I have a form which I am using to register an user. Here I the form I am using.
<form method="post" name="registration_form" action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>">
<div class="form-group">
<input type="text" name="username" id="username" class="inputs"><br />
<input type="text" name="email" id="email" class="inputs" /><br />
<input type="password" name="password" id="password" class="inputs" /><br />
<input type="password" name="confirmpwd" id="confirmpwd" class="inputs" /><br />
<input type="button" name="register" id="register" value="Register" onclick="return regformhash(this.form, this.form.username, this.form.email, this.form.password, this.form.confirmpwd);" class="btn"><br />
</div>
<div style="font-weight:bold;color:red"><p><?php
if (!empty($error_msg)) {
echo $error_msg;
}
?>
</p></div>
</form>
The register script should send the user, after adding to user to the database to the page register_success.php
. But when I click on the submit button the script creates an new user and sends the user back to a blank register page (index.php).
Does someone know why the user dont gets sended to the register_success.php
?
Here is my register script:
if (empty($error_msg)) {
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
exit();
}
$user_id = mysqli_insert_id($mysqli);
if ($insert_stmt2 = $mysqli->prepare("INSERT INTO members2 (user_id, username, email, password, salt) VALUES (?, ?, ?, ?, ?)")) {
$insert_stmt2->bind_param('sssss', $user_id, $username, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt2->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
exit();
}
}
}
header('Location: ./register_success.php');
exit();
}
I also tried to add an else statement after:
if (! $insert_stmt2->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
exit();
}
But the script still sends the user to index.php
Here is the function regformhash:
function regformhash(form, uid, email, password, conf) {
// Check each field has a value
if (uid.value == '' || email.value == '' || password.value == '' || conf.value == '') {
alert('Error 1');
return false;
}
// Check the username
re = /^[. \w]+$/;
if(!re.test(form.username.value)) {
alert("Error 2");
form.username.focus();
return false;
}
// Check that the password is sufficiently long (min 6 chars)
// The check is duplicated below, but this is included to give more
// specific guidance to the user
if (password.value.length < 6) {
alert('Error 3');
form.password.focus();
return false;
}
// At least one number, one lowercase and one uppercase letter
// At least six characters
var re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}/;
if (!re.test(password.value)) {
alert('Error 4');
return false;
}
// Check password and confirmation are the same
if (password.value != conf.value) {
alert('Error 5');
form.password.focus();
return false;
}