Code: Select all
<?php
include("db.php"); // connects to database, database connection object is $db
session_start();
function usernameTaken($username){ // determines if the chosen username is already taken
global $db;
$q = "SELECT username FROM users WHERE username = '$username'";
$result = mysqli_query($db, $q);
return (mysqli_num_rows($result) > 0);
}
function validateRegData() { // checks the submitted form details, returns a string if there is a problem
global $error_msg;
/* Make sure all fields were entered */
if(!$_POST['username'] || !$_POST['password']){
$error_msg = "One of the required fields are missing.";
return $error_msg;
}
/* Spruce up username, check length */
$_POST['username'] = trim($_POST['username']);
if( strlen( $_POST['username'] ) > 30 ) {
$error_msg = "Your username is too long. Try something with 30 characters or less.";
return $error_msg;
}
/* check if username has been taken */
if( usernameTaken( $_POST['username'] ) ) {
$error_msg = "Username <strong>" . $_POST['username'] . "</strong> has already been taken. Pick another one.";
return $error_msg;
}
/* all ok */
return '';
}
/* main body of code begins here */
if ( $_POST['submit_register'] ) { // if the form has been submitted...
$error = validateRegData(); // validate the form details
if ( !$error ) { // if there is no error...
// all details ok, perform insertion into users table
$username = $_POST['username'];
$password = md5($_POST['password']); // hash the password
$q = "INSERT INTO users VALUES ( NULL, '$username', '$password' )";
if ( mysqli_query($db, $q) ) { // if query was successful...
$_SESSION['registered'] = true;
} else { // the user wasn't registered
$_SESSION['registered'] = false;
}
unset( $_POST );
// refresh page automatically, so that user does not get a chance to accidentally hit Refresh and redo insertion
header("Location: " . $_SERVER['PHP_SELF'] );
}
}
?>
<html>
<head>
<title>Register an account</title>
</head>
<body>
<?php if ( isset($_SESSION['registered']) ) { // if a database insertion attempt has been made...
if ( $_SESSION['registered'] ) { // and the user was successfully registered... ?>
<h2>Success!</h2>
Your account has been registered successfully. You may now login.
<?php
} else { // there was a problem with executing the query ?>
<h2>Oops!</h2>
There was something wrong with registering your account, and we dont know what!<br/>
Do try again later, it just might work.
<?php
}
unset ( $_SESSION['registered'] ); // so that if the user comes back to this page again, the form is shown
} else { // the form has been submitted but there was an error, or the form is opened for the first time ?>
<h2>Register an account</h2>
<p><?php echo $error; // print out any error message ?></p>
<form action='<?php echo $_SERVER['PHP_SELF'];?>' method='post'>
<table border="0"><tbody>
<tr><td class='caption'>Username: </td><td class='field'><input type='text' name='username' /></td></tr>
<tr><td class='caption'>Password: </td><td class='field'><input type='password' name='password' /></td></tr>
<tr><td colspan='2'><input type='submit' name='submit_register' value='Register'/></td></tr>
</tbody></table>
</form>
<?php } ?>
</body>
</html>
After the insertion attempt, the session variable $_SESSION['registered'] is set to either true or false, depending on whether the query was successful. The page is refreshed by setting Location: in the header. If the insertion query was successful, a success message is shown. Otherwise, "unknown error" is shown. The session variable $_SESSION['registered'] is then unset, so that if the user comes to this page again, the entire process restarts.
The problem I have now is:
The script is able to catch invalid form data and prompt the error to the user. If the data was OK, the insert query is performed, the new record shows up in the table, but the script does not show the success message, instead it shows the form. When i try to debug by echoing $_SESSION['registered'] after the body tag opens at line 70, I get this:
I found out that if I don't unset $_SESSION['registered'] at line 88, the "success" message shows. Could someone please point out my mistake(s)?$_SESSION['registered'] =
Many thanks in advance.