I am having issues with the code below for site Sign-Up Page
I am trying to implement a login and registration system for students and staff on my university course. I have two tables in the DB, one for authorised users and then the other for registered users.
Before somebody can register, I have to enter either their student ID or email into the authorised table, otherwise it should tell the user that they are not authorised to register.
My problem is that when I register, I just get told that I am not authorised. The ID and email is in the authorised DB, so there is an issue with my code, and I cannot work it out.
Thanks in advanced.
I have this function for registering
public function register($firstname, $surname, $student_id, $email, $password) {
try {
$new_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO members(firstname, surname, student_id, email, password) VALUES(:fname, :sname, :sid, :smail, :spass)");
$stmt->bindparam(":fname", $firstname);
$stmt->bindparam(":sname", $surname);
$stmt->bindparam(":sid", $student_id);
$stmt->bindparam(":smail", $email);
$stmt->bindparam(":spass", $password);
$stmt->execute();
return $stmt;
} catch(PDOException $exception) {
echo $exception->getMessage();
}
}
And my registration page is as below.
<?php
require_once 'dbconfig.php';
if ($user->is_loggedin()!="") {
$user->redirect('home.php');
}
if (isset($_POST['btn-register'])) {
$fname = trim($_POST['fname']);
$sname = trim($_POST['sname']);
$student_id = trim($_POST['sid']);
$email = trim($_POST['smail']);
$password = trim($_POST['spass']);
$email_requirement = '@chester.ac.uk';
$email_verification = strpos($email, $email_requirement);
if ($fname == ""){
$error[] = "Please enter your firstname.";
} else if ($sname == "") {
$error[] = "Please enter your surname.";
} else if ($student_id == "") {
$error[] = "Please enter your Student ID.";
} else if ($email == "") {
$error[] = "Please enter your student email address.";
} else if ((!$email_verification) && (!filter_var($email, FILTER_VALIDATE_EMAIL))) {
$error[] = "Please enter a valid Chester Univeristy email address.";
} else if ($password == "") {
$error[] = "Please enter a password";
} else if (strlen($email) < 6 ) {
$error[] = "Passwords need to be at least 6 characters.";
} else {
try {
$check_exist = $DB_con->prepare("SELECT student_id, email FROM members WHERE student_id=:sid OR email=:smail");
$check_exist->execute(array(':sid'=>$student_id, ':smail'=>$email));
$row=$check_exist->fetch(PDO::FETCH_ASSOC);
if ($row['student_id'] == $student_id) {
$error[] = "That student ID has already been registered.";
} else if ($row['email'] == $email) {
$error[] = "That email address has already been registered.";
} else {
try {
$check_auth = $DB_con->prepare("SELECT student_id, email FROM authorised WHERE student_id=:sid OR email=:smail");
$check_auth->execute(array(':sid'=>$student_id, ':smail'=>$email));
$row2=$check_auth->fetch(PDO::FETCH_ASSOC);
if (($row2['student_id'] != $student_id) || ($row['email'] != $email)) {
$error[] = "You are not authorised to register. Please contact Richard - admin@cybersecurity.bloxamrose.co.uk.";
} else {
if ($user->register($fname, $sname, $student_id, $email, $password)) {
$user->redirect('sign-up.php?joined');
}
}
} catch (PDOException $exception) {
echo $exception->getMessage();
}
}
} catch (PDOException $exception) {
echo $exception->getMessage();
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>University of Chester (UNOFFICIAL) - Cybersecurity Notes</title>
<meta name="description" content="Student made resource for Cybersecurity students at the University of Chester. UNOFFICIAL." />
<meta name="author" content="Richard J Bloxam-Rose" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="css/main.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container">
<div class="form-container">
<form method="post">
<h2>Register</h2>
<hr />
<?php
if (isset($error)) {
foreach ($error as $error) {
?>
<div class="alert alert-danger">
<i class="glyphicon glyphicon-warning-sign"></i> <?php echo $error; ?>
</div>
<?php
}
} else if (isset($_GET['joined'])) {
?>
<div class="alert alert-info">
<i class="glyphicon glyphicon-log-in"> Registration complete <a href="index.php">Login</a> here.
</div>
<?php
}
?>
<div class="form-group">
<input type="text" class="form-control" name="fname" placeholder="First Name" value="<?php if (isset($error)) {echo $fname;}?>" />
</div>
<div class="form-group">
<input type="text" class="form-control" name="sname" placeholder="Surname" value="<?php if (isset($error)) {echo $sname;}?>" />
</div>
<div class="form-group">
<input type="text" class="form-control" name="sid" placeholder="Student ID" value="<?php if (isset($error)) {echo $student_id;}?>" />
</div>
<div class="form-group">
<input type="text" class="form-control" name="smail" placeholder="Student Email" value="<?php if (isset($error)) {echo $email;}?>" />
</div>
<div class="form-group">
<input type="password" class="form-control" name="spass" placeholder="Password" />
</div>
<div class="clearfix"></div>
<hr />
<div class="form-control">
<button type="submit" class="btn btn-block btn-primary" name="btn-register">
<i class="glyphicon glyphicon-open-file"></i> Register
</button>
</div>
<br />
<label>Already registered? <a href="index.php">Login</a></label>
</form>
</div>
</div>
</body>
</html>
Aucun commentaire:
Enregistrer un commentaire