Registration form

Scott_Harrison · August 17, 2016, 8:30pm

$sql = "INSERT INTO users (email, password, username) VALUES ('$email', '$pw', '$username')";

H.R.H_The_Duke_of_Bi · August 17, 2016, 8:31pm

I think the problem is that my password isn’t saved as “pw” it’s saved as “password” and the fields aren’t in order

Scott_Harrison · August 17, 2016, 8:34pm

you set them as

$username = $\_POST['username']; $pw = $\_POST['password']; $email = $\_POST['email'];

Scott_Harrison · August 17, 2016, 8:34pm

Are you sure these values are making it to the php?

rob · August 17, 2016, 8:37pm

Can you post your current PHP script. I think we are looking at older versions (in particular since we are still looking at $_POST which should be gone.

As for the SQL:

$sql = “INSERT INTO users (email, password, username) VALUES (’” . $email . “’, '” . $pw . “’, '” . $username . “’)”;

You have to concatenate the actual variable values into the SQL string.

Rob

H.R.H_The_Duke_of_Bi · August 17, 2016, 8:38pm

if ($_GET[‘password’] == $_GET[‘password2’]) {

$username = $_GET[‘username’];

$password = base64_decode( $_GET[‘password’]);

$password2 = ( $_GET[‘password2’]);

$email= base64_decode( $_GET[‘email’]);

// validate and sanitize all of these inputs

// and see that they are not blank at the same time

// Do your MySqli here to find the $username and

// bring out result of find in $username_result

$result = mysqli_query($con ,"SELECT * FROM users WHERE username = 1 AND email = 1 ");

if(mysqli_num_rows($result ) > 0)

{

echo “User exist”;

} else {

// it is not in use so put it in

$sql = “INSERT INTO users (email, password, username) VALUES (’” . $email . “’, '” . $pw . “’, '” . $username . “’)”;

if(mysqli_query($con, $sql)){

}else{

echo “Sorry something went wrong.”;

}

}else{

echo “Passwords don’t match.”;

}

H.R.H_The_Duke_of_Bi · August 17, 2016, 8:45pm

The account is created but the username password and email is completely empty

Scott_Harrison · August 17, 2016, 8:49pm

what is $con
please don’t add a user verification yet one thing at a time

H.R.H_The_Duke_of_Bi · August 17, 2016, 8:51pm

$con is the connection
i was checking if the username and email exists

rob · August 17, 2016, 8:53pm

$sql = “INSERT INTO users (email, password, username) VALUES (’” . $email . “’, '” . $password . “’, '” . $username . “’)”;

If that’s not working, you will need to put in some echo statements in your PHP:

echo $email;

echo $password;

echo $username;

echo $sql;

after the SQL statement and hand run the script via a web browser with the URL your having Corona’s network.request() use. That is open a web browser and type in the location bar:

http://yourwebsite.com/register.php?username=whateverusernameyouaretesting&password=yourpassword&password=yourpassword&email=email@youre.using

And see that you’re web browser spits out (change http:// if you’re using https://). This gets your app out of the way and we can make sure your PHP script is really working.

Scott_Harrison · August 17, 2016, 8:57pm

^+1
replace this

SELECT * FROM users WHERE username = 1 AND email = 1

with this

SELECT \* FROM users WHERE username=$username AND email=$email

H.R.H_The_Duke_of_Bi · August 17, 2016, 8:59pm

yeah that’s what I put

rob · August 17, 2016, 9:17pm

When you say: $sql = “SELECT * FROM users WHERE username=$username AND email=$email” it’s not going to work.

You’re trying to create a new string variable, $sql from several strings and variables. You have to do:

$sql = "SELECT \* FROM users WHERE username='" . $username . "' AND email='" . $email . "';"

The resulting string should print out:

$sql = SELECT \* FROM users WHERE username='yourusername' AND email='your@email.com';

You have to concatenate those PHP variables containing your values into the actual string that will be fed to the database.

H.R.H_The_Duke_of_Bi · August 21, 2016, 11:33pm

I just fixed everything i am getting no errors on my Lua or PHP side and it’s still not working

if(isset($\_GET[''])) { if ($\_GET['password'] == $\_GET['password2']) { mysqli\_real\_escape\_string($con, $username); mysqli\_real\_escape\_string($con, $pw); mysqli\_real\_escape\_string($con, $pw2); mysqli\_real\_escape\_string($con, $email); // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='?' AND email='?'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { function encode\_email($e) { for ($i = 0; $i \< strlen($e); $i++) { $output .= '&#'.ord($e[$i]).';'; } return $output; } echo(encode\_email($email)); // it is not in use so put it in $pw = password\_hash($pw, PASSWORD\_BCRYPT, array('cost' =\> 14)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$email')"; if(mysqli\_query($sql)){ // if insert checked as successful echo username and password saved successfully }else{ echo "Sorry something went wrong. "; } } }else{ echo "The passwords do not match."; // and send them back to registration page } }

register.lua :

local composer = require( "composer" ) local scene = composer.newScene() local widget = require("widget") -- forward declare the text fields local json = require("json") local username local password local email local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/register.php?username=" .. ( username.text ) .. "&pw=" .. (pw.text) .. "&email=" .. ( email.text ) network.request(URL, "GET", networkListener) else print( "Something went wrong. Try again.") end end local function loginLink( event ) if ( "ended" == event.phase ) then composer.gotoScene("login") end end local function networkListener( event ) print(json.encode(event)) composer.gotoScene("login") end function scene:create(event) local screenGroup = self.view display.setDefault("background", 0, 3, 5) local icon = display.newImage("hash\_opt.png", 160, 70) screenGroup:insert(icon) username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) pw = native.newTextField( 160, 250,180, 30 ) -- take the local off since it's forward declared pw.isSecure = true pw.placeholder = "Password" screenGroup:insert(pw) pw2 = native.newTextField( 160, 300,180, 30 ) -- take the local off since it's forward declared pw2.isSecure = true pw2.placeholder = "Confirm Password" screenGroup:insert(pw2) email = native.newTextField( 160, 350, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email) local Button = widget.newButton( { shape = "roundedRect", left = 70, top = 400, id = "Register", label = "Register", onEvent = userRegister } ) screenGroup:insert(Button) local Button2 = widget.newButton( { left = 70, top = 460, id = "Loginhere", label = "Login here", onEvent = loginLink } ) screenGroup:insert(Button2) end function scene:show(event) end function scene:hide(event) end function scene:destroy(event) end scene:addEventListener("create", scene) scene:addEventListener("show", scene) scene:addEventListener("hide", scene) scene:addEventListener("destroy", scene) return scene

rob · August 22, 2016, 7:53pm

There are multiple issues in your PHP script.

mysqli\_real\_escape\_string($con, $username); mysqli\_real\_escape\_string($con, $pw); mysqli\_real\_escape\_string($con, $pw2); mysqli\_real\_escape\_string($con, $email);

This should be more like:

$username = mysqli\_real\_escape\_string($con, $\_GET["username"]); $password = mysqli\_real\_escape\_string($con, $\_GET["password"]); // you don't need password2 any more after this point $email = mysqli\_real\_escape\_string($con, $\_GET["email"]);

This isn’t correct. When I see ?'s in the query string this makes me think you want to use the prepare+query methodology. You use myslqi.prepare() with your query and ?'s and then tell it what values you want to add to the query and it constructs the query for you. The other method involves you building the query string yourself. I find building the string easier, but you have to manage putting quotes around strings in the query while having strings around values you’re adding in. Thus you could:

$result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='" . $username . "' AND email='" . $email . "'");

The mix of single quotes (’) and double quotes is very very important as are the PHP concatenation operators (.).

Of you can do the prepare/query method:

$query = $con-\>prepare("SELECT \* FROM users WHERE username=? and email=?;" ); $query-\>bind\_param("ss", $username, $password); $result = $query-\>execute();

Those will do the exact same thing. Pick one or the other and stick with that style.

$sql = "INSERT into users VALUES(null, '$username', '$pw', '$email')";

This line suffers from what I just wrote above. The query is wrong. While it won’t give you an error. The query will run but not provide any results. What you’re doing isn’t doing parameter substitution. It’s just inserting the strings “$username”, “$pw”, “$email” in the database but not the values of those variables. You would need to use one of the methods I mentioned above to actually update your database.

And then there is this block of code:

 if(mysqli\_query($sql)){ // if insert checked as successful echo username and password saved successfully }else{ echo "Sorry something went wrong. "; }

If your query to update the database is successful, you don’t output anything. You should output something and it should be something your app can make use of.

I’ve not looked through the Lua code yet. You need to get the server code working first.

Rob

H.R.H_The_Duke_of_Bi · August 22, 2016, 8:21pm

I’ve updated it and i’m not getting any errors .

rob · August 22, 2016, 8:31pm

Not getting errors and “works” are two different things. How are you testing it? Also after updating the script, it’s really useful to repost the code. We may not have gotten everything, you may not have gotten every thing. I have you options, and don’t know which you picked, etc.

H.R.H_The_Duke_of_Bi · August 22, 2016, 8:35pm

// Check connection if ($con-\>connect\_error) { die("Check connection."); } if(isset($\_GET['Register'])) { if ($\_GET['password'] == $\_GET['password2']) { $username = mysqli\_real\_escape\_string($con, $\_GET["username"]); $password = mysqli\_real\_escape\_string($con, $\_GET["password"]); // you don't need password2 any more after this point $email = mysqli\_real\_escape\_string($con, $\_GET["email"]); // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='" . $username . "' AND email='" . $email . "'"); if(mysqli\_num\_rows($result) \> 0) { echo "User exist"; } else { function encode\_email($e) { for ($i = 0; $i \< strlen($e); $i++) { $output .= '&#'.ord($e[$i]).';'; } return $output; } echo(encode\_email($email)); // it is not in use so put it in $pw = password\_hash($pw, PASSWORD\_BCRYPT, array('cost' =\> 14)); $sql = mysqli\_query($con ,"INSERT INTO users WHERE username='" . $username . "' AND email='" . $email . "'"); if(mysqli\_query($sql)){ // if insert checked as successful echo username and password saved successfully }else{ echo "Sorry something went wrong. "; } } }else{ echo "The passwords do not match."; // and send them back to registration page } }

rob · August 22, 2016, 8:36pm

And how are you testing it?

H.R.H_The_Duke_of_Bi · August 22, 2016, 8:37pm

Through my corona app