Ik ben bezig met een login/registratie formulier. Het is een bestaand script maar er was bijna geen controle op de invoer.
Hiervoor heb ik een ander script gebruikt. Aan de voorkant gaat alles goed ook de controle of het ingevoerde email adres al bestaat.
Maar aan de achterkant werkt het niet. De velden die zijn ingevuld of ze nou fout of goed zijn die worden gelijk ingevoerd in de database. Ik zelf denk dat het met het aller laatste stukje code te maken heeft.
Dit is het registratie formulier met de toegevoegde controle:
<?php
require 'db_connect.php';
session_start();
ini_set( 'display_errors', true );
error_reporting( E_ALL | E_STRICT );
// E-mail Checker / Validator.
function checkmail($email)
{
if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", $email))
{
list($userName, $mailDomain) = split("@", $email);
if (checkdnsrr($mailDomain, "MX")) {
return TRUE;
}
}
return FALSE;
}
$formulier = TRUE;
if(isset($_POST['register']) && ($_SERVER['REQUEST_METHOD'] == "POST"))
{
$aFout = array();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
if(TRUE)
{
$code = $_POST['code'];
}
// Als $firstname leeg is of $voonaam minder dan 2 tekens bevat of deze bepaalde tekens bevat preg_match) dan word de uitvoer Fout. (||=of)(&&=AND).
if(empty($firstname) || (strlen($firstname) < 2) || preg_match("[<>]", $firstname) )
{
$aFout[] = "Er is geen firstname ingevuld.";
unset($firstname);
$fout['text']['firstname'] = TRUE;
$fout['input']['firstname'] = TRUE;
}
// Als $lastname leeg is of $lastname minder dan 2 tekens bevat of deze bepaalde tekens bevat preg_match) dan word de uitvoer Fout. (||=of)(&&=AND).
if(empty($lastname) || (strlen($lastname) < 2) || preg_match("[<>]", $lastname) )
{
$aFout[] = "Er is geen lastname ingevuld.";
unset($lastname);
$fout['text']['lastname'] = TRUE;
$fout['input']['lastname'] = TRUE;
}
if(empty($email))
{
$aFout[] = "Er is geen e-mail adres ingevuld.";
unset($email);
$fout['text']['email'] = TRUE;
$fout['input']['email'] = TRUE;
}
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$aFout[] = "Er is geen correct e-mail adres ingevuld.";
unset($email);
$fout['text']['email'] = TRUE;
$fout['input']['email'] = TRUE;
}
if(empty($password))
{
$aFout[] = "Er is geen password ingevuld.";
unset($password);
$fout['text']['password'] = TRUE;
$fout['input']['password'] = TRUE;
}
if(TRUE)
{
if(strtoupper($code) != $_SESSION['captcha_code'])
{
$aFout[] = "Er is geen correcte code ingevuld.";
$fout['text']['code'] = TRUE;
$fout['input']['code'] = TRUE;
}
}
if(!empty( $aFout ))
{
$errors = '
<div id="errors">
<ul>';
foreach($aFout as $sFout)
{
$errors .= " <li>".$sFout."</li>\n";
}
$errors .= "</ul>
</div>";
}
else
{
$formulier = FALSE;
}
}
if($formulier)
{
?>
<!DOCTYPE html>
<html lang="nl-NL">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<title>xxx</title>
<link rel="stylesheet" href="/css/contactform.css" type="text/css" />
<link rel="stylesheet" href="/css/styles.css" type="text/css" media="screen" />
</head>
<body>
<div id="wrapper">
<div id="main">
<div id="header" role="banner">
<div id="header_menu">
<nav role="navigation"><ul class="menu">
<li class="item-101"><a href="/">xxx</a></li>
<li class="item-102"><a href="/">xxx</a></li>
<li class="item-136"><a href="/">xxx</a></li>
<li class="item-103"><a href="/">xxx</a></li>
<li class="item-105"><a href="/">xxx</a></li>
<li class="item-142"><a href="/">xxx</a></li></ul></nav>
</div><!-- end header_menu -->
</div><!-- end header -->
<div id="leftbar"> <!-- Linkerkant met alle modules -->
<div class="leftbar-title">Login of registreer</div>
<div id="module_inlog"> <!-- Begin module inloggen -->
<div class="module-title"></div>
<div class="module-body">
<form action="/" method="post" id="login-form" >
<p id="form-login-username">
<label for="modlgn-username">Email</label>
<input id="modlgn-username" required autocomplete="off" type="text" name="username" class="inputbox" size="16" />
</p>
<p id="form-login-password">
<label for="modlgn-passwd">Wachtwoord</label>
<input id="modlgn-passwd" required autocomplete="off" type="password" name="password" class="inputbox" size="16" />
</p>
<p id="form-login-remember">
<label for="modlgn-remember">Onthoud mij</label>
<input id="modlgn-remember" type="checkbox" name="remember" class="checkbox" value="yes"/>
</p>
<input type="submit" name="Submit" class="b_inloggen" value="Inloggen" />
</form>
<span class="w-vergeten"><a rel="nofollow" target="_blank" href="forgot.php" title="Wachtwoord vergeten">Wachtwoord vergeten?</a>
</span> <!-- end w-vergeten -->
</div> <!-- end module-body -->
</div> <!-- end module_inlog -->
</div> <!-- end leftbar -->
<div id="centercontent" role="main">
<h1>Registreer</h1><br /><br />
<?php
if(isset($errors)) {
echo $errors;
}
?>
<form action="register_form.php" name="contactformulier" id="contactformulier" method="post" class="Chronoform">
<div class="contactform firstname" >
<label for="firstname"<?php if(isset($fout['text']['firstname'])) { echo 'class="fout"'; } ?>>firstname:*</label>
<input type="text" title="Vul uw firstname in." id="firstname" name="firstname" size="45" <?php if(isset($fout['input']['firstname'])) { echo 'class="fout"'; } ?> value="<?php if (!empty($firstname)) { echo stripslashes($firstname); } ?>" />
</div>
<div class="contactform lastname" >
<label for="lastname"<?php if(isset($fout['text']['lastname'])) { echo 'class="fout"'; } ?>>lastname:*</label>
<input type="text" title="Vul uw lastname in." id="lastname" name="lastname" size="45" <?php if(isset($fout['input']['lastname'])) { echo 'class="fout"'; } ?> value="<?php if (!empty($lastname)) { echo stripslashes($lastname); } ?>" />
</div>
<div class="contactform email" >
<label for="email"<?php if(isset($fout['text']['email'])) { echo 'class="fout"'; } ?>>Email:*</label>
<input type="text" title="Vul uw email in." id="email" name="email" size="45" <?php if(isset($fout['input']['email'])) { echo 'class="fout"'; } ?> value="<?php if (!empty($email)) { echo stripslashes($email); } ?>" />
</div>
<div class="contactform password" >
<label for="password"<?php if(isset($fout['text']['password'])) { echo 'class="fout"'; } ?>>password:*</label>
<input type="text" title="Vul uw password in." id="password" name="password" size="45" <?php if(isset($fout['input']['password'])) { echo 'class="fout'; } ?> value="<?php if (!empty($password)) { echo stripslashes($password); } ?>" />
</div>
<?php
if(TRUE)
{
?>
<div class="contactform code" >
<label for="code"<?php if(isset($fout['text']['code'])) { echo 'class="fout"'; } ?>>Vul de code in:*</label>
<input type="text" title="Vul de code in." id="code" name="code" size="24" <?php if(isset($fout['input']['code'])) { echo 'class="captcha fout"'; } ?> />
<span class="captcha_image"><img src="/test/contact/captcha.php" width="100" height="28" alt="" title="Code"/></span>
<?php
}
?>
</div>
<div class="contactform submit" >
<input type="submit" id="verzenden" name="register" class="b_verzenden" value="verzenden" />
</div>
</form>
</div><!-- end centercontent -->
</div><!-- end main -->
</div><!-- end wrapper -->
<div id="footer" role="contentinfo">
<footer>
</footer>
</div><!-- end footer -->
</body>
</html>
<?php
}
?>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
}
elseif (isset($_POST['register'])) { //user registering
require 'register.php';
}
}
?>
Dit is het registratie script:
<?php
/* Registration process, inserts user info into the database
and sends account confirmation email message
*/
// Set session variables to be used on profile.php page
$_SESSION['email'] = $_POST['email'];
$_SESSION['first_name'] = $_POST['firstname'];
$_SESSION['last_name'] = $_POST['lastname'];
// Escape all $_POST variables to protect against SQL injections
$first_name = $mysqli->escape_string($_POST['firstname']);
$last_name = $mysqli->escape_string($_POST['lastname']);
$email = $mysqli->escape_string($_POST['email']);
$password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
$hash = $mysqli->escape_string( md5( rand(0,1000) ) );
// Check if user with that email already exists
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'") or die($mysqli->error());
// We know user email exists if the rows returned are more than 0
if ( $result->num_rows > 0 ) {
$_SESSION['message'] = 'User with this email already exists!';
header("location: error.php");
}
else { // Email doesn't already exist in a database, proceed...
// active is 0 by DEFAULT (no need to include it here)
$sql = "INSERT INTO users (first_name, last_name, email, password, hash) "
. "VALUES ('$first_name','$last_name','$email','$password', '$hash')";
// Add user to the database
if ( $mysqli->query($sql) ){
$_SESSION['active'] = 0; //0 until user activates their account with verify.php
$_SESSION['logged_in'] = true; // So we know the user has logged in
$_SESSION['message'] =
"Confirmation link has been sent to $email, please verify
your account by clicking on the link in the message!";
// Send registration confirmation link (verify.php)
$to = $email;
$subject = 'Account Verification ( clevertechie.com )';
$message_body = '
Hello '.$first_name.',
Thank you for signing up!
Please click this link to activate your account:
http://localhost/verify.php?email='.$email.'&hash='.$hash;
mail( $to, $subject, $message_body );
header("location: profile.php");
}
else {
$_SESSION['message'] = 'Registration failed!';
header("location: error.php");
}
}
?>
Bij het origineel staat dit stukje
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
}
elseif (isset($_POST['register'])) { //user registering
require 'register.php';
}
}
?>
Helemaal boven aan. Als ik dat hier doe dan krijg ik gelijk de melding dat het email adres al bestaat nog voor ik iets heb ingevuld. Heeft iemand een idee waarom het gelijk de datbase ingeschreven wordt of waarom er gelijk de melding komt dat het email adres al bestaat als dit stukje boven aan staat?
