password" name="password">
        <input type="password" placeholder="confirm password" name="confirm_password">
        <input type="text" placeholder="Enter your first name" name="firstname">
        <input type="text" placeholder="Enter your surname" name="surname">
        <input type="submit">

    </form>

</body>
</html>
Jeff
  • 23
  • 1
  • 8
  • 1
    Rather than just inserting and relying on "generic failure", try selecting to see if a user with that email exists. – Niet the Dark Absol Mar 19 '17 at 15:31
  • If the email is unique, just do a select on it and see if it is already in the database before the insert then throws your personalized message. – Jorge Campos Mar 19 '17 at 15:32

1 Answers1

0

First run a select query to check if the username/email adress already exists.

If exists return a error, if not insert in database. You should validate your post not only if it is empty. Also if the data is valid like correct email markup, password the same, username is unique etc

Chris Toxz
  • 32
  • 6
  • So i kinda new to php and trying to learn it, here is my attempt at doing it, which has inevitably failed :P, ill put my attempted code into a paste bin so it looks nicer, if you could edit my code/do you own so i can see where i messed up :) http://pastebin.com/1Akj2DQs . Inside of database.php is http://pastebin.com/yZ7UrsMe its also giving the error of: PHP Parse error: syntax error, unexpected '$query' (T_VARIABLE) in /dirremoved/register.php on line 25 – Jeff Mar 19 '17 at 16:51
  • Check out this: http://stackoverflow.com/questions/17800354/check-if-username-exists-in-mysql-table-via-php Or add me on skype: hetischris – Chris Toxz Mar 19 '17 at 17:26
  • Check your line 26(Pastebinline) your trying to where `email` is in `email`. You should use `users`. So: ` `$sql2 = "SELECT * FROM users WHERE email = :email"`` – Chris Toxz Mar 19 '17 at 17:28