0

my code generating fetal error in the code it check all fields except cnic filed, a cnic already exist in table in multiple rows.When we try to create login for new member with same cnic it create duplicate entry rather to checking and generate error for the already exiting cnic. i mean to say it check both email and cnic if both exit it deny for new registration but in my case some time it check and some time it not check the email and cnic. Please correct my code i try a lot but i am unable to filed where i'm doing wrong.Your help in this regard will highly helpful for me and i will be highly thankful to you.

<?php
//Start the Session
require_once("config.php");

//error_reporting(0);
$headers ='';
$res = '';
$Message = '';
$Message1 = '';
$Message2 = '';
$recaptcha = '';

$query ="SELECT * FROM tbl_signup;";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
$user_cnic = $row['apli_cnic'];
$User_Email = $row['apli_email'];


if(isset($_POST['ButtonSignUp']))
{

        $Cnic=mysqli_real_escape_string($conn, $_POST['cnic']);
        $Name= mysqli_real_escape_string($conn,$_POST['namesurname']);
        $Email = mysqli_real_escape_string($conn, $_POST['email']);
        $Password = mysqli_real_escape_string($conn, $_POST ['password']);
        $CnfrmPassword = mysqli_real_escape_string($conn, $_POST['confirmPassword']);

        $ActivationCode = md5( rand(0,1000) );
        $Status = 0;

        if ($Cnic == $user_cnic)

        {

            $Message = "Sign Up Failed. Account With CNIC: $user_cnic Already Exist";

        }

        elseif($Email == $User_Email)
        {

            $Message1 = "$Email Already Exist. Please Enter Another Email Address.";

        }

        elseif($Password != $CnfrmPassword)
        {
            $Message2 = "Your Password does not match the Confirm Password";
        }

        elseif ($Password == $CnfrmPassword)
        {
            $sql= "INSERT INTO table(fname, email, cnic, pwd, cnfrm_pwd, activation_code, status)
                      VALUES ('$Name','$Email','$Cnic','$Password','$CnfrmPassword', '$ActivationCode', '$Status');";
             mkdir("DocumentUpload/$Cnic");


             $to_email = $Email;
             $subject = 'Verify Your Email';
             $message = "Your account information is successfully updated. Please click the following link For verifying and activate your account.

             $headers = 'From: abc.com
             $res = mysqli_query($conn, $sql);  

            if(mail($to_email, $subject, $message, $headers))
            {

            }


        } 


        if($res == 1)
        {           

            header("location:VerifyEmailWait.php");

        }


        else 

        {

        }

       }
mysqli_close($conn);
?>

<form id="sign_up" method="POST">

  <input type="number" class="form-control" name="cnic" placeholder="CNIC e.g. 3520212345678" maxlength="13" required autofocus autocomplete="off">

  <input type="text" class="form-control" name="namesurname" placeholder="Full Name (As Per CNIC)" required autofocus autocomplete="off">

  <input type="email" class="form-control" name="email" placeholder="Email Address" required autocomplete="off">

  <input type="password" class="form-control" name="password" id="password" minlength="8" placeholder="Password" required autocomplete="off">

  <input type="password" class="form-control" name="confirmPassword" id="confirmPassword" minlength="8" placeholder="Confirm Password" required autocomplete="off">

  <button class="btn btn-block btn-lg bg-pink waves-effect" type="submit" name="ButtonSignUp">SIGN UP</button>

  <a href="index.php">Already a Member? Please Sign In</a>

</form>
Ru Chern Chong
  • 3,692
  • 13
  • 33
  • 43
Hassan
  • 31
  • 3
  • 1
    2 things , first **don't save passwords in your database** second use **prepared statements** read here https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php and eventually your problems are gone for good – nbk Feb 23 '20 at 18:45
  • @nbk Just curious, if we don't store passwords in DB, how are we going to authenticate them? – nice_dev Feb 23 '20 at 18:54
  • see the link in my answer , you dsqave only the hash values and them you check against – nbk Feb 23 '20 at 19:10
  • @nbk Ok that way, I thought you meant never to store passwords at all in the first place, looking at the bold text in your comment. – nice_dev Feb 23 '20 at 19:13
  • No need for snippets – Ru Chern Chong Feb 24 '20 at 06:41

1 Answers1

1

Your insert statement

INSERT INTO table(fname, email, cnic, pwd, cnfrm_pwd, activation_code, status)
VALUES ('$Name','$Email','$Cnic','$Password','$CnfrmPassword', '$ActivationCode', '$Status');

is wrong it must be

INSERT INTO tbl_signup(fname, email, cnic, pwd, cnfrm_pwd, activation_code, status)
VALUES ('$Name','$Email','$Cnic','$Password','$CnfrmPassword', '$ActivationCode', '$Status');

Where you use the proper tabke name a generic table like you did is not allowed.

But please read this about passwords

And of course that about preventing sql injection

Before you proceed in your development.

nbk
  • 45,398
  • 8
  • 30
  • 47
  • I have updated the query but still facing the same error. – Hassan Feb 23 '20 at 18:58
  • please add the **complete** error message that you get. and change your question to show actual code. – nbk Feb 23 '20 at 19:12
  • Dear There is no error message i am receiving, in if else statements, sometime it validate and sometime it does not. Above is my complete PHP code given – Hassan Feb 23 '20 at 19:20
  • there mus be some kind of error or else this wouldn't happen. first two new entries means you run through the code twice, so you have to debug it, to see why, so add a lot of echos to see, what actually happens, i can't see a loop so it mus be somewheere else- It there is something not runing correctly enable error message https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display there is also a error andling for mysqli and PDO – nbk Feb 23 '20 at 19:27