Issue
I have built a signup system with php and it's supposed to connect with phpmyadmin via my working apache and mysql servers. But when I click the "signup" knob, instead of opening up/running signup.inc.php, it looks like this:
Underneath is, respectively: dbh.inc.php, signup.inc.php, index.met.interne.header.en.footer (the main file), and signup.inc.php. Sorry for ULing so much files.
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login.system";
$conn = mysql_connect($dbServername, $dbUsername, $dbPassword, $dbName);<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$uid = mysql_real_escape_string($conn, $_POST['uid']);
$kvk = mysql_real_escape_string($conn, $_POST['kvk']);
$bedrijfsnaam = mysqli_real_escape_string($conn, $_POST['bedrijfsnaam']);
$merknaam = mysql_real_escape_string($conn, $_POST['merknaam']);
$email = mysql_real_escape_string($conn, $_POST['email']);
$wachtwoord = mysql_real_escape_string($conn, $_POST['wachtwoord']);
//Error handlers
//Check for empty fields
if (empty($kvk) && empty($bedrijfsnaam) ) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if input characters are valid
if (!preg_match("/^[0-9]*$/", $kvk)) || (!preg_match("/^[a-zA-Z]*$/", $bedrijfsnaam)) {
header("Location: ../signup.php?signup=invalid");
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=invalid.email");
exit();
}
else {
//Hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database [deze moeten we nog af chappen zodat alles khlopt]
$sql = "INSERT INTO users (buser_kvk, buser_kvk, buser_bedrijfsnaam, buser_merknaam, buser_email, buser_wachtwoord) VALUES
('$bedrijfsnaam', '$merknaam', '$email', '$kvk', '$uid', '$hashedPwd');";
mysql_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
} else {
header("Location: ../signup.php");
exit();
}<?php
include 'includes/signup.inc.php'
session_start();
?>
<?php
if (isset($_SESSION['u_id'])) {
echo '<form action="includes/logout.inc.php" method="POST">
<button type="submit" name="submit">Logout</button>
</form>';
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Registratie - Namei voor bedrijven</title>
<link rel="stylesheet" type="text/css" href="stijltje.css">
</head>
<body>
<header>
<nav>
<div class="wrapper">
<ul>
<li><a href="index.php">Namei</a></li>
</ul>
<div class="nav-login">
<a href="signup.php">Inloggen</a>
</div>
</div>
</nav>
</header>
<section class="main-container">
<div class="wrapper">
<h2>Registratie</h2>
<form class="Registratie-formulier" action="includes/signup.inc.php" method="POST">
<input type="ciphers" name="kvk" placeholder="KvK">
<input type="text" name="bedrijfsnaam" placeholder="Geregistreerde bedrijfsnaam">
<input type="text" name="merknaam" placeholder="Merknaam">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="wachtwoord" placeholder="wachtwoord">
<button type="submit" name="submit"></button>
</form>
</div>
</section>
</body>
</html><?php
ini_set("display_errors", 1);
ini_set("track_errors", 1);
ini_set("html_errors", 1);
error_reporting(E_ALL);
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
//Moet nog checken hoe ik die dengen moet noumen
$uid = mysql_real_escape_string($conn, $_POST['uid'];
$wachtwoord = mysql_real_escape_string($conn, $_POST['wachtwoord'];
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE buser_id='$uid' OR user_email='$kvk'";
$result + mysql_close($conn, $sql);
$resultCheck = mysql_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysql_fetch_assoc($result)) {
//De-hashing sum password
$hashedPwdCheck = password_verify($wachtwoord, $row['buser_wachtwoord']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['buser_id'];
$_SESSION['u_bedrijfsnaam'] = $row['buser_bedrijfsnaam'];
$_SESSION['u_kvk'] = $row['buser_kvk'];
$_SESSION['u_email'] = $row['buser_email'];
$_SESSION['u_uid'] = $row['buser_kvk'];
$_SESSION['u_merknaam'] = $row['buser_merknaam'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}n "signup.inc.php" but this is what it looks like:
Solution
After further investigation, we found out that the server configuration was a little bit off and we had to do some changes. Redirections were not using the HTTP protocol nor executing the files at opening.
Once we got that figured out, the connection to the database was not being established, hence mysqli_real_escape_string() was returning empty values. To solve this, we made sure that all the information in mysqli_connect() was correct, which was not. Not to mention that the order of the parameters was wrong (mysql/mysqli differences) in all the files.
Finally, for some weird reason, the users table was nowhere to be found in the database, so we had to create it and fix the SQL query because the data was not being inserted.
The rest were some logic errors and stuff like that, but there is no clean way to explain it all here. The problems were resolved successfully.
TL;DR
The data was being sent correctly, but some server misconfigurations and programming errors caused all the issues that were described (and some more along the way).
Answered By - Zeke
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.