Click here to Skip to main content
15,921,941 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
The error code "You cant sign up at this time, try again later" keeps popping up anytime anyone tries so register. What could be wrong?




0){
while($result = mysqli_fetch_assoc($run_query334)){
$who = $result['username'];
}
}else{
header("location: index.php");
}
}else{
$who = "none";
}
?>
0){
$message_failure = "Registration failed try again";
}else{
$query1 = "SELECT * FROM registration WHERE email = '{$email}'";
$run_query1 = mysqli_query($connection, $query1);

if(mysqli_num_rows($run_query1) > 0){
$message_failure = "Email already exists";
}else{
$query22 = "SELECT * FROM registration WHERE username = '{$username}'";
$run_query22 = mysqli_query($connection, $query22);

if(mysqli_num_rows($run_query22) > 0){
$message_failure = "Username already exists";
}else{
$query55 = "INSERT INTO registration (first_name,last_name,email,password,user_pass,phone,referal,username,wallet,who_refered,reg_date,reg_time,block) VALUES ('{$fname}','{$lname}','{$email}','{$password}','{$pass}','{$phone}','{$rand4}','{$username}','{$rand}','{$who}','{$reg_date}','{$time2}','{$block}')";
$run_query55 = mysqli_query($connection, $query55);

if($run_query55 == true){
$query = "UPDATE registration SET status = '{$online}' WHERE email = '{$email}'";
$run_query = mysqli_query($connection, $query);

$query578 = "SELECT * FROM registration WHERE email = '{$email}' AND username = '{$username}'";
$run_query578 = mysqli_query($connection, $query578);

$subject = "Account Opening Notification";
require'phpmailer/PHPMailerAutoload.php';
$mail = new PHPMailer;

$mail->Host='smtp.godaddy.com';
$mail->Port=465;
$mail->SMTPAuth=true;
$mail->SMTPSecure='ssl';
$mail->Username='username';
$mail->Password='password';

$mail->setFrom('support@site.com', 'site');
$mail->addAddress($email);
$mail->addReplyTo('support@site.com', 'site');

$mail->isHTML(true);
$mail->Subject='Welcome:'.$subject;
$mail->Body='

Dear '.$username.',



You have successfully created an account with the worlds leading company


we anticipate walking along this great path with you



© Copyright '.$date78.' All rights Reserved.

';

if(!$mail->send()){
$message_failure = "Registration not successful";
}else{
while($result = mysqli_fetch_assoc($run_query578)){
$user_id = $result['id'];

$_SESSION['user_id']= $user_id;
header("location: user_dashboard.php?p=dashboard");

/*$message = "You have successfully created your account, Check your email to activate your account";

header("location: login.php");*/
}
}
}else{
$message_failure = "You cant sign up at this time, try again later";
}
}
}
}
}
?>

What I have tried:

I have virtually anything I could think of. Right now I'm feeling dejected. Need your help guys!
Posted
Updated 4-Feb-20 13:47pm

The number of things that are wrong with that code doesn't start with the problem you have found, it's much worse than that.

Let's start with "letting your users delete your database withou even registering", shall we? Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And to do it in sign in or registration code is just too silly for words!

And lets continue with passwords ... this is PHP code, so it's web based. Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - the code is C# but it's pretty obvious.

And remember: as this is web based, if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.
 
Share this answer
 
Comments
nedclint 1-Feb-20 1:24am    
Wow, this is an eye opener, I'm just a rookie trying to learn on the go.
How do I solve these problems and still get the form to submit data to the database.
Quote:
Php registration form not submitting to database

When your code don't behave as expected, the debugger is the tool of choice.
-----
Your code do not behave the way you expect, or you don't understand why !

There is an almost universal solution: Run your code on debugger step by step, inspect variables.
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't know what your code is supposed to do, it don't find bugs, it just help you to by showing you what is going on. When the code don't do what is expected, you are close to a bug.
To see what your code is doing: Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.

Debugger - Wikipedia, the free encyclopedia[^]

Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]

phpdbg | php debugger[^]
Debugging techniques for PHP programmers[^]

The debugger is here to only show you what your code is doing and your task is to compare with what it should do.
-----
Advice: Learn to indent properly your code, it show its structure and it helps reading and understanding. It also helps spotting structures mistakes.

Indentation style - Wikipedia[^]

Professional programmer's editors have this feature and others ones such as parenthesis matching and syntax highlighting.
Notepad++ Home[^]
ultraedit[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900