I need some help with my PHP code

Question

1.00/5 (4 votes)

See more:

<?php
	include("includes/config.php");
	include("includes/classes/Account.php");
	include("includes/classes/Constants.php");
	include("includes/banner.php");

	$account = new Account($con);

	include("includes/handlers/register-handler.php");
	include("includes/handlers/login-handler.php");

	function getInputValue($name) {
		if(isset($_POST[$name])) {
			echo $_POST[$name];
		}
	}
?>

<html>
<head>
	<title>TEST</title>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<link rel="stylesheet" type="text/css" href="assets/css/register.css">

	<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
	<script src="assets/js/register.js"></script>
</head>
<body>
	<?php

	if(isset($_POST['registerButton'])) {
		echo '<script>
				$(document).ready(function() {
					$("#loginForm").hide();
					$("#registerForm").show();
				});
			</script>';
	}
	else {
		echo '<script>
				$(document).ready(function() {
					$("#loginForm").show();
					$("#registerForm").hide();
				});
			</script>';
	}

	?>
	
	
	<div id="background">

		<div id="loginContainer">

			<div id="inputContainer">
				<form id="loginForm" action="register.php" method="POST">
					<h2>Login to your account</h2>
					<p>
						<?php echo $account->getError(Constants::$loginFailed); ?>
						<label for="loginUsername">Username</label>
						<input id="loginUsername" name="loginUsername" type="text" placeholder="e.g. JumperFam123" value="<?php getInputValue('loginUsername') ?>" required autocomplete="off">
					</p>
					<p>
						<label for="loginPassword">Password</label>
						<input id="loginPassword" name="loginPassword" type="password" placeholder="Your password" required>
					</p>

					<button type="submit" name="loginButton">LOG IN</button>

					

					<div class="hasAccountText">
						<span id="hideLogin">Don't have an account yet? Signup here.</span>
					</div>
					
				</form>



				<form id="registerForm" action="register.php" method="POST">
					<h2>Create your free account</h2>
					<p>
						<?php echo $account->getError(Constants::$usernameCharacters); ?>
						<?php echo $account->getError(Constants::$usernameTaken); ?>
						<label for="username">Username</label>
						<input id="username" name="username" type="text" placeholder="e.g. JumperFam123" value="<?php getInputValue('username') ?>" required>
					</p>

					<p>
						<?php echo $account->getError(Constants::$firstNameCharacters); ?>
						<label for="firstName">First name</label>
						<input id="firstName" name="firstName" type="text" placeholder="e.g. Jumper" value="<?php getInputValue('firstName') ?>" required>
					</p>

					<p>
						<?php echo $account->getError(Constants::$lastNameCharacters); ?>
						<label for="lastName">Last name</label>
						<input id="lastName" name="lastName" type="text" placeholder="e.g. Fam123" value="<?php getInputValue('lastName') ?>" required>
					</p>

					<p>
						<?php echo $account->getError(Constants::$emailsDoNotMatch); ?>
						<?php echo $account->getError(Constants::$emailInvalid); ?>
						<?php echo $account->getError(Constants::$emailTaken); ?>
						<label for="email">Email</label>
						<input id="email" name="email" type="email" placeholder="e.g. jumperfam123@gmail.com" value="<?php getInputValue('email') ?>" required>
					</p>

					<p>
						<label for="email2">Confirm email</label>
						<input id="email2" name="email2" type="email" placeholder="e.g. jumperfam123@gmail.com" value="<?php getInputValue('email2') ?>" required>
					</p>

					<p>
						<?php echo $account->getError(Constants::$passwordsDoNoMatch); ?>
						<?php echo $account->getError(Constants::$passwordNotAlphanumeric); ?>
						<?php echo $account->getError(Constants::$passwordCharacters); ?>
						<label for="password">Password</label>
						<input id="password" name="password" type="password" placeholder="Your password" required>
					</p>

					<p>
						<label for="password2">Confirm password</label>
						<input id="password2" name="password2" type="password" placeholder="Your password" required>
					</p>

					<button type="submit" name="registerButton">SIGN UP</button>

					<div class="hasAccountText">
						<span id="hideRegister">Already have an account? Log in here.</span>
					</div>
					
				</form>


			</div>

			<div id="loginText">
				<h1>Local, for sure.</h1>
				<h2>Listen to loads of songs for free</h2>
				<ul>
					<li>Discover music you'll fall in love with</li>
					<li>Create your own playlists</li>
					<li>Follow artists to keep up to date</li>
				</ul>
			</div>

		</div>
	</div>

</body>
</html>

<meta name="viewport" content="width=device-width, initial-scale=1.0">

<?php 

function sanitizeFormPassword($inputText) {
	$inputText = strip_tags($inputText);
	return $inputText;
}

function sanitizeFormUsername($inputText) {
	$inputText = strip_tags($inputText);
	$inputText = str_replace(" ", "", $inputText);
	return $inputText;
}

function sanitizeFormString($inputText) {
	$inputText = strip_tags($inputText);
	$inputText = str_replace(" ", "", $inputText);
	$inputText = ucfirst(strtolower($inputText));
	return $inputText;
}


if(isset($_POST['registerButton'])) {
	//Register button was pressed
	$username = sanitizeFormUsername($_POST['username']);
	$firstName = sanitizeFormString($_POST['firstName']);
	$lastName = sanitizeFormString($_POST['lastName']);
	$email = sanitizeFormString($_POST['email']);
	$email2 = sanitizeFormString($_POST['email2']);
	$password = sanitizeFormPassword($_POST['password']);
	$password2 = sanitizeFormPassword($_POST['password2']);

	$wasSuccessful = $account->register($username, $firstName, $lastName, $email, $email2, $password, $password2);

	if($wasSuccessful == true) {
		$_SESSION['userLoggedIn'] = $username;
		header("Location: index.php");
	}

}


?>

<?php
	class Account {

		private $con;
		private $errorArray;

		public function __construct($con) {
			$this->con = $con;
			$this->errorArray = array();
		}

		public function login($un, $pw) {

			$pw = md5($pw);

			$query = mysqli_query($this->con, "SELECT * FROM users WHERE username='$un' AND password='$pw'");

			if(mysqli_num_rows($query) == 1) {
				return true;
			}
			else {
				array_push($this->errorArray, Constants::$loginFailed);
				return false;
			}

		}

		public function register($un, $fn, $ln, $em, $em2, $pw, $pw2) {
			$this->validateUsername($un);
			$this->validateFirstName($fn);
			$this->validateLastName($ln);
			$this->validateEmails($em, $em2);
			$this->validatePasswords($pw, $pw2);

			if(empty($this->errorArray) == true) {
				//Insert into db
				return $this->insertUserDetails($un, $fn, $ln, $em, $pw);
			}
			else {
				return false;
			}

		}

		public function getError($error) {
			if(!in_array($error, $this->errorArray)) {
				$error = "";
			}
			return "$error";
		}

		private function insertUserDetails($un, $fn, $ln, $em, $pw) {
			$encryptedPw = md5($pw);
			$profilePic = "assets/images/profile-pics/head_emerald.png";
			$date = date("Y-m-d");

			$result = mysqli_query($this->con, "INSERT INTO users VALUES ('', '$un', '$fn', '$ln', '$em', '$encryptedPw', '$date', '$profilePic')");

			return $result;
		}

		private function validateUsername($un) {

			if(strlen($un) > 25 || strlen($un) < 5) {
				array_push($this->errorArray, Constants::$usernameCharacters);
				return;
			}

			$checkUsernameQuery = mysqli_query($this->con, "SELECT username FROM users WHERE username='$un'");
			if(mysqli_num_rows($checkUsernameQuery) != 0) {
				array_push($this->errorArray, Constants::$usernameTaken);
				return;
			}

		}

		private function validateFirstName($fn) {
			if(strlen($fn) > 25 || strlen($fn) < 2) {
				array_push($this->errorArray, Constants::$firstNameCharacters);
				return;
			}
		}

		private function validateLastName($ln) {
			if(strlen($ln) > 25 || strlen($ln) < 2) {
				array_push($this->errorArray, Constants::$lastNameCharacters);
				return;
			}
		}

		private function validateEmails($em, $em2) {
			if($em != $em2) {
				array_push($this->errorArray, Constants::$emailsDoNotMatch);
				return;
			}

			if(!filter_var($em, FILTER_VALIDATE_EMAIL)) {
				array_push($this->errorArray, Constants::$emailInvalid);
				return;
			}

			$checkEmailQuery = mysqli_query($this->con, "SELECT email FROM users WHERE email='$em'");
			if(mysqli_num_rows($checkEmailQuery) != 0) {
				array_push($this->errorArray, Constants::$emailTaken);
				return;
			}

		}

		private function validatePasswords($pw, $pw2) {
			
			if($pw != $pw2) {
				array_push($this->errorArray, Constants::$passwordsDoNoMatch);
				return;
			}

			if(preg_match('/[^A-Za-z0-9]/', $pw)) {
				array_push($this->errorArray, Constants::$passwordNotAlphanumeric);
				return;
			}

			if(strlen($pw) > 30 || strlen($pw) < 5) {
				array_push($this->errorArray, Constants::$passwordCharacters);
				return;
			}

		
		}




	}
?>

What I have tried:

i cannot get my sql database to update after registration

Posted 23-Apr-22 7:22am

US RSA

Updated 23-Apr-22 8:38am

v2

Add a Solution

Comments

Patrice T 23-Apr-22 13:25pm

Do you mean that you want us to help you on your secret code ?
Without showing your code ?

Dave Kreskowiak 23-Apr-22 13:27pm

or even a description of the problem.

US RSA 23-Apr-22 14:08pm

lol, thank you replying ... i cannot get myphpadmin database to update after registering

US RSA 23-Apr-22 14:08pm

lol, thank you replying ... i cannot get myphpadmin database to update after registering

Dave Kreskowiak 23-Apr-22 14:10pm

Yeah, the less you type, the more unlikely you're ever going to get an answer.

"It's broke" doesn't tell anyone anything they can use to have even a remote possibility of telling you anything useful.

US RSA 23-Apr-22 14:10pm

<title>TEST

$(document).ready(function() {
$("#loginForm").hide();
$("#registerForm").show();
});
';
}
else {
echo '
$(document).ready(function() {
$("#loginForm").show();
$("#registerForm").hide();
});
';
}

?>

Login to your account

getError(Constants::$loginFailed); ?>
Username

Password

LOG IN

Don't have an account yet? Signup here.

Create your free account

getError(Constants::$usernameCharacters); ?>
getError(Constants::$usernameTaken); ?>
Username

getError(Constants::$firstNameCharacters); ?>
First name

getError(Constants::$lastNameCharacters); ?>
Last name

getError(Constants::$emailsDoNotMatch); ?>
getError(Constants::$emailInvalid); ?>
getError(Constants::$emailTaken); ?>
Email

Confirm email

getError(Constants::$passwordsDoNoMatch); ?>
getError(Constants::$passwordNotAlphanumeric); ?>
getError(Constants::$passwordCharacters); ?>
Password

Confirm password

SIGN UP

Already have an account? Log in here.

Local, for sure.

Listen to loads of songs for free

Discover music you'll fall in love with Create your own playlists Follow artists to keep up to date

US RSA 23-Apr-22 14:10pm

con = $con;
$this->errorArray = array();
}

public function login($un, $pw) {

$pw = md5($pw);

$query = mysqli_query($this->con, "SELECT * FROM users WHERE username='$un' AND password='$pw'");

if(mysqli_num_rows($query) == 1) {
return true;
}
else {
array_push($this->errorArray, Constants::$loginFailed);
return false;
}

}

public function register($un, $fn, $ln, $em, $em2, $pw, $pw2) {
$this->validateUsername($un);
$this->validateFirstName($fn);
$this->validateLastName($ln);
$this->validateEmails($em, $em2);
$this->validatePasswords($pw, $pw2);

if(empty($this->errorArray) == true) {
//Insert into db
return $this->insertUserDetails($un, $fn, $ln, $em, $pw);
}
else {
return false;
}

}

public function getError($error) {
if(!in_array($error, $this->errorArray)) {
$error = "";
}
return "$error";
}

private function insertUserDetails($un, $fn, $ln, $em, $pw) {
$encryptedPw = md5($pw);
$profilePic = "assets/images/profile-pics/head_emerald.png";
$date = date("Y-m-d");

$result = mysqli_query($this->con, "INSERT INTO users VALUES ('', '$un', '$fn', '$ln', '$em', '$encryptedPw', '$date', '$profilePic')");

return $result;
}

private function validateUsername($un) {

if(strlen($un) > 25 || strlen($un) < 5) {
array_push($this->errorArray, Constants::$usernameCharacters);
return;
}

$checkUsernameQuery = mysqli_query($this->con, "SELECT username FROM users WHERE username='$un'");
if(mysqli_num_rows($checkUsernameQuery) != 0) {
array_push($this->errorArray, Constants::$usernameTaken);
return;
}

}

private function validateFirstName($fn) {
if(strlen($fn) > 25 || strlen($fn) < 2) {
array_push($this->errorArray, Constants::$firstNameCharacters);
return;
}
}

private function validateLastName($ln) {
if(strlen($ln) > 25 || strlen($ln) < 2) {
array_push($this->errorArray, Constants::$lastNameCharacters);
return;
}
}

private function validateEmails($em, $em2) {
if($em != $em2) {
array_push($this->errorArray, Constants::$emailsDoNotMatch);
return;
}

if(!filter_var($em, FILTER_VALIDATE_EMAIL)) {
array_push($this->errorArray, Constants::$emailInvalid);
return;
}

$checkEmailQuery = mysqli_query($this->con, "SELECT email FROM users WHERE email='$em'");
if(mysqli_num_rows($checkEmailQuery) != 0) {
array_push($this->errorArray, Constants::$emailTaken);
return;
}

}

private function validatePasswords($pw, $pw2) {

if($pw != $pw2) {
array_push($this->errorArray, Constants::$passwordsDoNoMatch);
return;
}

if(preg_match('/[^A-Za-z0-9]/', $pw)) {
array_push($this->errorArray, Constants::$passwordNotAlphanumeric);
return;
}

if(strlen($pw) > 30 || strlen($pw) < 5) {
array_push($this->errorArray, Constants::$passwordCharacters);
return;
}

}

}
?>

US RSA 23-Apr-22 14:13pm

register($username, $firstName, $lastName, $email, $email2, $password, $password2);

if($wasSuccessful == true) {
$_SESSION['userLoggedIn'] = $username;
header("Location: index.php");
}

}

?>

Richard Deeming 25-Apr-22 12:02pm

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

Richard Deeming 25-Apr-22 12:03pm

You are storing your users' passwords in (effectively) plain text*. Don't do that!
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

* NB: An unsalted MD5 hash is as good as plain text. It has not been considered secure enough for password storage for over quarter of a century. Don't use it!

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)