I'm currently writing a script that preforms basic user registration.
When the user arrives on the landing page, I have a JS script that identifies their email from the URL and fills it in the email input box (which is disabled). After, the user just needs to put in their password to create an account. However, PHP throws the error "Email is required" even though it's been filled by the JS script.
I've tried to change the status of the input box to disabled to enabled which doesn't do much to help. I've attached the files involved in the process below. Any help would be greatly appreciated.
fillEmail.js
$(document).ready(function() {
var link = window.location.href;
var emailIndex = link.indexOf("email");
if(emailIndex != -1) {
link = link.substring(emailIndex + 6);
} else {
link = "";
}
document.getElementById("email").value = link;
//$('#email').attr('disabled', 'disabled');});
register.php
<?php include('server.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div hidden class="input-group">
<label>Username</label>
<input type="text" name="username" value="user">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" id="email" value="<?php echo $email; ?>" disabled>
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
</form>
</body>
<script
src="https://code.jquery.com/jquery-3.4.1.js"
integrity="sha256-WpOohJOqMqqyKL9FccASB9O0KwACQJpFTUBLTYOVvVU="
crossorigin="anonymous">
</script>
<script type='text/javascript' src="fillEmail.js"></script>
</html>
server.php
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
?>
I'm fairly new to PHP so any help would be greatly appreciated. Thanks so much in advance!
As per my comment, you can simply use readonly instead of disabled to achieve a similar effect. Also please use prepared statements to protect against SQL injection. mysqli_real_escape_string is not enough