Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0

    Question Why I See Blank Page After Submitting Form And Why Echoing Fails ?


    Php Gurus,

    I built a registration.php but I know not why I see a blank page after clicking "Register" button.
    Ignore the <center> tag for the time being. Will replace that with <p align> tag. I put echoes on conditions to see which part of the conditions get triggered. But the echoes don't occur.

    And, out of the following 2, which one suits my context ?

    PHP Code:
                
    $row 
    mysqli_fetch_array($resultMYSQLI_ASSOC); // Use this line or next ?
    $row mysqli_stmt_fetch($stmt); //Use this line or previous ?  
    registration.php

    PHP Code:
        <?php

        
    /*
        ERROR HANDLING
        */
        declare(strict_types=1);
        ini_set('display_errors''1');
        ini_set('display_startup_errors''1');
        error_reporting(E_ALL);
        mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

        include 'config.php';

        //Step 1: Before registering User account, check if User is already 
        registered or not.

        //Check if User is already logged-in or not.
        if (is_logged() === true) {
            die("You are already logged-in! No need to register again!");
        }

        if ($_SERVER['REQUEST_METHOD'] == "POST")
        {
        //Step 2: Check User Submitted Details.
        
            
    //Check if user made all the required inputs or not.
            if (isset($_POST["username"]) && 
               
    isset($_POST["password"]) &&
               isset($_POST["password_confirmation"]) && 
               
    isset($_POST["email"]) && 
               
    isset($_POST["email_confirmation"]) && 
               
    isset($_POST["first_name"]) && 
               
    isset($_POST["surname"]) && 
               
    isset($_POST["gender"])) {
               
        
    //Step  3: Check User details for matches against database. If no matches 
        then validate inputs and register User account.
               
                
    //Create variables based on user inputs.
                $username     trim($_POST["username"]);
                $password     $_POST["password"];
                $password_confirmation $_POST["password_confirmation"];
                $email         trim($_POST["email"]);
                $email_confirmation trim($_POST["email_confirmation"]);
                $first_name    trim($_POST["first_name"]);
                $surname     trim($_POST["surname"]);
                $gender     $_POST["gender"];    
                   $account_activation_code 
    sha1( (string) mt_rand(530)); //Type 
        Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a 
        STRING
    .
                $account_activation_link = 
        
    "http://www.".$site_domain."/".$social_network_name."/activate_account.php?
      
      email="
    .$_POST['email']."&account_activation_code=".$account_activation_code."";
                $account_activation_status 0// 1 = active; 0 = not active.
                $hashed_password password_hash($passwordPASSWORD_DEFAULT); 
        
    //Encrypt the password.
            
                
    //Select Username and Email to check against Mysql DB if they are 
        already registered or not.
                $stmt mysqli_prepare($conn"SELECT usernames, emails FROM users 
        WHERE usernames = ? OR emails = ?"
    );
                mysqli_stmt_bind_param($stmt'ss'$username$email);
                mysqli_stmt_execute($stmt);
                $result mysqli_stmt_bind_result($stmt$db_username$db_email);    
                
    //$row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Use this line 
        or next ?
                $row mysqli_stmt_fetch($stmt); //Use this line or previous ?    
            
                
    // Check if inputted Username is already registered or not.
                if ($row['usernames'] == $username) {
                    $_SESSION['error'] = "That username is already registered.";
                    exit();
                // Check if inputted Username is between the required 8 to 30 
        characters long or not.
                } elseif (strlen($username) < || strlen($username) > 30) {
                    $_SESSION['error'] = "Username must be between 8 to 30 
        characters long!"
    ;
                    exit();
                // Check if both inputted Emails match or not.
                } elseif ($email != $email_confirmation) {
                    $_SESSION['error'] = "Emails don't match!";
                    exit();
                // Check if inputed Email is valid or not.
                } elseif (!filter_var($emailFILTER_VALIDATE_EMAIL)) {
                    $_SESSION['error'] = "Invalid email! Insert your real Email in 
        order for us to email you your account activation details."
    ;
                    exit();
                // Check if inputted Email is already registered or not.
                } elseif ($row['emails'] == $email) {
                    $_SESSION['error'] = "That email is already registered.";
                    exit();
                // Check if both inputted Passwords match or not.
                } elseif ($password != $password_confirmation) {
                    $_SESSION['error'] = "Passwords don't match.";
                    exit();
                // Check if Password is between 8 to 30 characters long or not.
                } elseif (strlen($password) < || strlen($password) > 30) {
                    $_SESSION['error'] = "Password must be between 6 to 30 
        characters long!"
    ;
                    exit();
                    echo "line 88";
                } 
                else 
                
    {
                    //Insert the user's inputs into Mysql database using php's sql 
        injection prevention method "Prepared Statements".
                    $stmt mysqli_prepare($conn"INSERT INTO users(usernames, 
        passwords, emails, first_names, surnames, genders, 
        accounts_activations_codes, accounts_activations_statuses) VALUES (?, ?, ?, 
        ?, ?, ?, ?, ?)"
    );
                    mysqli_stmt_bind_param($stmt'sssssssi'$username, 
        $hashed_password
    $email$first_name$surname$gender, 
        $account_activation_code
    $account_activation_status);
                    mysqli_stmt_execute($stmt);
                    echo "line 96";
                
                    
    //Check if user's registration data was successfully submitted 
        or not.
                    if (!$stmt)
                    {
                        $_SESSION['error'] = "Sorry! Our system is currently 
        experiencing a problem registering your account! You may try registering 
        some other time."
    ;
                        echo "line 102";
                        exit();
                    }
                    else 
                    
    {
                        echo "line 107";
                        //Email the account activation link for user to click it to 
        confirm their email and activate their new account.
                        $to $email;
                        $subject "Your ".$site_name." account activation 
        details!"
    ;
                        $body  nl2br("
                        ===============================\r\n
                        "
    .$site_name." \r\n
                        ===============================\r\n
                        From: "
    .$site_admin_email."\r\n
                        To: "
    .$email."\r\n
                        Subject: Yours "
    .$subject." \r\n
                        Message: "
    .$first_name." ".$surname."\r\n You need to click 
        on this following <a href="
    .$account_activation_link.">link</a> to activate 
        your account. \r\n"
    );
                        $headers "From: " $site_admin_email "\r\n";
                
                        if 
    (!mail($to,$subject,$body,$headers)) 
                        
    {
                            $_SESSION['error'] = "Sorry! We have failed to email you 
        your account activation details. Please contact the website administrator!"
    ;
                            exit();
                        }
                        else
                        
    {
                            echo "<h3 style='text-align:center'>Thank you for your 
        registration!<br /> Check your email for details on how to activate your 
        account which you just registered.</h3>"
    ;
                            exit();
                        }
                    }
                }
            }
        }

        ?>

        <!DOCTYPE html>
        <html>
            <head>
                <title><?php $social_network_name ?> Signup Page</title>
            </head>
        <body>
        <div class ="container">

        <?php
        
    // Error Messages.
        if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
            echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
        }
        ?>

        <?php
        
    //Session Messages.
        if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
            echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
        }
        ?>

        <?php
        
    //Clear Registration Session.
        function clear_registration_session()
            {
                //Clear the User Form inputs, Session Messages and Session Errors so 
        they can no longer be used.
                unset($_SESSION['message']);
                unset($_SESSION['error']);
                unset($_POST);
                exit();
            }
        ?>

        <form method="post" action="">
            <center><h2>Signup Form</h2></center>
            <div class="form-group">
                <center><label>Username:</label>
                <input type="text" placeholder="Enter a unique Username" 
        name="username" required [A-Za-z0-9] value="<?php 
        
    if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>">
        </center>
            </div>
            <div class="form-group">
                <center><label>Password:</label>
                <input type="password" placeholder="Enter a new Password" 
        name="password" required [A-Za-z0-9]></center>
            </div>
            <div class="form-group">
                <center><label>Repeat Password:</label>
                <input type="password" placeholder="Repeat a new Password" 
        name="password_confirmation" required [A-Za-z0-9]></center>
            </div>
                <div class="form-group">
                <center><label>Email:</label>
                <input type="email" placeholder="Enter your Email" name="email" 
        required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo 
        htmlentities
    ($_POST['email']); }?>"></center>
            </div>
            <div class="form-group">
                <center><label>Repeat Email:</label>
                <input type="email" placeholder="Repeat your Email" 
        name="email_confirmation" required [A-Za-z0-9] value="<?php 
        
    if(isset($_POST['email_confirmation'])) { echo 
        htmlentities
    ($_POST['email_confirmation']); }?>"></center>
            </div>
            <div class="form-group">
                <center><label>First Name:</label>
                <input type="text" placeholder="Enter your First Name" 
        name="first_name" required [A-Za-z] value="<?php 
        
    if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); 
        
    }?>"></center>
            </div>
            <div class="form-group">
                <center><label>Surname:</label>
                <input type="text" placeholder="Enter your Surname" name="surname" 
        required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo 
        htmlentities
    ($_POST['surname']); }?>"></center>
            </div>
            <div class="form-group">
                <center><label>Gender:</label>
                <input type="radio" name="gender" value="male" <?php 
        
    if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input 
        type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) 
        
    { echo 'checked'; }?> required>Female</center>
            </div>
            <center><button type="submit" class="btn btn-default" 
            name="submit">Register!</button></center>
            <center><font color="red" size="3"><b>Already have an account ?</b><br>
        <a href="login.php">Login here!</a></font></center>
        </form>
        </div>
        </body>
        </html>
    Last edited by UniqueIdeaMan; November 26th, 2017 at 11:02 AM.
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Location
    Worldwide
    Posts
    47
    Rep Power
    45
    When you have an error you set a session but then kill the script, thus the blank page.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0

    Thumbs up


    Originally Posted by benanamen
    When you have an error you set a session but then kill the script, thus the blank page.
    Thanks Ben. I missed this reply as I was not regularly online or working on my php projects lately.
    So, you seem the session errors are the cause ?
    $_SESSION['error'] =

    Somebody added the session error on my code when other great programmers updated my script in the forums.
    Lastnight, I replaced the $_SESSION['error'] = with echo instead. In your opinion, did I do the right thing ?
    You can see the latest update of mine here:
    Is Not BigInt Or VARCHAR (40) Not Big Enough To House sha1?

    Thanks Man!
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,459
    Rep Power
    653
    To properly store sha1 into MySQL, use binary(20) and UNHEX to store it.

    Comments on this post

    • UniqueIdeaMan agrees
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Location
    Worldwide
    Posts
    47
    Rep Power
    45
    There are many issues with the code in the link referenced. You have twice as much code as you need. Starting with registration.php....

    This..
    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged() === true) {

    Can simply be

    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged) {


    This whole section is ALWAYS going to be isset if the user uses your form so this whole section is pointless. You need to trim the entire POST array at one time and then check for empty.
    //2A. Check whether user made all the required inputs or not.

    Stop creating variables for nothing
    //2B. Create variables based on user inputs.

    @requinix already discussed this..
    $account_activation_code = sha1( (string) mt_rand(5, 30));

    You are killing the script error by error. Dont echo the errors. Put them in an array and then check if the array is empty or not. If there are errors, display them all at the same time.

    //2C. Check whether user inputs valid or not.

    What is the point of splitting the email into parts? If you really need it in parts (never seen that) then use code to get the parts you want.

    On checking for existing data, I think you have already been told before about setting a unique constraint on the columns and attempting the insert, then capturing the duplicate error if any. You are creating a race condition as is.

    The page is never going to validate with all the hard exits.

    You start using sessions with no session_start

    You try to echo session errors that you never set.

    **********************
    activate_account.php
    **********************
    You should check for truth, not false
    if ($account_activation_status != 0)

    is better to be

    if ($account_activation_status)

    Where does $username) and $primary_website_email magically appear from?

    Comments on this post

    • UniqueIdeaMan agrees : Gave REP for thorough review and in-depth suggestions to my code
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Originally Posted by benanamen
    There are many issues with the code in the link referenced. You have twice as much code as you need. Starting with registration.php....

    This..
    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged() === true) {

    Can simply be

    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged) {


    This whole section is ALWAYS going to be isset if the user uses your form so this whole section is pointless. You need to trim the entire POST array at one time and then check for empty.
    //2A. Check whether user made all the required inputs or not.

    Stop creating variables for nothing
    //2B. Create variables based on user inputs.

    @requinix already discussed this..
    $account_activation_code = sha1( (string) mt_rand(5, 30));

    You are killing the script error by error. Dont echo the errors. Put them in an array and then check if the array is empty or not. If there are errors, display them all at the same time.

    //2C. Check whether user inputs valid or not.

    What is the point of splitting the email into parts? If you really need it in parts (never seen that) then use code to get the parts you want.

    On checking for existing data, I think you have already been told before about setting a unique constraint on the columns and attempting the insert, then capturing the duplicate error if any. You are creating a race condition as is.

    The page is never going to validate with all the hard exits.

    You start using sessions with no session_start

    You try to echo session errors that you never set.

    **********************
    activate_account.php
    **********************
    You should check for truth, not false
    if ($account_activation_status != 0)

    is better to be

    if ($account_activation_status)

    Where does $username) and $primary_website_email magically appear from?
    Ben,

    Thank you very much for your input.
    I will try heeding all your advices and suggestions.
    Originally, there was only one variable: $email. I then changed that to $website_email and so on. I used CTRL H to do the changing but it seems the change did not occur on some spots as I can see this on my original post's code. Thanks for indirectly bringing that to my attention.
    Anyway, here is my latest code .... (I still have not amended my mistakes based on your corrections yet. Once I do that, I will copy-paste again in another post after this.

    register.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */

    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged() === true) {
        die(
    "You are already logged-in to your account! No need to register again for another account! Only one account per user.");
    }

    //Perform following actions after REGISTER button is clicked.
    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {
    //Step 2: Check user submitted details.    
        
        //2A. Check whether user made all the required inputs or not.
        
    if (isset($_POST['agree_to_tos']) && 
           isset(
    $_POST["username"]) && 
           isset(
    $_POST["password"]) &&
           isset(
    $_POST["password_confirmation"]) && 
           isset(
    $_POST["primary_website_domain"]) && 
           isset(
    $_POST["primary_website_email_account"]) && 
           isset(
    $_POST["primary_website_email_account_confirmation"]) && 
           isset(
    $_POST["primary_website_email_domain"]) && 
           isset(
    $_POST["primary_website_email_domain_confirmation"]) && 
           isset(
    $_POST["first_name"]) && 
           isset(
    $_POST["middle_name"]) && 
           isset(
    $_POST["surname"]) && 
           isset(
    $_POST["gender"]) && 
           isset(
    $_POST["working_status"])) 
        {       
            
    //2B. Create variables based on user inputs.
            
    $agree_to_tos trim($_POST['agree_to_tos']);
            
    $username trim($_POST["username"]);
            
    $password $_POST["password"];
            
    $password_confirmation $_POST["password_confirmation"];        
            
    $primary_website_domain trim($_POST["primary_website_domain"]);        
            
    $primary_website_email_account trim($_POST["primary_website_email_account"]);
            
    $primary_website_email_account_confirmation trim($_POST["primary_website_email_account_confirmation"]);
            
    $primary_website_email_domain trim($_POST["primary_website_email_domain"]);
            
    $primary_website_email_domain_confirmation trim($_POST["primary_website_email_domain_confirmation"]);    
            
    //Combine Primary Website Email Account and Primary Website Email Domain to form Primary Email.
            
    $primary_website_email "$primary_website_email_account"."@"."$primary_website_email_domain";        
            
    $first_name    trim($_POST["first_name"]);
            
    $middle_name trim($_POST["middle_name"]);
            
    $surname trim($_POST["surname"]);
            
    $gender $_POST["gender"];
            
    $working_status $_POST["working_status"];
               
    $account_activation_code sha1( (string) mt_rand(530)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
            
    $account_activation_link "http://www.".$site_domain."/".$social_network_name."/activate_account.php?primary_website_email=".$primary_website_email."&account_activation_code=".$account_activation_code."";
            
    $account_activation_status 0// 1 = Active or Account Activated; 0 = Active or Pending Registration.
            
    $hashed_password password_hash($passwordPASSWORD_DEFAULT); //Encrypt the password.
            
            //2C. Check whether user inputs valid or not.
            
            //Check if User agreed to TOS or not.
            
    if ($agree_to_tos != 'yes') {
                echo 
    "You must agree to our Terms & Conditions!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if inputted Username is between the required 8 to 30 characters long or not.
            
    } elseif (strlen($username) < || strlen($username) > 30) {
                echo 
    "Username must be between 8 to 30 characters long!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if Password is between 8 to 30 characters long or not.
            
    } elseif (strlen($password) < || strlen($password) > 30) {
                echo 
    "Password must be between 8 to 30 characters long!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if inputed Email is valid or not.
            
    } elseif (!filter_var($primary_website_emailFILTER_VALIDATE_EMAIL)) {
                echo 
    "Invalid Email! Insert your real Email in order for us to email you your account activation details.<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if both inputted Passwords match or not.
            
    } elseif ($password != $password_confirmation) {
                echo 
    "Your inputted Passwords don't match<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();            
            
    // Check if both inputted Email Account match or not.
            
    } elseif ($primary_website_email_account != $primary_website_email_account_confirmation) {
                echo 
    "Your inputted Email Accounts don't match!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if both inputted Email Domain match or not.
            
    } elseif ($primary_website_email_domain != $primary_website_email_domain_confirmation) {
                echo 
    "Your inputted Email Domains don't match!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if both inputted Primary Website Email and Primary Website Domain match or not.
            
    } elseif ($primary_website_email_domain != $primary_website_domain) {
                echo 
    "Your Primary Website Domain ($primary_website_domain) and Primary Website Email's Domain (@$primary_website_email_domain) don't match!<br>";
                echo 
    "NOTE: Your inputted Email Address must belong to your Primary Website Domain \"$primary_website_domain\".<br>";
                echo 
    "Click the BACK button on your browser and try again!<br>";
                exit();
            }
            else 
            {
                
    //2D. Check user inputs against DB.
                
                //Select Username, Primary Domain and Primary Domain Email to check against Mysql DB if they are already registered or not.
                
    $stmt mysqli_prepare($conn"SELECT username, primary_website_domain, primary_website_email FROM users WHERE username = ? OR primary_website_domain = ? OR primary_website_email = ?");
                
    mysqli_stmt_bind_param($stmt'sss'$username$primary_website_domain$primary_website_email);
                
    mysqli_stmt_execute($stmt);
                
    $result mysqli_stmt_bind_result($stmt$db_username$db_primary_website_domain$db_primary_website_email);    
                
    //$row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Use this line or next ?
                
    $row mysqli_stmt_fetch($stmt); //Use this line or previous ?    
        
                // Check if inputted Primary Website Domain Name is already registered or not.
                
    if ($row['primary_website_domain'] == $primary_website_domain) {
                    echo 
    "That domain name $primary_website_domain is already registered.<br>";
                    exit();
                
    //Check if inputted Username is already registered or not.
                
    } elseif ($row['username'] == $username) {
                    echo 
    "That username $username is already registered!<br>";
                    echo 
    "Click the BACK button on your browser and try again!";
                    exit();
                
    // Check if inputted Email is already registered or not.
                
    } elseif ($row['primary_website_email'] == $primary_website_email) {
                    echo 
    "That email $primary_website_email is already registered.<br>";
                    exit();
                }
                else 
                {
    //Step 3: Insert user's inputs into DB.

                    //Step 3A. Insert user's inputs into DB using php's sql injection prevention method "Prepared Statements".
                    
    $stmt mysqli_prepare($conn"INSERT INTO users(username, password, primary_website_domain, primary_website_email, first_name, middle_name, surname, gender, working_status, account_activation_status, account_activation_code) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
                    
    mysqli_stmt_bind_param($stmt'ssssssssssi'$username$hashed_password$primary_website_domain$primary_website_email$first_name$middle_name$surname$gender$working_status$account_activation_status$account_activation_code);
                    
    mysqli_stmt_execute($stmt);
                
                    
    //Step 3B. Check whether user's registration data was successfully submitted or not.
                    
    if (!$stmt)
                    {
                        echo 
    "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time.";
                        exit();
                    }
                    else 
                    {
                        
    $account_name "$username";
                        
    //Step 3C. Email user their account activation link for them to click to confirm their Email Address and activate their new Account.

                        
    $headers "From: " $site_admin_email "\r\n";
                        
    //More headers
                        //Always set content-type when sending HTML email
                        
    $headers "MIME-Version: 1.0" "\r\n";
                        
    $headers .= "Content-type:text/html;charset=UTF-9" "\r\n";
                        
                        
    $to "$primary_website_email";
                        
    $subject "Your Following Browser account activation details!";
                        
    $body  "".$first_name." ".$surname.",
                        <html>
                        <head>
                        <title>Activation Link</title>
                        </head>
                        <body>
                        You need to click on the following link <a href="
    .$account_activation_link.">.$account_activation_link.</a> to activate your account.
                        </body>
                        </html>"
    ;
                        
                        if (!
    mail($to,$subject,$body,$headers)) 
                        {
                            
    //Alert user System Error. System unable to email the Account Activation Link.
                            
    echo "Sorry! We have failed to email you your account activation details. Please contact the website administrator!";
                            exit();
                        }
                        else
                        {
                            
    //Alert user System Success. System was able to email the Account Activation Link.
                            
    echo "<h3 style='text-align:center'>Thank you for your registration!</h3><br>";
                            echo 
    "Now, check your email \"$primary_website_email\" for details on how to activate your new account \"$account_name\" which you just registered.";
                            exit();
                        }
                    }
                }
            }
        }
    }

    ?>

    <!DOCTYPE html>
    <html>
        <head>
            <title><?php $social_network_name ?> Signup Page</title>
        </head>
    <body>
    <div class ="container">

    <?php 
    // Error Messages.
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php 
    //Session Messages.
    if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php 
    //Clear Registration Session.
    function clear_registration_session()
        {
            
    //Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
            
    unset($_SESSION['message']);
            unset(
    $_SESSION['error']);
            unset(
    $_POST);
            exit();
        }
    ?>

    <p align="left"><font color="red" size="3"><b>Already have an account ? </b><a href="login.php">Login here!</a></font></p>
    <form method="post" action="">
        <p align="left"><h2>Signup Form</h2></p>
        <fieldset>
        <div class="form-group">
            <p align="left"><label>* Username:</label>
            <input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Password:</label>
            <input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Repeat Password:</label>
            <input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Primary Website Domain:</label>
            <input type="primary_domain" placeholder="Enter your Primary Website Domain" name="primary_website_domain" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_domain'])) { echo htmlentities($_POST['primary_website_domain']); }?>">
        <font color="red" size="1"><b> Don't have a Domain ? </b><a href="domain_register.php">Register one here!</a></font></p>
        </div>
            <div class="form-group">
            <p align="left"><label>* Email Account:</label>
            <input type="text" placeholder="Enter your Email Account name (first part before @)" name="primary_website_email_account" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_account'])) { echo htmlentities($_POST['primary_website_email_account']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Repeat Email Account:</label>
            <input type="text" placeholder="Repeat your Email Account name (first part before @)" name="primary_website_email_account_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_account_confirmation'])) { echo htmlentities($_POST['primary_website_email_account_confirmation']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Email Address Domain:</label>
            <input type="text" placeholder="Enter your Email Account Domain (last part after @)" name="primary_website_email_domain" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_domain'])) { echo htmlentities($_POST['primary_website_email_domain']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Repeat Email Address Domain:</label>
            <input type="text" placeholder="Repeat your Email Account Domain (last part after @)" name="primary_website_email_domain_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_domain_confirmation'])) { echo htmlentities($_POST['primary_website_email_domain_confirmation']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* First Name:</label>
            <input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>Middle Name:</label>
            <input type="text" placeholder="Enter your Middle Name" name="middle_name" required [A-Za-z] value="<?php if(isset($_POST['middle_name'])) { echo htmlentities($_POST['middle_name']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Surname:</label>
            <input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Gender:</label>
            <input type="radio" name="gender" value="Male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="Female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Working Status:</label>
            <input type="radio" name="working_status" value="Selfemployed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Selfemployed<input type="radio" name="working_status" value="Employed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Employed<input type="radio" name="working_status" value="Unemployed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Unemployed</p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Agree to Terms & Conditions ?:</label>
            <input type="radio" name="agree_to_tos" value="yes" <?php if(isset($_POST['tos'])) { echo 'checked'; }?> required>Yes
            <input type="radio" name="agree_to_tos" value="no" <?php if(isset($_POST['tos'])) { echo 'checked'; }?> required>No
        </div>
        </fieldset>
            <p align="left"><button type="submit" class="btn btn-default" name="submit">Register!</button></p>
    </form>
        <p align="left"><font color="red" size="3"><b>Already have an account ? </b><a href="login.php">Login here!</a></font></p>
    </body>
    </html>
    activate_account.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    //Step 1: Check whether URL is in the GET Method or not.

    //Perform following actions if Url is not in the GET Method and does not contain user Email and Account Activation Code.
    if (!isset($_GET["primary_website_email"], $_GET["account_activation_code"]) === TRUE)
    {
        
    $primary_website_email htmlspecialchars($_GET['primary_website_email']);
        
    $account_activation_code htmlspecialchars($_GET['account_activation_code']);
        
    //Give user alert the Account Activation Link is Invalid.
        
    echo "Invalid Account Activation Link! Try registering for an account if you do not already have one! <a href=\"http://loudgobs.com/following_browser/register.php\">Register here!</a>";
        exit();

    else 
    {
    //Step 2: Check user submitted details.    
        
        //2A. Check user inputs against DB.            
        //Select Username, Primary Domain and Primary Domain Email to check against DB if they are pending registration or not.    
        
    $stmt mysqli_prepare($conn"SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?");
        
    mysqli_stmt_bind_param($stmt'si'$_GET["primary_website_email"],  $_GET["account_activation_code"]);
        
    mysqli_stmt_bind_result($stmt$username$account_activation_status);

        
    //Perform following if Account Activation Link was valid (Correctly had the registered email and Account Activation Code associated with it).
        
    if (mysqli_stmt_execute($stmt) && mysqli_stmt_fetch($stmt))
        {
            
    //Perform following if Account Activation Status is not on "0" (Account Activation Pending) on DB.
            
    if ($account_activation_status != 0)
            {
                
    //Give user alert Account already activated.
                
    echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
                exit;
            }
            else
            {
                
    //Set Account Activation Status to 1 (1 = "Account Activated" and 0 = "Activation Pending") on DB.
                
    $account_activation_status 1;
                
    $stmt mysqli_prepare($conn"UPDATE users SET account_activation_status = ? WHERE username = ?");
                
    mysqli_stmt_bind_param($stmt'is'$account_activation_status$username);
                if (
    mysqli_stmt_execute($stmt))
                {
                    
    //Give user alert Account has now been activated.
                    
    echo "<h3 style='text-align:center'>Thank you for confirming your email \"$primary_website_email\" and activating your account $username.<br /> Redirecting you to the login page ...</h3>";
                    exit;
                }
            }
        } 
        else 
        {
            
    //Perform following if Primary Website Email and/or Account Activation Code is not Pending Registration.
            
    $primary_website_email htmlspecialchars($_GET['primary_website_email']);
            
    $account_activation_code htmlspecialchars($_GET['account_activation_code']);
            
            
    //Give user alert the Email Address and/or the Account Activation Code in the Account Activation Link is Invalid or the Account Activation Link is out of date (Email no longer registered).
            
    echo "Either this Email Address $primary_website_email was not pending registration with this Account Activation Code $account_activation_code or one or both of them are invalid! Or, the Account Activation Link is out of date (Email no longer registered)
            Try registering an account if you have not already done so! <a href=\"http://loudgobs.com/following_browser/register.php\">Register here!</a>"
    ;
            exit;
        }
    }
    Last edited by UniqueIdeaMan; December 15th, 2017 at 08:50 AM.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,459
    Rep Power
    653
    You need to fix your typo for the formatting. Also you are still not handling SHA1 correctly.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  14. #8
  15. No Profile Picture
    Super Moderator
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jun 2009
    Location
    Hartford, WI
    Posts
    1,535
    Rep Power
    112
    As a small note...

    2A.) In order to try and lessen your code, isset() does allow multiple parameters, so you can include them all in 1, instead of repeating the function. isset() not even needed in your case via benanamen's comment...

    2B.) Since your code is already written, this may not be favorable, but since this is done as a set, would you rather build all these variables within something like an $option['varName'] type array?

    Example: Sorry all for throwing this example out there... This is just to give a quick and rough idea of your 3 steps in relatively 1 line, since the first line is a 1-shot for everything...
    PHP Code:
    $_POST array_map('trim'$_POST);
    $option['primary_website_email'] = $_POST['primary_website_email_account'] . '@' $_POST['primary_website_email_domain']; 
    Last edited by Triple_Nothing; December 15th, 2017 at 08:27 AM.
    He who knows not that he knows not is a fool, ignore him. He who knows that he knows not is ignorant, teach him. He who knows not that he knows is asleep, awaken him. He who knows that he knows is a leader, follow him.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Mr. Benanaman,

    I am replying to your comments.

    >> There are many issues with the code in the link referenced. You have twice as much code as you need. Starting with registration.php....

    This..
    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged() === true) {

    Can simply be

    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged) { <<

    Unfortunately, I had to downgrade to php 5 from 7 as one of my scripts (I bought it) needed an extension that was deprecated in 7. I think it was the mysql.
    Therefore, this does not work in php 5:

    PHP Code:
    if (is_logged) { 
    PHP Code:
    if (is_logged()) { 
    PS - is_logged is actually a function. Check function.php. You weren't to know as I did not include the function.php and other required files in my op as I did not want to bother you guys with too many files and their codes.
    But, I'm including all of them here so you guys know the full context of the script.

    Anyway, on activate_account.php, I changed line 39 from:
    PHP Code:
            if ($account_activation_status != 0
    to:

    PHP Code:
            if ($account_activation_status 1
    Better now ?



    >> This whole section is ALWAYS going to be isset if the user uses your form so this whole section is pointless. You need to trim the entire POST array at one time and then check for empty.
    //2A. Check whether user made all the required inputs or not. <<


    Originally, if I remember correctly, I had done it like this:

    PHP Code:
    //Perform following actions after REGISTER button is clicked.
        
    if (isset($_POST['agree_to_tos']) && 
    Note, I used the isset above.

    Then, in the update, I replaced the issets with:
    PHP Code:
    if ($_SERVER['REQUEST_METHOD'] == "POST")

    But, if I remember correctly, one of them or more than one of them (who edited my code for my learning purpose in some forum) used both the issets and the:
    if ($_SERVER['REQUEST_METHOD'] == "POST").
    And so, I thought: They know best.
    And stuck to it.
    So, you reckon I should use either but not both ?



    >>Stop creating variables for nothing
    //2B. Create variables based on user inputs. <<


    I learnt in some forum that, if you need to deal with the user input many times where you have to call the "$_POST" (eg. ($_POST["username"]))" many times then best create a $variable and call that or use that as many times needed as it's easier to code that way and maybe faster to process on the cpu side.
    Anyone agrees with this, if Benanaman does not agree ?
    Hence, you saw the variables ....
    PHP Code:
    //2A. Check whether user made all the required inputs or not.
        
    if (isset($_POST['agree_to_tos']) && 
           isset(
    $_POST["username"]) && 
           isset(
    $_POST["password"]) &&
           isset(
    $_POST["password_confirmation"]) && 
           isset(
    $_POST["primary_website_domain"]) && 
           isset(
    $_POST["primary_website_email_account"]) && 
           isset(
    $_POST["primary_website_email_account_confirmation"]) && 
           isset(
    $_POST["primary_website_email_domain"]) && 
           isset(
    $_POST["primary_website_email_domain_confirmation"]) && 
           isset(
    $_POST["first_name"]) && 
           isset(
    $_POST["middle_name"]) && 
           isset(
    $_POST["surname"]) && 
           isset(
    $_POST["gender"]) && 
           isset(
    $_POST["working_status"])) 
        {       
            
    //2B. Create variables based on user inputs.
            
    $agree_to_tos trim($_POST['agree_to_tos']);
            
    $username trim($_POST["username"]);
            
    $password $_POST["password"];
            
    $password_confirmation $_POST["password_confirmation"];        
            
    $primary_website_domain trim($_POST["primary_website_domain"]);        
            
    $primary_website_email_account trim($_POST["primary_website_email_account"]);
            
    $primary_website_email_account_confirmation trim($_POST["primary_website_email_account_confirmation"]);
            
    $primary_website_email_domain trim($_POST["primary_website_email_domain"]);
            
    $primary_website_email_domain_confirmation trim($_POST["primary_website_email_domain_confirmation"]);    
            
    //Combine Primary Website Email Account and Primary Website Email Domain to form Primary Email.
            
    $primary_website_email "$primary_website_email_account"."@"."$primary_website_email_domain";        
            
    $first_name    trim($_POST["first_name"]);
            
    $middle_name trim($_POST["middle_name"]);
            
    $surname trim($_POST["surname"]);
            
    $gender $_POST["gender"];
            
    $working_status $_POST["working_status"];
               
    $account_activation_code sha1( (string) mt_rand(530)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
            
    $account_activation_link "http://www.".$site_domain."/".$social_network_name."/activate_account.php?primary_website_email=".$primary_website_email."&account_activation_code=".$account_activation_code."";
            
    $account_activation_status 0// 1 = Active or Account Activated; 0 = Active or Pending Registration.
            
    $hashed_password password_hash($passwordPASSWORD_DEFAULT); //Encrypt the password.
            
            //2C. Check whether user inputs valid or not.
            
            //Check if User agreed to TOS or not.
            
    if ($agree_to_tos != 'yes') {
                echo 
    "You must agree to our Terms & Conditions!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if inputted Username is between the required 8 to 30 characters long or not.
            
    } elseif (strlen($username) < || strlen($username) > 30) {
                echo 
    "Username must be between 8 to 30 characters long!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if Password is between 8 to 30 characters long or not.
            
    } elseif (strlen($password) < || strlen($password) > 30) {
                echo 
    "Password must be between 8 to 30 characters long!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if inputed Email is valid or not.
            
    } elseif (!filter_var($primary_website_emailFILTER_VALIDATE_EMAIL)) {
                echo 
    "Invalid Email! Insert your real Email in order for us to email you your account activation details.<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Passwords match or not.
            
    } elseif ($password != $password_confirmation) {
                echo 
    "Your inputted Passwords don't match<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Email Account match or not.
            
    } elseif ($primary_website_email_account != $primary_website_email_account_confirmation) {
                echo 
    "Your inputted Email Accounts don't match!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Email Domain match or not.
            
    } elseif ($primary_website_email_domain != $primary_website_email_domain_confirmation) {
                echo 
    "Your inputted Email Domains don't match!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Primary Website Email and Primary Website Domain match or not.
            
    } elseif ($primary_website_email_domain != $primary_website_domain) {
                echo 
    "Your Primary Website Domain ($primary_website_domain) and Primary Website Email's Domain (@$primary_website_email_domain) don't match!<br>";
                echo 
    "NOTE: Your inputted Email Address must belong to your Primary Website Domain \"$primary_website_domain\".<br>";
                echo 
    "Click the BACK button on your browser and try again!<br>";
                
            } 


    >> @requinix already discussed this..
    $account_activation_code = sha1( (string) mt_rand(5, 30)); <<


    Not sure what you mean by this.


    >> You are killing the script error by error. Don't echo the errors. Put them in an array and then check if the array is empty or not. If there are errors, display them all at the same time.
    //2C. Check whether user inputs valid or not. <<


    Not sure what you exactly mean. Therefore, care to show an example. Will be a good learning chance.
    Thanks.




    >>What is the point of splitting the email into parts? If you really need it in parts (never seen that) then use code to get the parts you want.<<


    I actually don't want people submitting free email addresses but email addresses belonging from their domain names. Therefore, the 1st part is the email account and the 2nd part is for the user to input the domain name.
    Example:
    If your domain is "devshed.com" then your email address must be from the same domain name. Like:
    benanaman@devshed.com
    webmaster@devshed.com

    The 2nd input (domain of the email address), I will cross match that with what the user inputs as his website/domain.
    I don't want users opening fake accounts and so getting them to register under their domain name as an id check just like gmail etc. gets you to verify your fone number during signup as an id check. Users who register their account under their domain name are likely to behave using my membership site (web proxy) and not act maliciously.
    For more info on my current project:
    What To Look-out For When Running Your Own Public Proxy ?
    The code you see in this thread would be part of my venture mentioned in the above link.

    Btw, I don;t know how to write regex for the domain to be grabbed from the email address. I probably had the regex somewhere but lost track of it somewhere. Do you have the regex ?



    >>On checking for existing data, I think you have already been told before about setting a unique constraint on the columns and attempting the insert, then capturing the duplicate error if any. You are creating a race condition as is.<<


    Sorry. I don't understand properly what you mean. I only made the "id" column (mysql) unique. All other columns are mostly VarChar(255).
    Mmm. Are you saying that, I should not code to get php to check whether an input field in the webform has been filled in or not. Instead, I should just get the php to dump the input (be it something or nothing) into the appropriate columns in mysql and then get mysql to check if the row has been filled or blank ?
    If that is what you are saying then is not that more bandwidth used ? Server likely to be busy if a lot of people use my site simultaneously and see site gone slow.



    >>The page is never going to validate with all the hard exits.<<

    Yeah. I noticed that, regardless of whether I use the
    $_SESSION['error'] =
    or the:
    echo.
    The script never gives the user input errors after the user submits the form. User has to hit the BACK button on his browser to see the errors. Are the "exit();" responsible for all this ? Anyway, testing this out by removing all but one exit.



    >>You try to echo session errors that you never set.<<

    Somebody amended my script in some forum and added the session errors. I read a little on it but still not got the hang of it.
    Did he not do a good job like so ?

    PHP Code:
    <?php 
    // Error Messages.
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php 
    //Session Messages.
    if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>


    >>You start using sessions with no session_start<<

    Actually, I did. But you weren't to kow since I did not include the function.php on my op.
    Check now below. And, I'd apreciate any feedback on the login.php too.

    Btw, on the login.php, I give the user 3 options. 1. Login with Username, 2. Login with Domain name, 3. Login with Email.
    Hence you see lines 34 - 63 looking like this:

    PHP Code:
    //Step 3: Check whether user inputted Domain/Email/Username exists in DB or not. User already registered or not.

            //3A. Check whether "username_domain_or_email" field contains an Email Address or not.
            
    if(strpos("username_domain_or_email""@"))
            {
                
    $primary_website_email $username_domain_or_email;
            
                
    $query "SELECT id, username, password, primary_website_domain, primary_website_email, account_activation_status FROM users WHERE primary_website_email = ?";
                
    $stmt mysqli_prepare($conn$query);
                
    mysqli_stmt_bind_param($stmt's'$primary_website_email);
                
    mysqli_stmt_execute($stmt);
                
    //mysqli_stmt_get_result($stmt); // Use this line or next ?
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_primary_website_domain$db_primary_website_email$db_account_activation_status); // Use this line or previous ?
            
    }
            
    //3B. Check whether "username_domain_or_email" field contains a Domain Name or not.
            
    elseif(strpos("username_domain_or_email""."))
            {
                
    $primary_website_domain $username_domain_or_email;
                    
                
    $query "SELECT id, username, password, primary_website_domain, primary_website_email, account_activation_status FROM users WHERE primary_website_domain = ?";
                
    $stmt mysqli_prepare($conn$query);
                
    mysqli_stmt_bind_param($stmt's'$primary_website_domain);
                
    mysqli_stmt_execute($stmt);
                
    //mysqli_stmt_get_result($stmt); // Use this line or next ?
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_primary_website_domain$db_primary_website_email$db_account_activation_status); // Use this line or previous ?
            
    }
            else 
            {
                
    //3C. At this point in the condition, assume "username_domain_or_email" field contains a Username and not a Domain Name or Email Address.
                
    $username $username_domain_or_email

    Thanks

    This post got too long so posting full code on next post as forum causing trouble.
    Last edited by UniqueIdeaMan; December 15th, 2017 at 11:13 AM.
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Folks,

    Benanaman gave a thorough review of my script. I'd appreciate if you guys do the same to my update.
    I would appreciate any sample codes from you. Meaning, wherever you deem I can improve then say so by showing sample snippets.

    Btw, I have got the concatenation parts a bit wires crossed. Yes ?
    ------

    The Full Script

    conn.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    //$conn = mysqli_connect("domain name", "user", "password", "database");
    $conn mysqli_connect("localhost""root""""blah");

    if (!
    $conn) {
        
    // message to use in development to see errors
        
    die("Database error : " mysqli_error($conn));

        
    // user friendly message
        // die("Database error.");
        
    exit();
    }

    ?>

    functions.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    // functions file
    /*
    Check if user is logged by checking if session named "user" isset
    Return true if session "user" exists or false if not exists
    */
    function is_logged() {
        if (isset(
    $_SESSION["user"]) && !empty($_SESSION["user"])) {
            return 
    true;
        } else {
            return 
    false;
        }
    }

    function 
    getuser($field$user_id){
        
    $query mysqli_query($conn,"SELECT $field FROM users WHERE id = '$user_id'");
        
    $run mysqli_fetch_array($query);
        return 
    $run[$field];
    }
        
    ?>

    site_details.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    $site_name "blah";
    $social_network_name "blah";
    $site_domain "blah";
    $site_admin_email "blah@blah";
    $social_network_admin_email "blah@blah";

    ?>


    register.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */

    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged
    {
        die(
    "You are already logged-in to your account! No need to register again for another account! Only one account per user.");
    }

    //Perform following actions after REGISTER button is clicked.
    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {
    //Step 2: Check user submitted details.    
        
        //2A. Check whether user made all the required inputs or not.
        
    if (isset($_POST['agree_to_tos']) && 
           isset(
    $_POST["username"]) && 
           isset(
    $_POST["password"]) &&
           isset(
    $_POST["password_confirmation"]) && 
           isset(
    $_POST["primary_website_domain"]) && 
           isset(
    $_POST["primary_website_email_account"]) && 
           isset(
    $_POST["primary_website_email_account_confirmation"]) && 
           isset(
    $_POST["primary_website_email_domain"]) && 
           isset(
    $_POST["primary_website_email_domain_confirmation"]) && 
           isset(
    $_POST["first_name"]) && 
           isset(
    $_POST["middle_name"]) && 
           isset(
    $_POST["surname"]) && 
           isset(
    $_POST["gender"]) && 
           isset(
    $_POST["working_status"])) 
        {       
            
    //2B. Create variables based on user inputs.
            
    $agree_to_tos trim($_POST['agree_to_tos']);
            
    $username trim($_POST["username"]);
            
    $password $_POST["password"];
            
    $password_confirmation $_POST["password_confirmation"];        
            
    $primary_website_domain trim($_POST["primary_website_domain"]);        
            
    $primary_website_email_account trim($_POST["primary_website_email_account"]);
            
    $primary_website_email_account_confirmation trim($_POST["primary_website_email_account_confirmation"]);
            
    $primary_website_email_domain trim($_POST["primary_website_email_domain"]);
            
    $primary_website_email_domain_confirmation trim($_POST["primary_website_email_domain_confirmation"]);    
            
    //Combine Primary Website Email Account and Primary Website Email Domain to form Primary Email.
            
    $primary_website_email "$primary_website_email_account"."@"."$primary_website_email_domain";        
            
    $first_name    trim($_POST["first_name"]);
            
    $middle_name trim($_POST["middle_name"]);
            
    $surname trim($_POST["surname"]);
            
    $gender $_POST["gender"];
            
    $working_status $_POST["working_status"];
               
    $account_activation_code sha1( (string) mt_rand(530)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
            
    $account_activation_link "http://www.".$site_domain."/".$social_network_name."/activate_account.php?primary_website_email=".$primary_website_email."&account_activation_code=".$account_activation_code."";
            
    $account_activation_status 0// 1 = Active or Account Activated; 0 = Active or Pending Registration.
            
    $hashed_password password_hash($passwordPASSWORD_DEFAULT); //Encrypt the password.
            
            //2C. Check whether user inputs valid or not.
            
            //Check if User agreed to TOS or not.
            
    if ($agree_to_tos != 'yes') {
                echo 
    "You must agree to our Terms & Conditions!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                exit();
            
    // Check if inputted Username is between the required 8 to 30 characters long or not.
            
    } elseif (strlen($username) < || strlen($username) > 30) {
                echo 
    "Username must be between 8 to 30 characters long!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if Password is between 8 to 30 characters long or not.
            
    } elseif (strlen($password) < || strlen($password) > 30) {
                echo 
    "Password must be between 8 to 30 characters long!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if inputed Email is valid or not.
            
    } elseif (!filter_var($primary_website_emailFILTER_VALIDATE_EMAIL)) {
                echo 
    "Invalid Email! Insert your real Email in order for us to email you your account activation details.<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Passwords match or not.
            
    } elseif ($password != $password_confirmation) {
                echo 
    "Your inputted Passwords don't match<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Email Account match or not.
            
    } elseif ($primary_website_email_account != $primary_website_email_account_confirmation) {
                echo 
    "Your inputted Email Accounts don't match!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Email Domain match or not.
            
    } elseif ($primary_website_email_domain != $primary_website_email_domain_confirmation) {
                echo 
    "Your inputted Email Domains don't match!<br>";
                echo 
    "Click the BACK button on your browser and try again!";
                
            
    // Check if both inputted Primary Website Email and Primary Website Domain match or not.
            
    } elseif ($primary_website_email_domain != $primary_website_domain) {
                echo 
    "Your Primary Website Domain ($primary_website_domain) and Primary Website Email's Domain (@$primary_website_email_domain) don't match!<br>";
                echo 
    "NOTE: Your inputted Email Address must belong to your Primary Website Domain \"$primary_website_domain\".<br>";
                echo 
    "Click the BACK button on your browser and try again!<br>";
                
            }
            else 
            {
                
    //2D. Check user inputs against DB.
                
                //Select Username, Primary Domain and Primary Domain Email to check against Mysql DB if they are already registered or not.
                
    $stmt mysqli_prepare($conn"SELECT username, primary_website_domain, primary_website_email FROM users WHERE username = ? OR primary_website_domain = ? OR primary_website_email = ?");
                
    mysqli_stmt_bind_param($stmt'sss'$username$primary_website_domain$primary_website_email);
                
    mysqli_stmt_execute($stmt);
                
    $result mysqli_stmt_bind_result($stmt$db_username$db_primary_website_domain$db_primary_website_email);    
                
    //$row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Use this line or next ?
                
    $row mysqli_stmt_fetch($stmt); //Use this line or previous ?    
        
                // Check if inputted Primary Website Domain Name is already registered or not.
                
    if ($row['primary_website_domain'] == $primary_website_domain) {
                    echo 
    "That domain name $primary_website_domain is already registered.<br>";
                    exit();
                
    //Check if inputted Username is already registered or not.
                
    } elseif ($row['username'] == $username) {
                    echo 
    "That username $username is already registered!<br>";
                    echo 
    "Click the BACK button on your browser and try again!";
                    exit();
                
    // Check if inputted Email is already registered or not.
                
    } elseif ($row['primary_website_email'] == $primary_website_email) {
                    echo 
    "That email $primary_website_email is already registered.<br>";
                    exit();
                }
                else 
                {
    //Step 3: Insert user's inputs into DB.

                    //Step 3A. Insert user's inputs into DB using php's sql injection prevention method "Prepared Statements".
                    
    $stmt mysqli_prepare($conn"INSERT INTO users(username, password, primary_website_domain, primary_website_email, first_name, middle_name, surname, gender, working_status, account_activation_status, account_activation_code) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
                    
    mysqli_stmt_bind_param($stmt'ssssssssssi'$username$hashed_password$primary_website_domain$primary_website_email$first_name$middle_name$surname$gender$working_status$account_activation_status$account_activation_code);
                    
    mysqli_stmt_execute($stmt);
                
                    
    //Step 3B. Check whether user's registration data was successfully submitted or not.
                    
    if (!$stmt)
                    {
                        echo 
    "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time.";
                        exit();
                    }
                    else 
                    {
                        
    $account_name "$username";
                        
    //Step 3C. Email user their account activation link for them to click to confirm their Email Address and activate their new Account.

                        
    $headers "From: " $site_admin_email "\r\n";
                        
    //More headers
                        //Always set content-type when sending HTML email
                        
    $headers "MIME-Version: 1.0" "\r\n";
                        
    $headers .= "Content-type:text/html;charset=UTF-9" "\r\n";
                        
                        
    $to "$primary_website_email";
                        
    $subject "Your Following Browser account activation details!";
                        
    $body  "".$first_name." ".$surname.",
                        <html>
                        <head>
                        <title>Activation Link</title>
                        </head>
                        <body>
                        You need to click on the following link <a href="
    .$account_activation_link.">.$account_activation_link.</a> to activate your account.
                        </body>
                        </html>"
    ;
                        
                        if (!
    mail($to,$subject,$body,$headers)) 
                        {
                            
    //Alert user System Error. System unable to email the Account Activation Link.
                            
    echo "Sorry! We have failed to email you your account activation details. Please contact the website administrator!";
                            exit();
                        }
                        else
                        {
                            
    //Alert user System Success. System was able to email the Account Activation Link.
                            
    echo "<h3 style='text-align:center'>Thank you for your registration!</h3><br>";
                            echo 
    "Now, check your email \"$primary_website_email\" for details on how to activate your new account \"$account_name\" which you just registered.";
                            exit();
                        }
                    }
                }
            }
        }
    }

    ?>

    <!DOCTYPE html>
    <html>
        <head>
            <title><?php $social_network_name ?> Signup Page</title>
        </head>
    <body>
    <div class ="container">

    <?php 
    // Error Messages.
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php 
    //Session Messages.
    if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php 
    //Clear Registration Session.
    function clear_registration_session()
        {
            
    //Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
            
    unset($_SESSION['message']);
            unset(
    $_SESSION['error']);
            unset(
    $_POST);
            exit();
        }
    ?>

    <p align="left"><font color="red" size="3"><b>Already have an account ? </b><a href="login.php">Login here!</a></font></p>
    <form method="post" action="">
        <p align="left"><h2>Signup Form</h2></p>
        <fieldset>
        <div class="form-group">
            <p align="left"><label>* Username:</label>
            <input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Password:</label>
            <input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Repeat Password:</label>
            <input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Primary Website Domain:</label>
            <input type="primary_domain" placeholder="Enter your Primary Website Domain" name="primary_website_domain" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_domain'])) { echo htmlentities($_POST['primary_website_domain']); }?>">
        <font color="red" size="1"><b> Don't have a Domain ? </b><a href="domain_register.php">Register one here!</a></font></p>
        </div>
            <div class="form-group">
            <p align="left"><label>* Email Account:</label>
            <input type="text" placeholder="Enter your Email Account name (first part before @)" name="primary_website_email_account" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_account'])) { echo htmlentities($_POST['primary_website_email_account']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Repeat Email Account:</label>
            <input type="text" placeholder="Repeat your Email Account name (first part before @)" name="primary_website_email_account_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_account_confirmation'])) { echo htmlentities($_POST['primary_website_email_account_confirmation']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Email Address Domain:</label>
            <input type="text" placeholder="Enter your Email Account Domain (last part after @)" name="primary_website_email_domain" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_domain'])) { echo htmlentities($_POST['primary_website_email_domain']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Repeat Email Address Domain:</label>
            <input type="text" placeholder="Repeat your Email Account Domain (last part after @)" name="primary_website_email_domain_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_domain_confirmation'])) { echo htmlentities($_POST['primary_website_email_domain_confirmation']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* First Name:</label>
            <input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>Middle Name:</label>
            <input type="text" placeholder="Enter your Middle Name" name="middle_name" required [A-Za-z] value="<?php if(isset($_POST['middle_name'])) { echo htmlentities($_POST['middle_name']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Surname:</label>
            <input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Gender:</label>
            <input type="radio" name="gender" value="Male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="Female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Working Status:</label>
            <input type="radio" name="working_status" value="Selfemployed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Selfemployed<input type="radio" name="working_status" value="Employed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Employed<input type="radio" name="working_status" value="Unemployed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Unemployed</p>
        </div>
        <div class="form-group">
            <p align="left"><label>* Agree to Terms & Conditions ?:</label>
            <input type="radio" name="agree_to_tos" value="yes" <?php if(isset($_POST['tos'])) { echo 'checked'; }?> required>Yes
            <input type="radio" name="agree_to_tos" value="no" <?php if(isset($_POST['tos'])) { echo 'checked'; }?> required>No
        </div>
        </fieldset>
            <p align="left"><button type="submit" class="btn btn-default" name="submit">Register!</button></p>
    </form>
        <p align="left"><font color="red" size="3"><b>Already have an account ? </b><a href="login.php">Login here!</a></font></p>
    </body>
    </html>

    activate_account.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    //Step 1: Check whether URL is in the GET Method or not.

    //Perform following actions if Url is not in the GET Method and does not contain user Email and Account Activation Code.
    if (!isset($_GET["primary_website_email"], $_GET["account_activation_code"]) === TRUE)
    {
        
    $primary_website_email htmlspecialchars($_GET['primary_website_email']);
        
    $account_activation_code htmlspecialchars($_GET['account_activation_code']);
        
    //Give user alert the Account Activation Link is Invalid.
        
    echo "Invalid Account Activation Link! Try registering for an account if you do not already have one! <a href=\"http://loudgobs.com/following_browser/register.php\">Register here!</a>";
        exit();

    else 
    {
    //Step 2: Check user submitted details.    
        
        //2A. Check user inputs against DB.            
        //Select Username, Primary Domain and Primary Domain Email to check against DB if they are pending registration or not.    
        
    $stmt mysqli_prepare($conn"SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?");
        
    mysqli_stmt_bind_param($stmt'si'$_GET["primary_website_email"],  $_GET["account_activation_code"]);
        
    mysqli_stmt_bind_result($stmt$username$account_activation_status);

        
    //Perform following if Account Activation Link was valid (Correctly had the registered email and Account Activation Code associated with it).
        
    if (mysqli_stmt_execute($stmt) && mysqli_stmt_fetch($stmt))
        {
            
    //Perform following if Account Activation Status is not on "0" (Account Activation Pending) on DB.
            
    if ($account_activation_status 1)
            {
                
    //Give user alert Account already activated.
                
    echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
                exit;
            }
            else
            {
                
    //Set Account Activation Status to 1 (1 = "Account Activated" and 0 = "Activation Pending") on DB.
                
    $account_activation_status 1;
                
    $stmt mysqli_prepare($conn"UPDATE users SET account_activation_status = ? WHERE username = ?");
                
    mysqli_stmt_bind_param($stmt'is'$account_activation_status$username);
                if (
    mysqli_stmt_execute($stmt))
                {
                    
    //Give user alert Account has now been activated.
                    
    echo "<h3 style='text-align:center'>Thank you for confirming your email \"$primary_website_email\" and activating your account $username.<br /> Redirecting you to the login page ...</h3>";
                    exit;
                }
            }
        } 
        else 
        {
            
    //Perform following if Primary Website Email and/or Account Activation Code is not Pending Registration.
            
    $primary_website_email htmlspecialchars($_GET['primary_website_email']);
            
    $account_activation_code htmlspecialchars($_GET['account_activation_code']);
            
            
    //Give user alert the Email Address and/or the Account Activation Code in the Account Activation Link is Invalid or the Account Activation Link is out of date (Email no longer registered).
            
    echo "Either this Email Address $primary_website_email was not pending registration with this Account Activation Code $account_activation_code or one or both of them are invalid! Or, the Account Activation Link is out of date (Email no longer registered)
            Try registering an account if you have not already done so! <a href=\"http://loudgobs.com/following_browser/register.php\">Register here!</a>"
    ;
            exit;
        }
    }

    login.php
    PHP Code:
    <?php 

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    //Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
    if (is_logged
    {
        
    //Redirect User to homepage after 2 secs.
        
    header("refresh:5;url=home.php");
        exit;
    }
    else 
    {
    //Perform following actions after Log-in button is clicked.

    //Step 2: Check user submitted details.    
        
        //2A. Check whether user made all the required inputs or not.
        
    if (isset($_POST["login_username_domain_or_email"]) && isset($_POST["login_password"]))
        {
            
    //2B. Create variables based on user inputs.
            
    $username_domain_or_email trim($_POST["login_username_domain_or_email"]);
            
    $password $_POST["login_password"];
            
    //Step 3: Check whether user inputted Domain/Email/Username exists in DB or not. User already registered or not.

            //3A. Check whether "username_domain_or_email" field contains an Email Address or not.
            
    if(strpos("username_domain_or_email""@"))
            {
                
    $primary_website_email $username_domain_or_email;
            
                
    $query "SELECT id, username, password, primary_website_domain, primary_website_email, account_activation_status FROM users WHERE primary_website_email = ?";
                
    $stmt mysqli_prepare($conn$query);
                
    mysqli_stmt_bind_param($stmt's'$primary_website_email);
                
    mysqli_stmt_execute($stmt);
                
    //mysqli_stmt_get_result($stmt); // Use this line or next ?
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_primary_website_domain$db_primary_website_email$db_account_activation_status); // Use this line or previous ?
            
    }
            
    //3B. Check whether "username_domain_or_email" field contains a Domain Name or not.
            
    elseif(strpos("username_domain_or_email""."))
            {
                
    $primary_website_domain $username_domain_or_email;
                    
                
    $query "SELECT id, username, password, primary_website_domain, primary_website_email, account_activation_status FROM users WHERE primary_website_domain = ?";
                
    $stmt mysqli_prepare($conn$query);
                
    mysqli_stmt_bind_param($stmt's'$primary_website_domain);
                
    mysqli_stmt_execute($stmt);
                
    //mysqli_stmt_get_result($stmt); // Use this line or next ?
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_primary_website_domain$db_primary_website_email$db_account_activation_status); // Use this line or previous ?
            
    }
            else 
            {
                
    //3C. At this point in the condition, assume "username_domain_or_email" field contains a Username and not a Domain Name or Email Address.
                
    $username $username_domain_or_email;
            
    //Step 4: Check user inputs against DB.
                
                //4A. Select Username, Primary Domain and Primary Domain Email to check against Mysql DB if they are already registered or not.
                
    $query "SELECT id, username, password, primary_website_domain, primary_website_email, account_activation_status FROM users WHERE username = ?";
                
    $stmt mysqli_prepare($conn$query);
                
    mysqli_stmt_bind_param($stmt's'$username);
                
    mysqli_stmt_execute($stmt);
                
    //mysqli_stmt_get_result($stmt); // Use this line or next ?
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_primary_website_domain$db_primary_website_email$db_account_activation_status); // Use this line or previous ?
            
    }    
            
    $row mysqli_stmt_fetch($stmt);
            
    mysqli_stmt_close($stmt);
            
    //Verify user inputted Password.
            
    if (!password_verify($password$db_password))
            {
                
    //Alert user password is incorrect.
                
    echo "Incorrect log-in details!<br>";
                exit();
            }
            else
            {
    //Step 5: Check whether user has activated their account or not.
                
    if (!$db_account_activation_status == 1)
                {
                    
    //Alert user to activate their account.
                    
    echo "You still have not activated your account yet!<br>
                    Do so by clicking the link emailed to you at: 
    $db_primary_website_email<br>";
                    exit();    
                }
    //Step 6: Forward user to their account homepage.
                
    $_SESSION["user"] = $db_username;
                
    $user $_SESSION["user"];
                
    header("location:home.php?user=$user");
            }
        }
    }

    ?>

    <!DOCTYPE html>
    <html>
    <head>
    <title><?php $site_name ?> Member Login Page</title>
        <meta charset="utf-8">
    </head>
    <body>
    <p align="left"><font color="red" size="3"><b>Don't have an account ? </b><a href="register.php">Register here!</a></font></p>
    <form method = "post" action="">
        <h3>Member Login</h3>
        <fieldset>
            <label for="login_name">Username/Domain/Email:</label>
            <input type="text" name="login_username_domain_or_email" id="login_name" value="">
            <br>
            <label for="login_password">Password:</label>
            <input type="password" name="login_password" id="login_pass" value="">
        </fieldset>
        <div class="SubmitsAndHiddens">
            <label for="login_remember">Remember Log-in Details:</label>
            <input type="checkbox" name="login_remember" id="login_remember" />
            <br>
            <button type="submit">Log-in</button>
            <br>
        </div>
    </form>
    <p align="left"><a href="login_password_reset.php">Forgot your password ? Reset it here!</a></p>
    <p align="left"><font color="red" size="3"><b>Don't have an account ? </b><a href="register.php">Register here!</a></font></p>
    </body>
    </html>
    Thanks
    Last edited by UniqueIdeaMan; December 15th, 2017 at 10:47 AM.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Originally Posted by gw1500se
    You need to fix your typo for the formatting. Also you are still not handling SHA1 correctly.
    So, how should I handle it ?
    Column types VarChar(40), VarChar(160), Binary(40) all been tried and failed.
    Is Not BigInt Or VARCHAR (40) Not Big Enough To House sha1?
    Last edited by UniqueIdeaMan; December 15th, 2017 at 10:58 AM.
  22. #12
  23. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Location
    Worldwide
    Posts
    47
    Rep Power
    45
    You keep asking for improvements yet you don't make the changes you are told about. This pattern has been going on for at least a year now. I know full well you have been told many times on many forums by many programmers not to put variables in query's and to use prepared statements yet you are still doing it. You have posted another wall of code yet you didn't make all the changes I detailed. You are going to end up burning all your bridges for getting help.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Originally Posted by benanamen
    You keep asking for improvements yet you don't make the changes you are told about. This pattern has been going on for at least a year now. I know full well you have been told many times on many forums by many programmers not to put variables in query's and to use prepared statements yet you are still doing it. You have posted another wall of code yet you didn't make all the changes I detailed. You are going to end up burning all your bridges for getting help.
    I did make the changes you pointed out as much as it was possible. Which changes did I not make that you suggested ?
    On somethings I did not make change and I gave you reasons why (such as the change does not work on php 5). Actually, I did make the change and encountered error (on php 5 which I never would have encountered on php 7) and so reverted it back.
    I did use PREP STMNT. Where did I not use it ?
    I think you missed my post 9 which was a reply to your post.
    Last edited by UniqueIdeaMan; December 15th, 2017 at 12:49 PM.
  26. #14
  27. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Location
    Worldwide
    Posts
    47
    Rep Power
    45
    I didnt miss anything.

    PHP Code:
     $query mysqli_query($conn,"SELECT $field FROM users WHERE id = '$user_id'"); 
    You still have numerous trims instead of doing it once on the POST array, you still have the pointless issets, still creating variables for nothing.....

    Comments on this post

    • UniqueIdeaMan agrees : Guy noticed I lack PREP STMT on one of my files, which I very much overlooked!
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,459
    Rep Power
    653
    Originally Posted by UniqueIdeaMan
    So, how should I handle it ?
    Column types VarChar(40), VarChar(160), Binary(40) all been tried and failed.

    Exactly the way I've already explained. Obviously you either cannot read or don't want to learn. I said use Binary(20) and UNHEX.

    Comments on this post

    • benanamen agrees
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo