In creating a registration page for a project I'm working on. It's very basic, just requires the user to enter a username and password but I want the user to confirm their password. I'm using:
$pattern = '/^[0-9]{6,}$/';
to ensure that only digits can be entered as a password and must be at least 6 digits long. Everything is working fine except for confirming password. I have attached my script below. Can anyone see what I'm doing wrong? When I enter two different values in the password boxes on my register.html page, it seems to just accept and enters the values to the database regardless.
$username = $_POST['username']; //username
$password = $_POST['password']; //password
$confirmPass = $_POST['password2'];
$error = array();
$pattern = '/^[0-9]{6,}$/'; //pattern for password
if($_POST['register']){ //if register is clicked
if(!preg_match($pattern, $password)){ //is password doesnt match...
echo "Password must be at least 6 characters long and numerical characters only."; //error message
}
$query = "SELECT * FROM users WHERE username = '$username'"; //calls exising profiles
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result)>0){
echo "You already have an account!"; //if username existsm error message displayed
} else {
}
if($password === $confirmPass){ //if two passwords do not match
echo 'Passwords do not match!';
} else {
if(preg_match($pattern, $password)){ //if passwords match
$password = md5($confirmPass); //md5 encryption
$query = "INSERT INTO users (username, password) VALUES ('$username', '$password')"; //inserts into the database
echo'You are now a registered user!';
if($conn->query($query) === TRUE){
} else {
echo"Error: " . $query / "<br>" . $conn->error;
}
}
}
}
