Mysqli Register

[Epiales]

Okay all... I've been messing around with mysqli for a bit today. Have spent a few hours trying to do a registration page. The page is telling me that mysqli needs to be defined. Why is that?

Code: Select all

Notice: Undefined variable: mysqli in C:\xampp\htdocs\mysqli\register.php on line 17

I am also getting this error:

Code: Select all

Fatal error: Call to a member function prepare() on a non-object in C:\xampp\htdocs\mysqli\register.php on line 17

I thought mysqli and prepare didn't need to be defined? Or maybe I just don't get it... Here is my code:

Code: Select all

<?php
if(isset($_POST['register'])){
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
    $password = hash('sha512', $password.$random_salt);
    $email = $_POST['email']; 

$stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES ($_POST[username], $_POST[email], $_POST[password], $random_salt)");
    $stmt->bind_param("ssss", $members);
    $result = $stmt->execute();
    $stmt->close();    
    return $result;

}
?>
<form action='register.php' method='post' name='register'>
   Username: <input type='text' name='username' /><br />
   Email: <input type='text' name='email' /><br />
   Password: <input type='password' name='password' id='password'/><br />
   <input type='submit' id='register' name='register' value='Send'  />
</form>

[Winawer]

You aren't creating a mysqli object anywhere. Your query is also wrong, but that's another issue. Check out http://www.php.net/manual/en/mysqli.quickstart.php

[Epiales]

You aren't creating a mysqli object anywhere. Your query is also wrong, but that's another issue. Check out http://www.php.net/manual/en/mysqli.quickstart.php

Here is a better fix I guess, but no matter what examples I see online, and match them perfect with those examples, I get the same errors.

Code: Select all

<?php
if(isset($_POST['register'])){
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
    $password = hash('sha512', $password.$random_salt);
    $email = $_POST['email']; 

$stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)");
    $stmt->bind_param("ssss", $_POST['username'], $_POST['password'], $_POST['email'], $random_salt);
    $stmt->execute();
    $stmt->close();    


}
?>
<form action='register.php' method='post' name='register'>
   Username: <input type='text' name='username' /><br />
   Email: <input type='text' name='email' /><br />
   Password: <input type='password' name='password' id='password'/><br />
   <input type='submit' id='register' name='register' value='Send'  />
</form>

[Winawer]

You still need to create a mysqli object.

[Epiales]

You still need to create a mysqli object.

I think this is what you meant:

Code: Select all

<?php

include "db_config.php";

if(isset($_POST['register'])){
	$username = $_POST['username']; 
	$password = $_POST['password']; 
	$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
	$password = hash('sha512', $password.$random_salt);
	$email = $_POST['email']; 

$stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)");
	$stmt->bind_param("ssss", $_POST['username'], $_POST['password'], $_POST['email'], $random_salt);
	$stmt->execute();
	$stmt->close();	

}
?>
<form action='register.php' method='post' name='register'>
   Username: <input type='text' name='username' /><br />
   Email: <input type='text' name='email' /><br />
   Password: <input type='password' name='password' id='password'/><br />
   <input type='submit' id='register' name='register' value='Send'  />
</form>

Database Config... I had it defined, but in the config file. LOL

Code: Select all

define("DB_HOST","localhost");
define("DB_USER","root");
define("DB_PASS","");
define("DB_NAME"," ");
 
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

[Epiales]

Okay though, even though it's registering and placing information into the database now, the salt is working great, but the password is the users "typed" password and not coded... Why is that?

[Winawer]

You're binding $_POST['password'], not $password.

[Epiales]

You're binding $_POST['password'], not $password.

yeah, that made sense, but when I did the $password only, it won't let me login.

Code: Select all

<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>
<?php
include 'functions.php';

if(isset($_GET['error'])) { 
   echo 'Error Logging In!';
}
?>
<form action="process_login.php" method="post" name="login_form">
   Email: <input type="text" name="email" /><br />
   Password: <input type="password" name="p" id="password"/><br />
   <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
</form>

Form.js

[Epiales]

Okay, updated the forms and such.

Register

Code: Select all

<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>
<?php

include "db_config.php";

if(isset($_POST['register'])){
    $password = $_POST['p'];
    $username = $_POST['username'];
    $email = $_POST['email'];

    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
    $password = hash('sha512', $password.$random_salt);


$stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)");
    $stmt->bind_param("ssss", $_POST['username'], $_POST['email'], $password, $random_salt);
    $stmt->execute();
    $stmt->close();    
}
?>
<form action='register.php' method='post' name='register'>
   Username: <input type='text' name='username' /><br />
   Email: <input type='text' name='email' /><br />
   Password: <input type='password' name='p' /><br />
   <input type='submit' id='register' name='register' value='Send' onclick="formhash(this.form, this.form.password);" />
</form>

Login

Code: Select all

<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>
<?php
include 'functions.php';

if(isset($_GET['error'])) { 
   echo 'Error Logging In!';
}
?>
<form action="process_login.php" method="post" name="login_form">
   Email: <input type="text" name="email" /><br />
   Password: <input type="password" name="p" id="password"/><br />
   <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
</form>

It enters detail to database, but does not allow for login

[Epiales]

Okay, this is why I hate trying to follow someone else's work LOL... I'm figuring it out though. Just not very fast.

Okay... Login form NOW...

Code: Select all

<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>
<?php
include 'functions.php';
include 'db_config.php';

if(isset($_GET['error'])) { 
   echo 'Error Logging In!';
      
 $stmt = $mysqli->prepare("SELECT * FROM members WHERE email = ? && password = ?"); 

$stmt->bind_param('ss', $_POST['email'], $_POST['p']);
$stmt->execute();
$stmt->bind_result($email, $password);
$stmt->fetch();
$stmt->close();
$mysqli->close();

}
?>
<form action="process_login.php" method="post" name="login_form">
   Email: <input type="text" name="email" /><br />
   Password: <input type="password" name="p" id="password"/><br />
   <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
</form>

Getting closer, but not yet there... I get this error:

Code: Select all

Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in C:\xampp\htdocs\mysqli\login.php on line 18