Registration form

Getting Started Newbie Questions
#181

when I click register nothing happens 

#182

never mind I think I know what to do 

#183

Is this code good ?

\<?php include("db.php"); if (isset($\_POST['submit'])) { if ($\_POST['password'] == $\_POST['password2']) { $username = $\_POST['username']; $pw = $\_POST['password']; $email = $\_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($conn ,"SELECT \* FROM users WHERE username='$username' AND email='$email'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { // it is not in use so put it in $pw = password\_hash($pw, PASSWORD\_BCRYPT, array('cost' =\> 12)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$email')"; if(mysqli\_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully echo"Your user was created. \<a href= login.php\>Click here to login \</a\>\<br /\>"; }else{ echo "Sorry something went wrong, \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } } }else{ echo "The passwords do not match. \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } } ?\>
#184

You should check out coronium:

forums.coronalabs.com/topic/64888-release-coronium-ls-123-beta/

coronium.cloud

coronium.io

#185

I like the way i’m doing it now

#186

First the PHP script is using HTTP POST not HTTP GET. The code I provide above assumes you’re doing GET. Your network.request() call has to match your server’s script methods.  network.request() can use POST, but you have to restructure the call to use a table for the body parameters rather than passing them on the URL.

Your script only requested the password once. On new registration’s you should have two password fields. The PHP script expects two passwords. You should also validate the passwords on the local device before sending them.

I’ve not used password_hash() so I’m not sure how secure it is, but it seems better than a clear text password. The script outputs HTML which is great for a website. You might want to consider JSON output which will work better with your Corona App.

But the script is a minimalist user registration script.

Rob

#187 
 $username = $\_POST["username"]; $password = $\_POST["password"]; $statement = mysqli\_prepare($con, "INSERT INTO users (username, password, email) VALUES (?, ?, ?)"); $password = password\_hash($password, PASSWORD\_BCRYPT, array('cost' =\> 12)); mysqli\_stmt\_bind\_param($statement, "sss", $username, $password, $email); mysqli\_stmt\_execute($statement); $response = array(); $response["success"] = true; print\_r(json\_encode($response));

Is this better

#188

You’re still using POST, which is okay if you change Corona to use POST.

You’ve removed the check to make sure that username/email doesn’t already exist.

You’ve removed the check to validate the password with the second copy of the password.

You are not sanitizing the input using mysqli_real_escape_string

And you’re potentially passing the password in the clear if this isn’t an https:// service.

But just looking at the code, the basics are there.

Rob

#189

when I was using the code to check if the username doesn’t exists on my website , it didn’t work .

#190

Nothing happens when I click the register button 

#191

You will need to post both your lua code and your PHP code.

#192

register.php :

 if (isset($\_POST['register'])) { if ($\_POST['password'] == $\_POST['password2']) { $username = $\_POST['username']; $password = $\_POST['password']; $email = $\_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySqli here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='$username' AND email='$email'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { // it is not in use so put it in $pw = password\_hash($pw, PASSWORD\_BCRYPT, array('cost' =\> 12)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$email')"; if(mysqli\_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully echo"Your user was created. \<a href= login.php\>Click here to login \</a\>\<br /\>"; }else{ echo "Sorry something went wrong, \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } } }else{ echo "The passwords do not match. \<a href= signup.php\>Try again\</a\>\<br /\>"; // and send them back to registration page } }

register.lua :

local composer = require( "composer" ) local scene = composer.newScene() local widget = require("widget") -- forward declare the text fields local mime = require("mime") local username local password local email local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else print( event.response ) end end local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/register.php?a=" .. mime.b64( username.text ) .. "&b=" .. mime.b64(password.text) .. "&c=" .. mime.b64( email.text ) network.request(URL, "POST", networkListener) composer.gotoScene("login") else print( "Something went wrong.") end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("web\_opt.png", 160, 70) screenGroup:insert(icon) username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) password = native.newTextField( 160, 250,180, 30 ) -- take the local off since it's forward declared password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) password2 = native.newTextField( 160, 300,180, 30 ) -- take the local off since it's forward declared password2.isSecure = true password2.placeholder = "Confirm Password" screenGroup:insert(password2) email = native.newTextField( 160, 350, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email) local Button = widget.newButton( { shape = "roundedRect", left = 70, top = 400, id = "Register", label = "Register", onEvent = userRegister } ) screenGroup:insert(Button) local Button2 = widget.newButton( { left = 70, top = 460, id = "Loginhere", label = "Login here", onEvent = loginLink } ) screenGroup:insert(Button2) end function scene:show(event) end function scene:hide(event) end function scene:destroy(event) end scene:addEventListener("create", scene) scene:addEventListener("show", scene) scene:addEventListener("hide", scene) scene:addEventListener("destroy", scene) return scene
#193

Your lua code won’t work with your PHP code.

You changed your network.request() to “POST”, but you didn’t change the parameters. There is an example of using POST on the docs page for network.request(). Honestly it may be easier to adapt your PHP script to GET instead of POST.

Next, you’re still trying to use my suggestion of key-value pairs named “a”, “b”, “c”, but your PHP script is looking for “username”, “password”, “password”, and “email”. The parameters have to match.  You’re also not passing password2 in either.

For security I suggested using base64 encoding, which you are doing on the Corona side, but you never base64 decode on the PHP side.

Rob

#194

But I think that if I change from post to get I wouldn’t understand anything i’m doing and it would be a lot of changing 

#195

Both sides either have to be POST or both sides have to be GET.  POST is a little more difficult to setup on the Corona side and the PHP side, just change the $_POST’s to $_GET’s.

But you have to make the parameter names match on both sides. If you’re going to use “username”, “password”, etc. on the PHP side, you have to use username, password etc. on the Corona side. “a”, “b” and “c” wont work.

If you’re going to base64 encode on one side, you have to base64 decode on the other.

We can do this in a very simple example, but your server will be very insecure. 

Rob

#196

Sorry I had some business to attend to , but I corrected everything you told me to but when I click the register button nothing happens . The info doesn’t go in the database . 

register.lua :

local composer = require( "composer" ) local scene = composer.newScene() local widget = require("widget") -- forward declare the text fields local mime = require("mime") local username local password local email local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else print( event.response ) end end local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/register.php?username=" .. mime.b64( username.text ) .. "&password=" .. mime.b64(password.text) .. "&email=" .. mime.b64( email.text ) network.request(URL, "GET", networkListener) composer.gotoScene("login") else print( "Something went wrong. Try again.") end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("icon\_opt.png", 160, 70) screenGroup:insert(icon) username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) password = native.newTextField( 160, 250,180, 30 ) -- take the local off since it's forward declared password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) password2 = native.newTextField( 160, 300,180, 30 ) -- take the local off since it's forward declared password2.isSecure = true password2.placeholder = "Confirm Password" screenGroup:insert(password2) email = native.newTextField( 160, 350, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email) local Button = widget.newButton( { shape = "roundedRect", left = 70, top = 400, id = "Register", label = "Register", onEvent = userRegister } ) screenGroup:insert(Button) local Button2 = widget.newButton( { left = 70, top = 460, id = "Loginhere", label = "Login here", onEvent = loginLink } ) screenGroup:insert(Button2) end function scene:show(event) end function scene:hide(event) end function scene:destroy(event) end scene:addEventListener("create", scene) scene:addEventListener("show", scene) scene:addEventListener("hide", scene) scene:addEventListener("destroy", scene) return scene

register.php :

 if (isset($\_GET['register'])) { if ($\_GET['password'] == $\_POST['password2']) { $username = $\_GET['username']; $password = $\_GET['password']; $email = $\_GET['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySqli here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='$username' AND email='$email'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { // it is not in use so put it in $password = password\_hash($password, PASSWORD\_BCRYPT, array('cost' =\> 12)); $sql = "INSERT into users VALUES(null, '$username', '$password', '$email')"; if(mysqli\_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully echo"Your user was created."; }else{ echo "Sorry something went wrong. } } }else{ echo "The passwords do not match."; } }
#197

First of all, is the URL of your web service really:  https://web.web.com/register.php? (it’s not, it gives a 404 page not found error).

Secondly have you tested the URL to make sure it’s working. You should be able to hand construct the URL and put it in a web browser and make sure it’s doing what you think it does. If you have errors in your web script, you may need to look at your server logs to see it.

Third, you are base64 encoding your parameters on the Corona Side. You are not base64 decoding them on your host side.

Forth, there is still a $_POST reference in your PHP script (side note, your password2 text field is global, don’t forget to forward declare it)

You need to also look at the console log for your app and see what messages are being printed there (and share them with us).

Rob

#198

No the real URL works . Do I need to use base64 ? I am securing my password with a password hash which works good . My console log isn’t showing anything I don’t know what’s wrong with the register button

#199

Warning: Could not load font HelveticaNeue-Light. Using default font.

Warning: Could not load font HelveticaNeue-Light. Using default font.

That is all that comes out of the console log

#200

Try replacing this

local function networkListener( event ) if ( event.isError ) then print( "Network error: ", event.response ) else print( event.response ) end end

with this

local function networkListener( event ) local json = require("json") print(json.encode(event)) end