I am trying to create this login/registration form with validation

Question

I am getting some sort of php error in my code but i am not sure what it is my code starts to get funny at the end when you get to the bottom php. I am trying to validate the username and password but iam getting some type of error

   <?php 
        include 'config.php';

    ?>
    <!DOCTYPE html>
    <html>
    <head>
        <title>Register Page</title>
    <link rel="stylesheet" href="style.css">
    </head>
    <body>

        <div id="main-wrapper">
            <center>
                <h2 style="color: white;">Register Page</h2>
            <img class="avatar" src="spaceman2.jpg" style="height: 100px; width: 100px" />

            </center>

            <form class="my-form" action="register.php" method="post">
                <label><b>Username<b></label>
                <input name="username" type="text" class="input-values" placeholder="Your username" required/>

                <label><b>Password<b></label>
                <input name="password" type="password" class="input-values" placeholder="Your password" required/>

                <label><b>Confirm Password<b></label>
                <input name="cpassword" type="password" class="input-values" placeholder="Confirm password" required/>

                <input name="signup_btn" id="signup-btn" type="submit" value="Sign Up"/>
                <br/>
                <a href="login.php"><input id="back-btn"  type="button" value="<- Back"/></a>

            </form>


    <?php

                if(isset($_POST['signup_btn']))
                {
                    //echo '<script type="text/javascript"> alert("You are now signed in!")</script>';

                    $username = $_POST['username'];
                    $password = $_POST['password'];
                    $cpassword = $_POST['password'];

                    if($password == $cpassword)
                    {
                        $query= "SELECT * FROM user WHERE username ='$username'";

                        $query_run = mysqli_query($con,$query);

                        if(mysqli_num_rows($query_run)>0)
                        {
                            echo '<script type="text/javascript"> alert("Astronaut name already exist") </script>';

                        }
                        {
                            $query= "insert into user values('$username','$password')";
                            $query_run = mysqli_query($con, $query);

                            if($query_run)
                            {
                                echo '<script type="text/javascript"> alert("Astronaut is now registered! Go to Login Page!") </script>';
                            }
                            else 
                            {
                                echo '<script type="text/javascript"> alert("Error!") </script>';
                            }
                        }


            ?>

Edit your question and add the complete text of the error message. Also, show which line of code is causing the error (since the question doesn't show line numbers) — Sloan Thrasher, Apr 15 '18 at 21:04
Please do not store the password directly. PHP has a function to hash the password so if your db is compromised, the hacker doesn't get the actual passwords. — Sloan Thrasher, Apr 15 '18 at 21:07
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text** or a weak hash like **SHA1 or MD5**. — tadman, Apr 15 '18 at 21:43
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Apr 15 '18 at 21:43
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, Apr 15 '18 at 21:43
A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so mistakes aren't easily ignored. — tadman, Apr 15 '18 at 21:45

score 0 · Answer 1 · answered Apr 15 '18 at 21:06

0

A few things:

Your $cpassword is referencing your $_POST['password'] instead of cpassword.

Your insert statement is missing the column references before your VALUES.

You should also consider some password hashing / encryption.

answered Apr 15 '18 at 21:06

Emerge2001

33
4

This is just the tip of a very big iceberg. – tadman Apr 15 '18 at 21:44

score 0 · Answer 2 · answered Apr 15 '18 at 21:13

Your code has error because of

specially in the php

you forgot else and you used password for $cpasswrod

inhtml you don't close </b>

<?php
                include 'config.php';
                if(isset($_POST['signup_btn']))
                {
                    //echo '<script type="text/javascript"> alert("You are now signed in!")</script>';

                    $username = $_POST['username'];
                    $password = $_POST['password'];
                    $cpassword = $_POST['cpassword'];

                    if($password == $cpassword){
                        $query= "SELECT * FROM user WHERE username ='$username'";

                        $query_run = mysqli_query($con,$query);

                        if(mysqli_num_rows($query_run)>0)
                        {
                            echo '<script type="text/javascript"> alert("Astronaut name already exist") </script>';

                        }
                        else{
                            $query= "insert into user values('$username','$password')";
                            $query_run = mysqli_query($con, $query);

                            if($query_run)
                            {
                                echo '<script type="text/javascript"> alert("Astronaut is now registered! Go to Login Page!") </script>';
                            }
                            else 
                            {
                                echo '<script type="text/javascript"> alert("Error!") </script>';
                            }
                        }

                    }
                }
            ?>
    <html>
    <head>
        <title>Register Page</title>
    <link rel="stylesheet" href="style.css" />
    </head>
    <body>

        <div id="main-wrapper">
            <center>
                <h2 style="color: white;">Register Page</h2>
            <img class="avatar" src="spaceman2.jpg" style="height: 100px; width: 100px" />

            </center>

            <form class="my-form" action="index.php" method="post">
                <label><b>Username</b></label>
                <input name="username" type="text" class="input-values" placeholder="Your username" required/>

                <label><b>Password</b></label>
                <input name="password" type="password" class="input-values" placeholder="Your password" required/>

                <label><b>Confirm Password</b></label>
                <input name="cpassword" type="password" class="input-values" placeholder="Confirm password" required/>

                <input name="signup_btn" id="signup-btn" type="submit" value="Sign Up"/>
                <br/>
                <a href="login.php"><input id="back-btn"  type="button" value="<- Back"/></a>

            </form>

        </div>
        </body>
</html>

I hope it helps

score 0 · Answer 3 · answered Apr 15 '18 at 21:30

Here is a new version of your code: (Try it)

<?php 
    include 'config.php';
?>
<!DOCTYPE html>
<html>
    <head>
        <title>Register Page</title>
        <link rel="stylesheet" href="style.css">
    </head>
    <body>
        <div id="main-wrapper">
            <center>
                <h2 style="color: white;">Register Page</h2>
                <img class="avatar" src="spaceman2.jpg" style="height: 100px; width: 100px" />
            </center>
            <form class="my-form" action="register.php" method="post">
                <label><b>Username</b></label>
                <input name="username" type="text" class="input-values" placeholder="Your username" required />

                <label><b>Password</b></label>
                <input name="password" type="password" class="input-values" placeholder="Your password" required />

                <label><b>Confirm Password</b></label>
                <input name="cpassword" type="password" class="input-values" placeholder="Confirm password" required />

                <input name="signup_btn" id="signup-btn" type="submit" value="Sign Up"/>
                <br/>
                <a href="login.php"><input id="back-btn"  type="button" value="<- Back"/></a>
            </form>
            <?php

            if(isset($_POST['signup_btn']))
            {
                //echo '<script type="text/javascript"> alert("You are now signed in!")</script>';

                $username = $_POST['username'];
                $password = $_POST['password'];
                $cpassword = $_POST['cpassword'];

                if($password == $cpassword)
                {
                    $query= "SELECT * FROM user WHERE username ='$username'";

                    $query_run = mysqli_query($con,$query);

                    if(mysqli_num_rows($query_run)>0)
                    {
                        echo '<script type="text/javascript"> alert("Astronaut name already exist") </script>';

                    }else
                    {
                        $query= "insert into user (username, password) values('$username','$password')";
                        $query_run = mysqli_query($con, $query);

                        if($query_run)
                        {
                            echo '<script type="text/javascript"> alert("Astronaut is now registered! Go to Login Page!") </script>';
                        }
                        else 
                        {
                            echo '<script type="text/javascript"> alert("Error!") </script>';
                        }
                    }
                }
            }
            ?>
        </div>
    </body>
</html>

I am trying to create this login/registration form with validation

3 Answers3