Ok so i spent 5 minuted coming up with a decent title which would give the reader a good understanding of my problem. I have a form, a php code to add a new user(the user registration part of any website) and a database. I have decent enough error checking in the php code. However when i fill the form and click register, no error is shown. Under normal circumstances, it means success, but in this case, the data from the form does not go into the database. Am i missing something? I am fairly new to php user authorization / validation so it could mean i am missing something. The code is as follows:
form:
<form class="form-inline" method="post" name="login_form">
<form action="useradd.php" method="post">
<p><input type="text" class="span2" name="firstname" id="firstname" placeholder="First Name"></p>
<p><input type="text" class="span2" name="lastname" id="Last Name" placeholder="Last Name"></p>
<p><input type="text" class="span2" name="username" id="username" placeholder="Username"></p>
<p class="help-block" style="font-size:12px"> Username should be between 4-20 characters long.</p>
<p><input type="Password" class="span2" name="Password" placeholder="Password"></p>
<p class="help-block" style="font-size:12px"> Password must be between 4-20 characters long. Must be alpha-numeric</p>
<p><input type="Password" class="span2" name="Password" placeholder="Re-Enter Password"></p>
<p><input type="text" class="span4" name="emailid" id="emailid" placeholder="Emaid ID - example@example.com"></p>
<p><input type="text" class="span2" name="teamname" id="teamname" placeholder="Team name"></p>
<p class="help-block" style="font-size:12px"> Select your Unique team name.</p>
<p>
<select class="selectpicker">
<option>The name of the city where you were born</option>
<option>The name of your first pet</option>
<option>What is your mother's maiden name</option>
</select>
</p>
<p><input type="text" class="span2" name="secretanswer" id="secretanswer" placeholder="Secret Answer"></p>
<p>
<input type="hidden" name="form_token" value="<?php echo $form_token; ?>" /><br />
<p><button type="submit" class="btn btn-primary">Register</button></p>
</form>
php file - named useradd.php
<?php
/*** begin our session ***/
session_start();
/*** first check that both the username, password, form token etc have been sent ***/
if(!isset( $_POST['firstname'],$_POST['lastname'],$_POST['username'], $_POST['password'],$_POST['emailid'],$_POST['teamname'],$_POST['secret_question'],$_POST['secret_answer'], $_POST['form_token']))
{
$message = 'Please make sure you have the filled the form correctly';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
$message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
$message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
$message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$firstname = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
$lastname = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$emailid = filter_var($_POST['emailid'], FILTER_SANITIZE_STRING);
$teamname = filter_var($_POST['teamname'], FILTER_SANITIZE_STRING);
$secret_question = filter_var($_POST['secret_question'], FILTER_SANITIZE_STRING);
$secret_answer = filter_var($_POST['secret_answer'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1( $password );
/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';
/*** mysql username ***/
$mysql_username = 'root';
/*** mysql password ***/
$mysql_password = 'hassan28';
/*** database name ***/
$mysql_dbname = 'adb project';
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the insert ***/
$stmt = $dbh->prepare("INSERT INTO users (firstname,lastname,username,password,emailid,teamname, secret_question,secret_answer ) VALUES (:firstname,:lastname,:username,:password, :emailid,:teamname,:secret_question,:secret_answer)");
/*** bind the parameters ***/
$stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
$stmt->bindParam(':emailid', $emailid, PDO::PARAM_STR);
$stmt->bindParam(':teamname', $teamname, PDO::PARAM_STR);
$stmt->bindParam(':secret_question', $secret_question, PDO::PARAM_STR);
$stmt->bindParam(':secret_answer', $secret_answer, PDO::PARAM_STR);
/*** execute the prepared statement ***/
$stmt->execute();
/*** unset the form token session variable ***/
unset( $_SESSION['form_token'] );
/*** if all is done, say thanks ***/
$message = 'New user added';
}
catch(Exception $e)
{
/*** check if the username already exists ***/
if( $e->getCode() == 23000)
{
$message = 'Username already exists';
}
else
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later"';
}
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<p><?php echo $message; ?>
</body>
</html>
Check secretanswer (in html) vs secret_answer (in php). Should be:
<p><input type="text" class="span2" name="secret_answer" id="secret_answer" placeholder="Secret Answer"></p>
Also your PHP requires a value for "secret_question" but your form is not submitting that. You want something like this:
<select class="selectpicker" id="secret_question" name="secret_question">
<option value="city_born">The name of the city where you were born</option>
<option value="first_pet">The name of your first pet</option>
<option value="mom_maiden_name">What is your mother's maiden name</option>
</select>
In your MySQL query, you are using the field name secret answer, which should be secret_answer.
-- Connor