June 2, 2018 at 5:11 am
Hey guys!
I am pulling my hair out on this one... I did manage to get my login form and signup section to work for a while and I even thought that I got my implode function to work yesterday but for some unknown reason, my 2nd database table has stopped working and is not inserting from the sql query... I think that the code should be correct and here is my code: I would appreciate a quick reply. Also, if we are using prepared statement, do we still need to use mysqli_real_string_escape?
<?php
if (!isset($_POST['submit'])) {
header("Location: ../signup.php");
exit();
} else {
include_once 'dbh.php';
// information from users table
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'] ;
$uid = $_POST['uid'];
$password = $_POST['pwd'];
$user_permission = 'Standard User';
$freelesson = $_POST['freelesson'];
$datejoined = date('Y-m-d H:i:s', strtotime('+1 day'));
$user_activate = 0;
$premium = 0;
// information from memberships table
$subscriptionplan = $_POST['subscriptionplan'];
$subscriptionplandate = date('Y-m-d H:i:s', strtotime('+1 day'));
$subscriptionplandate2 = date('Y-m-d H:i:s', strtotime('+1 day'));
$subscriptionplandate3 = date('Y-m-d H:i:s', strtotime('+1 day'));
$fees = 0;
$fees2 = 0;
$fees3 = 0;
$totalfees = 0;
$paid = 0;
$paid2 = 0;
$paid3 = 0;
$expirydate = date('Y-m-d H:i:s', strtotime('+1 day'));
$expirydate2 = date('Y-m-d H:i:s', strtotime('+1 day'));
$expirydate3 = date('Y-m-d H:i:s', strtotime('+1 day'));
$paidbydate = date('Y-m-d H:i:s', strtotime('+1 day'));
$paidbydate2 = date('Y-m-d H:i:s', strtotime('+1 day'));
$paidbydate3 = date('Y-m-d H:i:s', strtotime('+1 day'));
$overdue = 0;
$overdue2 = 0;
$overdue3 = 0;
// $fees = mysqli_real_escape_string($conn, $_POST['fees']);
// $totalfees = mysqli_real_escape_string($conn, $_POST['totalfees']);
$activate = 0;
//Error handlers...
if (empty($first) || empty($last) || empty($email) || empty($uid)|| empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Checking for valid emails
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
if (Strlen($password) < 5) {
header("Location: ../signup.php?signup=invalidlength");
exit();
} else {
if (!preg_match('/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,20}$/', $password)) {
header ("Location: ../signup.php?signup=notalphanumeric");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid = ?;";
// Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared stement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL statement failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "s", $uid);
}
if($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
// Select subscription
// Supply a random generated token for email activation
$token = 'qqewreqreqwsdfdfdafcbvcQERFGHFGHGFHRETERTDF!@#$%^^()';
$token = str_shuffle($token);
$token = substr($token, 0, 10);
$token2 = 'qqewreqreqwsdfdfdafcbvcQERFGHFGHGFHRETERTDF!@#$%^^()';
$token2 = str_shuffle($token2);
$token2 = substr($token2, 0, 10);
$paid = 0;
$activate = 0;
//Hashing the password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert the user into the database
$sql ="INSERT INTO users (user_first, user_last, user_email, user_uid, user_password, user_permission, freelesson, datejoined, user_token, user_activate, premium) VALUES (?,?,?,?,?,?,?,?,?,?,?);";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "sssssssssss", $first, $last, $email, $uid, $hashedPwd, $user_permission, $freelesson,$datejoined, $token, $user_activate, $premium);
mysqli_stmt_execute($stmt);
}
// insert into user_lessonsubscription table
// $subscriptionplan = implode(',',$subscriptionplan);
$sql ="INSERT INTO memberships (user_uid, subscriptionplan, subscriptionplandate, subscriptionplandate2, subscriptionplandate3, fees, fees2, fees3, totalfees, paid, paid2, paid3, expirydate, expirydate2, expirydate3, paidbydate, paidbydate2, paidbydate3, overdue, overdue2, overdue3, token, activate) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "sssssssssssssssssssssss", $uid, $subscriptionplan, $subscriptionplandate, $subscriptionplandate2, $subscriptionplandate3, $fees, $fees2, $fees3, $totalfees, $paid, $paid2, $paid3, $expirydate, $expirydate2, $expirydate3, $paidbydate, $paidbydate2, $paidbydate3, $overdue, $overdue2, $overdue3, $token2, $activate);
mysqli_stmt_execute($stmt);
}
// Send an email to the user:
$company = "pianocourse101@hotmail.com";
$subject = "Activate your email account";
$mailTo = "piano0011@hotmail.com";
$headers = "From: ".$company;
$txt = "Thank you for registering with pianocourse101! At pianocourse101, your child can now learn how to play the piano right from the comfort of your own home! \n\nOur lessons are based from the Bastien Piano Basics series because it is both fun and educational for your child. \n\nHowever, you must activate your FREE membership account by clicking on the link below: \n\n http://localhost/loginsystem/includes/activate.php?email=".$mailTo."&activatetoken=".$token."" ;
mail($mailTo, $subject, $txt, $headers);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
}
}
Viewing 0 posts
You must be logged in to reply to this topic. Login to reply