Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to Implement Registration Functionality in PHP?

    • 0
    • 0
    • 0
    • 1
    • 0
    • 0
    • 0
    • 666
    Answer it

    Programmers,

    I wrote a registration.php (member reg) and it was working fine but the coding was not perfect (old version).
    Neated-up the new version but I see a complete blank page once I click "Register" button. I do not get this mssg any more:

    Thank you for your registration! Check your email for details on how to activate your account which you just registered."

    What is wrong ?

    Old version:

    <?php
    
    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors', '1');
    ini_set('display_startup_errors', '1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
    
    include 'config.php';
    
    // check if user is already logged in
    if (is_logged() === true) {
    	die("You are already logged-in! No need to register again!");
    }
    
    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {
    	if (isset($_POST["username"]) && 
    	   isset($_POST["password"]) &&
    	   isset($_POST["password_confirmation"]) && 
    	   isset($_POST["email"]) && 
    	   isset($_POST["email_confirmation"]) && 
    	   isset($_POST["first_name"]) && 
    	   isset($_POST["gender"]) &&
    	   isset($_POST["surname"])) {
     
    		//TypeCast the INT to STRING on the 1st parameter of sha1 as 1st parameter needs to be a STRING.
    	   	$account_activation_code = sha1( (string) mt_rand(5, 30));
    		$account_activation_link = "http://www.".$site_domain."/".$social_network_name."/activate_account.php?email=".$_POST['email']."&account_activation_code=".$account_activation_code."";
    		$username 	= trim(mysqli_real_escape_string($conn, $_POST["username"]));
    		$password 	= $_POST["password"];
    		$password_confirmation 	= $_POST["password_confirmation"];
            $first_name	= trim(mysqli_real_escape_string($conn, $_POST["first_name"]));
            $surname 	= trim(mysqli_real_escape_string($conn, $_POST["surname"]));
    		$gender 	= trim(mysqli_real_escape_string($conn, $_POST["gender"]));
            $email 		= trim($_POST["email"]);
            $email_confirmation = trim($_POST["email_confirmation"]);
            $account_activation_status = 0; // 1 = active | 0 = not active
    
            //Hashed Password.
    		$hashed_password = password_hash($password, PASSWORD_DEFAULT);
            
    		//SEE IF BELOW CODE AFTER FOLLOWING WORKS OR NOT AS SUBSTITUTE FUNCTION OVER mysqli_stmt_get_result FUNCTION
    		//Select Username and Email to check against Mysql DB if they are already registered or not.
    		$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
    		mysqli_stmt_bind_param($stmt, 'ss', $username, $email_confirmation);
    		mysqli_stmt_execute($stmt);
    		$result = mysqli_stmt_get_result($stmt);
    		
    		$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            
    		// Check if inputted Username is already registered or not.
    		if ($row['usernames'] == $username) {
    			$_SESSION['error'] = "That username is already registered.";
    		// Check if inputted Username is between 8 to 30 characters long or not.
    		} elseif (strlen($username) < 8 || strlen($username) > 30) {
    			$_SESSION['error'] = "Username must be between 8 to 30 characters long!";
    		// Check if inputted Email is already registered or not.
    		} elseif ($row['emails'] == $email) {
    			$_SESSION['error'] = "That email is already registered.";
    		// Check if both inputted EMails match or not.
    		} elseif ($email != $email_confirmation) {
    			$_SESSION['error'] = "Emails don't match!";
    		// Check if inputed Email is valid or not.
    		} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    			$_SESSION['error'] = "Invalid email! Insert your real Email in order for us to email you your account activation details.";
    		// Check if both inputted Passwords match or not.
    		} elseif ($password != $password_confirmation) {
    			$_SESSION['error'] = "Passwords don't match.";
    		// Check if Password is between 8 to 30 characters long or not.
    		} elseif (strlen($password) < 8 || strlen($password) > 30) {
    			$_SESSION['error'] = "Password must be between 6 to 30 characters long!";
    		} else {
    
    			//Insert the user's input into Mysql database using php's sql injection prevention method.
    			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
    			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_password, $email, $first_name, $surname, $gender, $account_activation_code, $account_activation_status);
    			mysqli_stmt_execute($stmt);
    
    			//Check if user's registration data was successful submitted or not.
    			if (mysqli_stmt_insert_id($stmt)) {
    				echo "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email for details on how to activate your account you just registered.</h3>";
    
    				//Send account activation link by email for user to confirm his email and activate his new account.
    				$to = $email;
    				$subject = "Your ".$site_name." account activation!";
    				$body  = nl2br("
    				===============================\r\n
    				".$site_name." \r\n
    				===============================\r\n
    				From: ".$site_admin_email."\r\n
    				To: ".$email."\r\n
    				Subject: Yours ".$subject." account activation \r\n
    				Message: ".$first_name." ".$surname."\r\n You need to click on following <a href=".$account_activation_link.">link</a> to activate your account by confirming your email address. \r\n");
    				$headers = "From: " . $site_admin_email . "\r\n";
    			
    			    if (mail($to,$subject,$body,$headers)) {
    			    	$_SESSION['error'] = "Registration sucessful! Check your email for further instructions!";
    					
    					//Clear the Session Error so it can no longer be used.
    					unset($_SESSION['error']);
    					unset($_POST);
    					exit();
    					
    					//Redirect user to login page after 5 seconds.
    					header("refresh:5;url=login.php");
    			    } 
    				else 
    				{
    			    	$_SESSION['error'] = "Email not sent, please contact website administrator!";
    			    }			    
    			} 
    			else 
    			{
    				$_SESSION['error'] = "There was a problem in trying to register you! Try again some other time.";
    			}
    	    }
    	}
    }
    
    ?>
    <!DOCTYPE html>
    <html>
    	<head>
    		<title><?php $social_network_name ?> Signup Page</title>
    	</head>
    <body>
    <div class ="container">
    
    <?php
    
    // error messages
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
    	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    
    ?>
    
    <form method="post" action="">
    	<center><h2>Signup Form</h2></center>
    	<div class="form-group">
    		<center><label>Username:</label>
    		<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Password:</label>
    		<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
    	</div>
    	<div class="form-group">
    		<center><label>Repeat Password:</label>
    		<input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
    	</div>
    	<div class="form-group">
    		<center><label>First Name:</label>
    		<input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Surname:</label>
    		<input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Gender:</label>
    		<input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
    	</div>
    	<div class="form-group">
    		<center><label>Email:</label>
    		<input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Repeat Email:</label>
    		<input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
    	</div>
    	<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
    	<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
    
    </form>
    
    </div>
    </body>
    </html>

    What is wrong with the new version ?

    New Version

    <?php
    
    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors', '1');
    ini_set('display_startup_errors', '1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
    
    include 'config.php';
    
    //Step 1: Before registering User account, check if User is already registered or not.
    
    //Check if User is already logged-in or not.
    if (is_logged() === true) {
    	die("You are already logged-in! No need to register again!");
    }
    
    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {
    //Step 2: Check User Submitted Details.
    	
    	//Check if user made all the required inputs or not.
    	if (isset($_POST["username"]) && 
    	   isset($_POST["password"]) &&
    	   isset($_POST["password_confirmation"]) && 
    	   isset($_POST["email"]) && 
    	   isset($_POST["email_confirmation"]) && 
    	   isset($_POST["first_name"]) && 
    	   isset($_POST["surname"]) && 
    	   isset($_POST["gender"])) {
    		   
    //Step  3: Check User details for matches against database. If no matches then validate inputs and register User account.
    		   
    		//Create variables based on user inputs.
    		$username 	= trim($_POST["username"]);
    		$password 	= $_POST["password"];
    		$password_confirmation = $_POST["password_confirmation"];
    		$email 		= trim($_POST["email"]);
            $email_confirmation = trim($_POST["email_confirmation"]);
            $first_name	= trim($_POST["first_name"]);
            $surname 	= trim($_POST["surname"]);
    		$gender 	= $_POST["gender"];	
    	   	$account_activation_code = sha1( (string) mt_rand(5, 30)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
    		$account_activation_link = "http://www.".$site_domain."/".$social_network_name."/activate_account.php?email=".$_POST['email']."&account_activation_code=".$account_activation_code."";
    		$account_activation_status = 0; // 1 = active; 0 = not active.
            $hashed_password = password_hash($password, PASSWORD_DEFAULT); //Encrypt the password.
            
    		//Select Username and Email to check against Mysql DB if they are already registered or not.
    		$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
    		mysqli_stmt_bind_param($stmt, 'ss', $username, $email);
    		mysqli_stmt_execute($stmt);
    		$result = mysqli_stmt_get_result($stmt);		
    		$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
            
    		// Check if inputted Username is already registered or not.
    		if ($row['usernames'] == $username) {
    			$_SESSION['error'] = "That username is already registered.";
    			exit();
    		// Check if inputted Username is between the required 8 to 30 characters long or not.
    		} elseif (strlen($username) < 8 || strlen($username) > 30) {
    			$_SESSION['error'] = "Username must be between 8 to 30 characters long!";
    			exit();
    		// Check if both inputted Emails match or not.
    		} elseif ($email != $email_confirmation) {
    			$_SESSION['error'] = "Emails don't match!";
    			exit();
    		// Check if inputed Email is valid or not.
    		} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    			$_SESSION['error'] = "Invalid email! Insert your real Email in order for us to email you your account activation details.";
    			exit();
    		// Check if inputted Email is already registered or not.
    		} elseif ($row['emails'] == $email) {
    			$_SESSION['error'] = "That email is already registered.";
    			exit();
    		// Check if both inputted Passwords match or not.
    		} elseif ($password != $password_confirmation) {
    			$_SESSION['error'] = "Passwords don't match.";
    			exit();
    		// Check if Password is between 8 to 30 characters long or not.
    		} elseif (strlen($password) < 8 || strlen($password) > 30) {
    			$_SESSION['error'] = "Password must be between 6 to 30 characters long!";
    			exit();
    		} 
    		else 
    		{
    			//Insert the user's inputs into Mysql database using php's sql injection prevention method "Prepared Statements".
    			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations_statuses) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
    			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_password, $email, $first_name, $surname, $gender, $account_activation_code, $account_activation_status);
    			mysqli_stmt_execute($stmt);
    
    			//Check if user's registration data was successfully submitted or not.
    			if (!$stmt)
    			{
    				$_SESSION['error'] = "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time.";
    				clear_registration_session();
    			}
    			else 
    			{
    				//Email the account activation link for user to click it to confirm their email and activate their new account.
    				$to = $email;
    				$subject = "Your ".$site_name." account activation details!";
    				$body  = nl2br("
    				===============================\r\n
    				".$site_name." \r\n
    				===============================\r\n
    				From: ".$site_admin_email."\r\n
    				To: ".$email."\r\n
    				Subject: Yours ".$subject." \r\n
    				Message: ".$first_name." ".$surname."\r\n You need to click on this following <a href=".$account_activation_link.">link</a> to activate your account. \r\n");
    				$headers = "From: " . $site_admin_email . "\r\n";
    			
    			    if (!mail($to,$subject,$body,$headers)) 
    				{
    					$_SESSION['error'] = "Sorry! We have failed to email you your account activation details. Please contact the website administrator!";
    					clear_registration_session();
    				}
    				else
    				{
    					echo "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email for details on how to activate your account which you just registered.</h3>";
    					exit();
    				}
    			}
    	    }
    	}
    }
    
    ?>
    
    <?php
    // Error Messages.
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
    	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>
    
    <?php
    //Session Messages.
    if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
    	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>
    
    <?php
    //Clear Registration Session.
    function clear_registration_session()
    	{
    		//Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
    		unset($_SESSION['message']);
    		unset($_SESSION['error']);
    		unset($_POST);
    		exit();
    	}
    ?>
    
    <!DOCTYPE html>
    <html>
    	<head>
    		<title><?php $social_network_name ?> Signup Page</title>
    	</head>
    <body>
    <div class ="container">
    <form method="post" action="">
    	<center><h2>Signup Form</h2></center>
    	<div class="form-group">
    		<center><label>Username:</label>
    		<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Password:</label>
    		<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
    	</div>
    	<div class="form-group">
    		<center><label>Repeat Password:</label>
    		<input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
    	</div>
    		<div class="form-group">
    		<center><label>Email:</label>
    		<input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Repeat Email:</label>
    		<input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>First Name:</label>
    		<input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Surname:</label>
    		<input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
    	</div>
    	<div class="form-group">
    		<center><label>Gender:</label>
    		<input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
    	</div>
    	<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
    	<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
    </form>
    </div>
    </body>
    </html>

     

 1 Answer(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: