Website working on xampp localhost but not online server

Question

My code is working perfectly well in my xampp localhost but when I tried to put my files online it did not work. On localhost, it works perfectly but when I tried it on online server, it connected to the database but does not store the user data and allows entry. What do I need to change here? I tried to include echos along the way and found out all functions till registering the user works (empty username, email, or password, not confirmed password, username exists, password exits). So I am not sure why there is a problem registering the user.

<?php
session_start();

// initializing variables
$username = "";
$email    = "";
$errors = array(); 

// connect to the database
$db = mysqli_connect('localhost', 'rohit', 'mynameis111', 'registration');

// REGISTER USER
if (isset($_POST[''])) {
  // receive all input values from the form
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $email = mysqli_real_escape_string($db, $_POST['email']);
  $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
  $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

  // form validation: ensure that the form is correctly filled ...
  // by adding (array_push()) corresponding error unto $errors array
  if (empty($username)) { array_push($errors, "Username is required"); }
  if (empty($email)) { array_push($errors, "Email is required"); }
  if (empty($password_1)) { array_push($errors, "Password is required"); }
  if ($password_1 != $password_2) {
  array_push($errors, "The two passwords do not match");
  }

  // first check the database to make sure 
  // a user does not already exist with the same username and/or email
  $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
  $result = mysqli_query($db, $user_check_query);
  $user = mysqli_fetch_assoc($result);
  
  if ($user) { // if user exists
    if ($user['username'] === $username) {
      array_push($errors, "Username already exists");
    }

    if ($user['email'] === $email) {
      array_push($errors, "email already exists");
    }
  }

  // Finally, register user if there are no errors in the form
  if (count($errors) == 0) {
    $password = md5($password_1);//encrypt the password before saving in the database

    $query = "INSERT INTO users (username, email, password) 
          VALUES('$username', '$email', '$password')";
    mysqli_query($db, $query);
    $_SESSION['username'] = $username;
    $_SESSION['success'] = "You are now logged in";
    header('location: basics.php');
  }
}

if (isset($_POST['login_user'])) {
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($username)) {
    array_push($errors, "Username is required");
  }
  if (empty($password)) {
    array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
    $password = md5($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
      $_SESSION['username'] = $username;
      $_SESSION['success'] = "You are now logged in";
      header('location: basics.php');
    }else {
      array_push($errors, "Wrong username/password combination");
    }
  }
}

?>

Update: Hi, here is the errors.php file i forgot to add. And I checked my error log this is what it shows

[26-Mar-2021 10:17:32 UTC] PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in /home/z7mselap8dmo/public_html/server.php on line 33

Line 33: $user = mysqli_fetch_assoc($result);

<?php  if (count($errors) > 0) : ?>
  <div class="error">
    <?php foreach ($errors as $error) : ?>
      <p><?php echo $error ?></p>
    <?php endforeach ?>
  </div>
<?php  endif ?>

did u check php error log? and did u get any errors on the frontend. assuming this is a web app. — ashen madusanka, Mar 26 '21 at 08:49
It can be anything, without php error log no one can tell you what is wrong. — Paweł Cebulski, Mar 26 '21 at 08:54
Also, please be warned that your code is open for SQL injection — Nico Haase, Mar 26 '21 at 10:31
**Warning!** : Using `md5()` hashing to store password is strongly discouraged. You should always hash the passwords using [`password_hash()`](https://php.net/password_hash) and only store the hashes. Then you can use [`password_verify()`](https://php.net/password_verify) to verify a password against a hash. — Syscall, Mar 26 '21 at 11:42

Ashot Markosyan · Accepted Answer · 2021-03-26T11:35:47.277

-1

enable error reporting. For that add this code in start of file

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

Perform a query, check for error

$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
if(!$result){
 echo("Error description: " . $result->error);
}

edited Mar 26 '21 at 11:35

answered Mar 26 '21 at 09:56

Ashot Markosyan

44
3

Please share more details. How does enabling the error reporting resolve the given error? – Nico Haase Mar 26 '21 at 10:32
Please do not recommend the usage of insecure queries - string concatenation should never be used for SQL queries – Nico Haase Mar 26 '21 at 12:06
Who are you? What do you want? – Ashot Markosyan Mar 26 '21 at 12:11
Hi. Sorry, this is my first time using StackOverflow. I also don't have much knowledge of MySql and PHP. What is SQL injection mean? – Rohit desai Mar 26 '21 at 12:51
@Rohitdesai have a look at https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php for more details abuot SQL injection – Nico Haase Mar 26 '21 at 16:14
Thanks a lot Ashot Markosyan for the help. – Rohit desai Mar 26 '21 at 17:34

Website working on xampp localhost but not online server

1 Answers1