PHP signup form not working properly when checking password repeat

0
votes

When I attempt to test my signup errors, all of them work except for the password/password repeat as if I try to submit it into the data base, the page gives me errors

Notice: Undefined variable: stmt in C:\xampp\htdocs\Presence\includes\signup.inc.php on line 85

Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, null given in C:\xampp\htdocs\Presence\includes\signup.inc.php on line 85

my Signup PHP page code

<?php
    require "PresenceNavbar.php"
?>
<link href="css/SignUp.css" rel="stylesheet" type="text/css">
<body scroll="no" style="overflow: hidden">
    <main>
        <div>
            <section class ="SignupSheet">
                <img src="assets/Keyhole.png" width="130" class="avatar">
            <h1>Sign Up</h1>

                <?php
                    if (isset($_GET['error']))
                    {
                        if ($_GET['error'] == "emptyfields")
                        {
                            echo '<p class = "SS" id="SS">Fill in all fields!</p>';
                        }

                        else if ($_GET['error'] == "invaliduidmail")
                        {
                            echo '<p class = "SS" id="SS">Invalid username and e-mail!</p>';
                        }

                        else if ($_GET['error'] == "invaliduid")
                        {
                            echo '<p class = "SS" id="SS">Invalid username!</p>';
                        }

                        else if ($_GET['error'] == "invalidmail")
                        {
                            echo '<p class = "SS" id="SS">Invalid e-mail!</p>';
                        }

                        else if ($_GET['error'] == "passwordcheck")
                        {
                            echo '<p class = "SS" id="SS">Your passwords do not match!</p>';
                        }

                        else if ($_GET['error'] == "usertaken")
                        {
                            echo '<p class = "SS" id="SS">Username is already taken!</p>';
                        }

                    }

                ?>


            <form class="Ssheet" action="includes/signup.inc.php" method="post">
                <p>Username</p>
                <input type="text" name="uid" placeholder="Username">
                <p>E-mail</p>
                <input type="text" name="mail" placeholder="E-mail">
                <p>Password</p>
                <input type="password" name="pwd" placeholder="Password">
                <p>Repeat Password</p>
                <input type="password" name="pwd-repeat" placeholder="Repeat Password">
                <input type="submit" name="signup-submit" id="signup-submit" value="Sign Up">
            </form>
            </section>
        </div>

    </main>
</body>

My Signup.inc.php file

<?php

if (isset($_POST['signup-submit']))
{
    require 'dbh.inc.php';


    $username = $_POST['uid'];
    $email = $_POST['mail'];
    $password = $_POST['pwd'];
    $passwordRepeat = $_POST['pwd-repeat'];

    if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat))
    {

        header("Location: ../PresenceSignup.php?error=emptyfields&uid=".$username."&mail=".$email);
        exit();
    }

    else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username))
    {
        header("Location: ../PresenceSignup.php?error=invalidmailuid");
    }

    else if (!filter_var($email, FILTER_VALIDATE_EMAIL))
    {
        header("Location: ../PresenceSignup.php?error=invalidmail&uid=".$username);
        exit();
    }

    else if (!preg_match("/^[a-zA-Z0-9]*$/", $username))
    {
        header("Location: ../PresenceSignup.php?error=invaliduid&mail=".$email);
        exit();
    }
    else if ($password !== $passwordRepeat)
    {
        ("Location: ../PresenceSignup.php?error=passwordcheck&uid=".$username."&mail=".$email);
    }
    else
    {

        $sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
        $stmt = mysqli_stmt_init($conn);

        if (!mysqli_stmt_prepare($stmt, $sql))
        {
            header("Location: ../PresenceSignup.php?error=sqlerror");
            exit();
        }
        else
        {
            mysqli_stmt_bind_param($stmt, "s", $username);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
            $resultCheck = mysqli_stmt_num_rows($stmt);
            if ($resultCheck > 0 ) 
            {
                header("Location: ../PresenceSignup.php?error=usertaken&mail=".$email);
                exit();
            }
            else 
                {
                $sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql))
                {
                    header("Location: ../PresenceSignup.php?error=sqlerror");
                    exit();
                }
                else 
                {
                    $hashedPwd = password_hash($password, PASSWORD_DEFAULT);    

                    mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);    
                    mysqli_stmt_execute($stmt);
                    header("Location: ../PresenceLogin.php");
                    exit(); 

                }
            }
        }   

    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);
}
else
{
    header("Location: ../PresenceSignup.php");
    exit();
}

edit I moved the mysqli_stmt_close($stmt); and mysqli_close($conn); to their correct positions but now it redirects me to my login.inc.php file with a blank page instead of staying on the same page and giving me the error output

1
php
mysqli_stmt_close($stmt); is outside of the else block where $stmt is defined - so if one of the other conditions is hit first that else is never reached and $stmt is an undefined variable. - CD001

1 Answers

0
votes

Change this part of code

 else
        {

            $sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
            $stmt = mysqli_stmt_init($conn);

            if (!mysqli_stmt_prepare($stmt, $sql))
            {
                header("Location: ../PresenceSignup.php?error=sqlerror");
                exit();
            }
            else
            {
                mysqli_stmt_bind_param($stmt, "s", $username);
                mysqli_stmt_execute($stmt);
                mysqli_stmt_store_result($stmt);
                $resultCheck = mysqli_stmt_num_rows($stmt);
                if ($resultCheck > 0 ) 
                {
                    header("Location: ../PresenceSignup.php?error=usertaken&mail=".$email);
                    exit();
                }
                else 
                    {
                    $sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
                    $stmt = mysqli_stmt_init($conn);
                    if (!mysqli_stmt_prepare($stmt, $sql))
                    {
                        header("Location: ../PresenceSignup.php?error=sqlerror");
                        exit();
                    }
                    else 
                    {
                        $hashedPwd = password_hash($password, PASSWORD_DEFAULT);    

                        mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);    
                        mysqli_stmt_execute($stmt);
                        header("Location: ../PresenceLogin.php");
                        exit(); 

                    }
                }
            }   

        mysqli_stmt_close($stmt);
        mysqli_close($conn);
        }

Your $smtp variable declaration is not in the same scope where you are calling, it needs to be within the ELSE condition