0

I'm creating a sign up page for a website. When the form is submitted the data is passed to the PHP file shown below. The issue is that it doesn't add the user to the database, the database just remains blank.

<?php

if (isset($_POST['signup-submit'])) {
    require('dbh.inc.php');
    $email = $_POST['email'];
    $password = $_POST['password'];

    if (empty($email) || empty($password)) {
        header("Location: ../admin/signup.php?error=blankform");
        exit();
    }
    else {
        $sql ="SELECT email FROM users WHERE email=?";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../admin/signup.php?error=sqlselecterror");
            exit();
        }
        else {
            mysqli_stmt_bind_param($stmt, "s", $email);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
            $resultCheck = mysqli_stmt_num_rows($stmt);
            if ($resultCheck > 0) {
                header("Location: ../admin/signup.php?error=usernametaken");
                exit();
            }
            else {
                $sql = "INSERT INTO users (email, password) VALUES (?, ?)";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    header("Location: ../admin/signup.php?error=sqlinserterror");
                    exit();
                }
                else {
                    $hashedpsw = password_hash($password, PASSWORD_DEFAULT);
                    mysqli_stmt_bind_param($stmt, "ss", $email, $hashedpsw);
                    mysqli_stmt_execute($stmt);
                    header("Location: ../sign-up.html?signup=success");
                    exit();
                }
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);
}
else {
    header("Location: ../../courses/courses.html");
    exit();
}

If it helps, here is the dbh.inc.php file that is required at the top:

<?php

$servername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "python3";

$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);

if (!$conn) {
    die("Connection failed" . mysqli_connect_error());
}

The database itself has the following set up:

Database

I've tried to find the error and in doing so I know that the following things work:

  • If an email is manually added to the database, and I try to then sign up with that same email, the php code written will pick this up with the SELECT statement and give an error as the username is already taken (as it should). This shows that the PHP given can indeed interact with the database

  • I've tried echoing the email and hashedpsw variables just before they are added to the mysqli_stmt_bind_param($stmt, "ss", $email, $hashedpsw) line. The program does indeed get to this line and both are echoed to the screen.

Due to this I feel the error must be on one of these two lines:

mysqli_stmt_bind_param($stmt, "ss", $email, $hashedpsw);
mysqli_stmt_execute($stmt);

However I can't seem to find an error on either of these lines. Can anyone spot what I'm doing wrong?

Thanks,

Sean

Seank462
  • 51
  • 3
  • 1
    May be worth checking https://stackoverflow.com/questions/21479655/maximum-length-of-generated-hash-when-using-password-hash – Nigel Ren Jun 16 '20 at 11:25
  • Thanks! That solved it! The field size of 30 was stopping the hashed password being inserted. – Seank462 Jun 16 '20 at 11:26

0 Answers0