Edit to my previous edit:
So i thought changing the isset(), would work, but my form is still not working. I have no clue why..
Edit:
I found my error. isset($_POST['password_repeatr']) is supposed to be isset($_POST['repeat_passwordr']).
Okay so i am trying to create a simple scheduling website. I wanted to try to use OOP for this program. So the registering aspect of this isn't working, and basically just refreshes the page. Nothing gets placed into the SQL database, and doesn't even set the 'user_id' session. I also get no errors. I will copy and paste the code. The most important files are, register.php, and scheduleApp.class.php.
index.php:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/normalize.css"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<link rel="stylesheet" type="text/css" href="css/jquery-ui.css"/>
<link rel="stylesheet" type="text/css" href="css/jquery-ui.theme.css"/>
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jQuery.js"></script>
<?php
require_once('core/core.php');
require_once('core/navbar.php');
require_once('core/config.php');
require_once('core/scheduleApp.class.php');
?>
<title></title>
</head>
<body>
<div class="categories">
<div></div>
</div>
</body>
</html>
register.php:
<?php
if(isset($_POST['namer']) && isset($_POST['emailr']) && isset($_POST['usernamer']) && isset($_POST['passwordr']) && isset($_POST['password_repeatr']) && isset($_POST['employee_manager'])){
$namer = $_POST['namer'];
$emailr = $_POST['emailr'];
$usernamer = $_POST['usernamer'];
$passwordr = $_POST['passwordr'];
$repeat_passwordr = $_POST['repeat_passwordr'];
$e_or_m = $_POST['employee_manager'];
$user = new ScheduleApp();
$user->createUser($namer, $emailr, $usernamer, $passwordr, $repeat_passwordr, $e_or_m);
}
?>
<form action='<?php echo $current_file;?>' method='post'>
Full Name <br/> <input type="text" name="namer" required="required" minlength="5" maxlength="50"/>
Email <br/> <input type="email" name="emailr" required="required" minlength="5" maxlength="100"/>
Username <br/> <input type="text" name="usernamer" required="required" minlength="2" maxlength="50"/>
Password <br/> <input type="password" name="passwordr" required="required" minlength="6" maxlength="100"/>
Repeat Password <br/> <input type="password" name="repeat_passwordr" required="required"/>
<div class="enm_buttons">
<div><label for="employee">Employee</label> <input type="radio" value="1" id="employee" name="employee_manager" required="required"/> </div>
<hr />
<div><label for="manager"> Manager</label> <input type="radio" value="2" id="manager" name="employee_manager" required="required"/> </div>
</div>
<button id="register_submit">Register</button>
<br/><span>OR</span><br/>
</form>
<button class="login_button" onclick="navBarSlide('.login_button', '#register_div', '#login_div')">Login</button>
scheduleApp.class.php:
<?php
class ScheduleApp{
private $mysqli;
function __construct(){
$this->mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);
}
function __destruct(){
$this->mysqli->close();
}
public function createUser($name, $email, $username, $password, $repeat_password, $e_or_m){
if(!empty($name) && !empty($email) && !empty($username) && !empty($password) && !empty($repeat_password) && !empty($e_or_m)){
$query = "SELECT username FROM users WHERE username='".$this->mysqli->real_escape_string($username)."'";
if($result = $this->mysqli->query($query)){
$count_row = $result->num_rows;
if($count_row == 0){
$query = "SELECT email FROM users WHERE email='".$this->mysqli->real_escape_string($email)."'";
if($result = $this->mysqli->query($query)){
$count_row = $result->num_rows;
if($count_row == 0){
if($password != $repeat_password){
return "Passwords do not match";
}else{
$query = "INSERT INTO users VALUES('', '"
.$this->mysqli->real_escape_string($name)."', '"
.$this->mysqli->real_escape_string($email)."', '"
.$this->mysqli->real_escape_string($username)."', '"
.$this->mysqli->real_escape_string($password)."', '"
.$this->mysqli->real_escape_string($e_or_m)."')";
if($result = $this->mysqli->query($query)){
$query = "SELECT id FROM users WHERE username='".$this->mysqli->real_escape_string($username)."'
AND password='".$this->mysqli->real_escape_string($password)."'";
if($result = $this->mysqli->query($query)){
if($result->num_rows){
while($row = $result->fetch_array($result)){
$_SESSION["user_id"] = $row['id'];
header("Location: index.php");
}
}
}
}
}
}else{
return "That email is already in use.";
}
}
}else{
return "That username is already taken";
}
}
}else{
return "Please fill out all fields.";
}
}
}
?>
core.php:
<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
function isloggedin(){
if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])){
return true;
}else{
return false;
}
}
?>
navbar.php
<?php
?>
<div id="navbar_spacer"></div>
<div id="navbar">
<?php
$directory = "";
?>
<?php
if(!isloggedin()){
?>
<div id="lnr_buttons">
<button class="login_button" onclick="navBarSlide('.login_button', '#lnr_buttons', '#login_div')">Login</button><br/>
<button class="register_button" onclick="navBarSlide('.register_button', '#lnr_buttons', '#register_div')">Register</button>
</div>
<div id="login_div">
<h1>Login</h1>
<?php require_once($directory."login_register/login.php");?>
</div>
<div id="register_div">
<h1>Register</h1>
<?php require_once($directory."login_register/register.php");?>
</div>
<?php
}
?>
</div>
Few suggestions:
You have added code if the registration is successful, there is not error handling.
Form method should be kept blank if you are submitting the form to same file.
The button should have type submit.
Change
<button id="register_submit">Register</button>
to
<button id="register_submit" type="submit">Register</button>
Also, no need to fire 2 queries checking if username or email exists.
Add or condition for both.
So, your SQL should be:
$query = "SELECT username FROM users WHERE username='".$this->mysqli->real_escape_string($username)."' OR email='".$this->mysqli->real_escape_string($email)."'
Please try all these and let me know your registration form works.