I am trying to create a signup page on my website, and I have all of the filtering code done. So what I am trying to do in the following code is to make sure the username doesn't already exist in the database and proceed from there. The problem is this: I am doing a NOR operator with $error and $captchaError but even though when I print them, the values of both of them are false, the code in the if statement doesn't end up running and I seriously can't understand why. Here's the code:
<?php
$error = false;
$captchaError = false;
if($_POST) {
$username = $_POST["username"];
if (!preg_match("/^[0-9A-Za-z_]{3,16}+$/", $username)) {
$error = true;
}
$email = $_POST["email"];
if (!filter_var($email, FILTER_VALIDATE_EMAIL) || strlen($email) > 50) {
$error = true;
}
$password = $_POST["password"];
if(!preg_match("/^[-0-9A-Za-z!@#$%^&*_+=]{6,}+$/", $password)) {
$error = true;
}
$captcha = $_POST['g-recaptcha-response'];
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$SECRETKEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
if(!$captcha || $response['success'] == false) {
$captchaError = true;
}
if((!$error) && (!captchaError)) {
include("../res/db.php");
$prep = $conn->prepare("SELECT * FROM users WHERE name=?");
$prep->bind_param("s", $username);
$prep->execute();
$prep->store_result();
echo "why doesn't this run??";
var_dump($prep->num_rows);
}
}
?>
And this is the form:
<form method="POST" action="">
<?php if($error) { echo "<p class=\"text-danger text-center\">Error: Something went wrong while submitting your form</p>";}?>
<div class="form-group">
<h2 class="text-center">Username </h2>
<input value="<?php if($captchaError) {echo $username;}?>" class="form-control input-lg" pattern="[0-9A-Za-z_]{3,16}" title="You must use between 3 and 16 legal characters (0-9,a-z,A-Z and _)" type="text" name="username" maxlength="16" required>
</div>
<div class="form-group">
<h2 class="text-center">Email</h2>
<input value="<?php if($captchaError) {echo $email;}?>" class="form-control input-lg" type="email" name="email" maxlength="50" required>
</div>
<div class="form-group">
<h2 class="text-center">Password</h2>
<input class="form-control input-lg" type="password" name="password" pattern="[-0-9A-Za-z!@#$%^&*_+=]{6,}" title="You must use more than 6 legal characters (0-9,a-z,A-Z and !@#$%^&*_-+=)" required>
</div>
<div class="text-center">
<?php if($captchaError) { echo "<p class=\"text-danger text-center\">Error: You must fill out the captcha</p>";}?>
<div class="g-recaptcha" data-sitekey="{MYPUBLICKEY}"></div>
</div>
<div class="text-center">
<button type="submit" class="btn btn-primary btn-lg">Submit</button>
</div>
</form>
Remember, whenever I print the values of $error and $captchaError they are both false, which should make the if statement run, but for some reason it doesn't, why?
TL;DR: You are missing $ in captchaError.
The problem is that you are using
if((!$error) && (!captchaError)) {
// /\
Instead of
if((!$error) && (!$captchaError)) {
// /\
Take a look at a test:
$error = false;
$captchaError = false;
echo ((!$error) && (!$captchaError)) ? 'ok' : 'no';
echo PHP_EOL;
echo ((!$error) && (!captchaError)) ? 'ok' : 'no';
Will output:
ok
no
In some cases, it would even print:
Use of undefined constant captchaError - assumed 'captchaError' in [...]
Some people might think this a (arguably) better way of getting a nor test:
(! ($var1 || $var) )