confirm password in registration form

Question

i have a registration form where it has a password field and a confirm password field. I would like the password and confirm password fields to be the same so it can register the new users information.

form:

  <form class="form-signin" name="Register_Form" method="post" action="regcheck.php">
    <h2 class="form-signin-heading">Please sign in</h2>
    <label for="inputPassword" class="sr-only">Password</label>
    <input type="password" id="inputPassword" name="inputPassword" class="form-control" placeholder="Password" required>
    <label for="CPassword" class="sr-only">Confirm Password</label>
    <input type="password" id="CPassword" name="CPassword" class="form-control" placeholder="Confirm Password" required>

    <button class="btn btn-lg btn-primary btn-block" type="reg" name="reg" value="Register">Register</button>
  </form>

            require_once 'connect.php';
            if (isset($_POST['reg'])){ 
                        //$dob = $_POST['date'];
                        $dob = date('Y-m-d', strtotime($_POST['date']));
                        $Student_ID = $_POST['Student_ID'];
                        $gender = $_POST['gender'];
                        $course = $_POST['Course'];
                        $email = $_POST['inputEmail'];
                        $password = $_POST['inputPassword'];
                        $cpassword = $_POST['CPassword'];
                        $FN = $_POST['FirstName'];
                        $SN = $_POST['SecondName'];

                        if ($password === $cpassword) {
                           // success!
                            $sql = "INSERT INTO tblaccounts (Email, Password, Student_ID, FirstName, SecondName, Course, Gender, DoB) VALUES ('".$email."','".$password."','".$Student_ID."','".$FN."','".$SN."','".$course."','".$gender."','".$dob."')"; 
                            $result = mysqli_query($connection, $sql) or die("Database Connection Failed" . mysqli_error($connection));
                            //$count = mysqli_num_rows($result);
                            echo "Registeration Successful!:";  

                            header('Location: login.php');
                            }
                            else {
                               // failed :(
                            }


            } else { 
                        echo "Registeration Failed!:";# 
                        ?><br/><a href ="login.php">Go back to the login screen.</a><?php
                    }

What happens with this code? You are open to SQL injections, parameterize. You also need to hash the passwords, dont store plain text passwords. — chris85, Sep 17 '17 at 20:52
@chris85 I'm trying to get the form to do as I want. Then I shall work on security and so on. — helloworld999, Sep 17 '17 at 20:54
Your question is about this conditional, `if ($password === $cpassword) {`, not working, right? What does it do, throw an error, never match, always match, other? — chris85, Sep 17 '17 at 20:55
this code should not be used in a live environment. Is this for academic purposes? — Funk Forty Niner, Sep 17 '17 at 20:58
@Fred-ii- I didn't put the php tags in as i am copying the code which effects this. — helloworld999, Sep 17 '17 at 21:02
@chris85 no, as I would like to do as much of it in PHP as possible. — helloworld999, Sep 17 '17 at 21:03
by not using the opening tag, is throwing off syntax highlighting — Funk Forty Niner, Sep 17 '17 at 21:05
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Sep 17 '17 at 21:06
**Never store plain text passwords!** Please use **[PHP's built-in functions](http://php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)**. Make sure you **[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. — John Conde, Sep 17 '17 at 21:07

score -1 · Answer 1 · answered Sep 17 '17 at 21:08

-1

I'm not sure to understand your question, in fact your code seems (in a crude way) to achieve your goal. However your script will fail at the time to redirect to login.php using header(), due you already have sent information to the client. That happens when you process your data in the same script you have used to display the form fields. I recommend you to send the form's data to another script.

answered Sep 17 '17 at 21:08

Diego Viniegra

9
1
7

I didn't understand what you are going on about. – helloworld999 Sep 17 '17 at 21:15
Notice: Undefined index: CPassword – helloworld999 Sep 17 '17 at 21:31
This disencourage to participate here. I haven't needed to make a question here, because I use to get what I am looking for in searchs, and I am not able to comment. By the way... it's right, to delete the answer, if he has not send the form yet, the headers will be the last of his problems. – Diego Viniegra Sep 18 '17 at 00:39

confirm password in registration form

1 Answers1