-1

I am new to PHP, but I am working on a login system for this website. I am currently working on the account creation page and I can not get the .php file to post to my database. Can anyone out there give me a hand? My code is below:

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <title>EDAViewer Login Console</title>
    <link rel="stylesheet" href="/CSS/styles.css">
</head>

<body>
    <div class="container">
        <div class="main-wrapper">
           <div class="header">
               <header>
                   <img src="/Assets/BGLogo.png" alt="EDAViewer Logo">
                   <img src="/Assets/accountCreation.png" alt="Create Account" class="console-img">
               </header>
            </div>
            <div class="login-container">
                <fieldset class="login-form">

                    <form class="form" action="newAccount.php" method="POST">
                        <ul>
                            <li>
                                <label for="username">Username</label>
                                <input type="text" name="username" required>
                            </li>
                            <li>
                                <label for="password">Password</label>
                                <input type="text" name="password" required>
                            </li>
                            <li>
                                <label for="verify-password">Verify Password</label>
                                <input type="text" name="verify-password" required>
                            </li>
                            <li>
                                <input type="submit" value="Create Account">
                            </li>
                        </ul>
                    </form>
                </fieldset>
            </div>
            </div>
        </div>
    <div class="footer">
        <footer>
            <p>Copyright &copy 2018 EDA Technologies, Ltd</p>
         </footer>
    </div>


</body>

</html>

here is the PHP:

<?PHP

$dbConn = mysqli_connect("ServerName(Changed it to post here) ", "UserName", 
"Password", DBname);

if (mysqli_connect_errno()){
    printf("Connection failed: %s\n", mysqli_connect_error());
    exit();
}else{
    printf("Host information: %s\n", mysqli_get_host_info($mysqli));
    mysqli_close($dbConn);
}
$username = mysqli_real_escape_string($dbConn, $_POST['username']);

$password = $_POST['password'];
$vpass = $_POST['verify-password'];
if($password !=== $vpass){
    echo "Your passwords did not match."
}else{
    $userSQL = "INSERT INTO user_list (username)
                VALUES ('".$username"')";
    $passSQL = "INSERT INTO user_list (password)
                VALUES ('".$password."')";

    $res = mysqli_query($dbConn, $userSQL, $passSQL);

    if ($res === TRUE){
        echo "Account Created";
    }else{
        printf("There was an error creating this account: %s\n", mysqli_error($dbConn));
    }
    mysqli_close($dbConn);
}

?>

The problem I am running into is everytime I press the submit button, I get the CANNOT POST newAccount.php error. What am I doing wrong? I have been trying to get this to work on my own for the last 2 days. I even included the database connection code to this file to see if I referenced it wrong in the beginning.

Chase Quinn
  • 60
  • 10
  • 1
    `!===` is wrong (a syntax error) - should be `!==` . But this isn't the biggest issue with this code. Storing plaintext passwords in your database is a no-no, and you're wide open to SQL injection. – Robin Zigmond Oct 28 '18 at 12:42
  • Possible duplicate of [Reference - What does this error mean in PHP?](https://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) – rickdenhaan Oct 28 '18 at 12:45
  • 2
    You should enable error reporting so you can see where things are going wrong. Check out the question I marked as duplicate, specifically the "nothing is seen" part. – rickdenhaan Oct 28 '18 at 12:47

3 Answers3

1

I am not sure if this is the problem causing it not to work in your script, but it seems like that a ; is missing here

if($password !=== $vpass){
    echo "Your passwords did not match."; //<---
}else{
    $userSQL = "INSERT INTO user_list (username)
                VALUES ('".$username"')";
    $passSQL = "INSERT INTO user_list (password)
                VALUES ('".$password."')";

Also,you should not do <input type=text ... for your password. Instead, you should use <input type=password>

EDIT: just found out another mistake that may cause your script not to work...

According to http://php.net/manual/zh/language.operators.comparison.php, there're only !== and != in php, you should do if($password !== $vpass) or if($password != $vpass) instead of if($password != $vpass)

note: (sth!==sth mean !(sth===sth) and sth!=sth mean !(sth==sth))

EDIT 2: as stated by Robin Zigmond, you shouldn't save the password with plain text in your database... you could use

$passSQL = "INSERT INTO user_list (password)
            VALUES ('".password_hash($password)."')";

instad to make it safer. When you are logging in, you can use

if(password_verify($_POST['password'], $encrypted_password)){
//correct password
}else{
//incorrect password
}

to verify the password.

More information can be found on http://php.net/manual/en/function.password-hash.php & http://php.net/manual/en/function.password-verify.php

Community
  • 1
  • 1
RaymondLiu1
  • 11
  • 3
0

Just use

    if($password != $vpass){
    echo "Your passwords did not match."; 
    }else{
    $userSQL = "INSERT INTO user_list (username)
            VALUES ('".$username"')";
    $passSQL = "INSERT INTO user_list (password)
            VALUES ('".$password."')";
    }
Sheikh Haziq
  • 53
  • 4
0

I think you have an issue with the directory. You can refer here

Also, you are sending multiple queries using mysqli_query() instead of this use mysqli_multi_query() you can find more here I hope this will solve your issue.

Ishaan
  • 1,249
  • 15
  • 26