-2

Hope someone with fresh eyes can help.Thanks-R

CHECKS IF SUBMIT BUTTOM IS CLICKED---SECURITY(Button type in signup.php file)--/

  if (isset($_POST['submit'])) {

/*INCLUDE DATABASE FILE--*/

    include_once 'dbh.inc.php';

/CREATE A VARIABLE--(CALLED FIRST)--(IS THE FIRST INPUT INSIDE THE SIGNUP FORM) (allows for code to be converted to text) [[Cannot input code into box}}--/

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $uid = mysqli_real_escape_string($conn, $_POST['uid']); 
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);



//ERROR HANDLERS

//CHECK FOR EMPTY FIELDS---(double pipes means or in php)
if  (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {

       header("Location: ../signup.php?signup=empty");
       exit();
} else {
    //CHECK IF INPUT CHARACTERS ARE VALID

  if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {

       header("Location: ../signup.php?signup=invalid");
       exit();


  } else {
    //CHECK IF EMAIL IS VALID
     if (!filter_var($email, FILTER_VALIDATE_EMAIL))  { 
       header("Location: ../signup.php?signup=email");
       exit();  
     } else {
        $sql = "SELECT * FROM users WHERE user_uid='$uid'";
        $result = mysqli_query($conn, $sql);
        $resultCheck = mysqli_num_rows($result);

       if ($resultCheck > 0){
           header("Location: ../signup.php?signup=usertaken");
           exit();

       } else {
        //HASHING PASSWORD---
        $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);

        //INSERT USER INTO DATABASE

        $sql= "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first','$last', '$email', '$uid','$hashedPwd' );";
         mysqli_query($conn, $sql);

         header("Location: ../signup.php?signup=success");
         exit();    

        }

     }

  } 

} else{
        /*COLON MUST NOT HAVE SPACE BETWEEN LOCATION---SPACE BETWEEN ../---(TAKES BACK A DIRECTORY)--PREVENTS GOING TO URL TO ACCESS FILE PAGE.--TAKES USER
        BACK TO SIGNUP PAGE*/
        header("Location: ../signup.php");
        /*exit--closes off script from running--(IF ANYTHING AFTER EXIT FUNCTION)*/
        exit();
 }
hungrykoala
  • 1,083
  • 1
  • 13
  • 28
Robby
  • 1
  • Possible duplicate of [PHP parse/syntax errors; and how to solve them?](https://stackoverflow.com/questions/18050071/php-parse-syntax-errors-and-how-to-solve-them) – Ken White May 08 '18 at 02:26
  • your 2nd and 3rd `else` should be `elseif` –  May 08 '18 at 02:27
  • There's a lot of nested elements here which could be made simpler and could thus help avoid situations where you can't find which is which. – hungrykoala May 08 '18 at 02:29
  • add another `}` above the last `else`.. – Shadow Fiend May 08 '18 at 02:37
  • Try using a program like Notepad++ or a similar program when writing your code. They have useful features like syntax highlighting and clicking on a { it will highlight the closing } that it sees for the opening { – SpacePhoenix May 08 '18 at 03:59
  • It was a closing bracket..Thanks for everyones help. – Robby May 09 '18 at 15:39

1 Answers1

0

Please format your code properly next time so that you can avoid this type of errors in the future:

<?php
if (isset($_POST['submit'])) {
    include_once 'dbh.inc.php';

    $first = mysqli_real_escape_string($conn, $_POST['first']);
    $last  = mysqli_real_escape_string($conn, $_POST['last']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $uid   = mysqli_real_escape_string($conn, $_POST['uid']);   
    $pwd   = mysqli_real_escape_string($conn, $_POST['pwd']);

    if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
        header("Location: ../signup.php?signup=empty");
        exit();
    }else{
        if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
            header("Location: ../signup.php?signup=invalid");
            exit();     
        }elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
            header("Location: ../signup.php?signup=email");
            exit();
        }else{
            $sql = "SELECT user_uid FROM users WHERE user_uid='$uid'";
            $result = mysqli_query($conn, $sql);
            $resultCheck = mysqli_num_rows($result);

            if($resultCheck > 0){
                   header("Location: ../signup.php?signup=usertaken");
                   exit();
            }else{
                $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
                $sql= "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first','$last', '$email', '$uid','$hashedPwd' );";
                mysqli_query($conn, $sql);
                header("Location: ../signup.php?signup=success");
                exit();     
            }
        }
    }
}else{
    header("Location: ../signup.php");
    exit();
}

I changed this part of your code:

if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {

           header("Location: ../signup.php?signup=invalid");
           exit();


      } else {
        //CHECK IF EMAIL IS VALID
         if (!filter_var($email, FILTER_VALIDATE_EMAIL))  { 
           header("Location: ../signup.php?signup=email");
           exit();  
         } else {

Since you can just check the email after checking the first and last name of the user using else if.

P.S I would not want to be the user of this kind of site as it redirects you everytime there is an error in your inputs. Ideally it would be best if you could tell them the errors in their input when they are still in the form that way they don't have to retype everything after a redirect and figure out eachtime what they did wrong.

HTML5 email input will already check if the email is of valid format so you can use that as well.

you can also give this a read. this as well.

The problem in your code was the missing } before the final else statement

hungrykoala
  • 1,083
  • 1
  • 13
  • 28