PHP MySQL Sign up with pre defined username and registration id

Question

I'm trying to make a website with a member section. To signup on the member section, you must already be in the database. You're given your username and password, then when you signup you can enter your email, address, and password.

So my problem is that I'm getting an error saying that the username or reg_id were incorrect, when I know that I am entering the correct info.

else {
    mysql_close($con);
    header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
}

Here is my Login Form:

<form action="function.php?signup" method="post">
  <table cellspacing="20" class="span12">
    <tr>
      <td>
        <input type="text" name="name" placeholder="Full Name">
      </td>
    </tr>
    <tr>
      <td>
        <input type="email" name="email" placeholder="Email">
      </td>
    </tr>
    <tr>
      <td>
        <input type="text" name="address" placeholder="Address">
      </td>
    </tr>
    <tr>
      <td>
        <input type="text" name="reg_id" placeholder="Your Registration ID">
      </td>
    </tr>
    <tr>
      <td>
        <input type="password" name="password" placeholder="Password">
      </td>
    </tr>
    <tr>
      <td>
        <input type="submit" placeholder="Confirm Signup" value="Confirm Signup">
      </td>
    </tr>
  </table>
</form>

On the function.php I have a bunch of different functions etc. but the one for the signup form is:

elseif (isset($_GET['signup'])) {

  $username = $_POST['username'];
  $reg_id   = $_POST['reg_id'];

  $qry = mysql_query("
    SELECT *
    FROM users
    WHERE username = '$username'
      AND registration_id = '$reg_id' ", $con);

  if (!$qry) {
    mysql_close($con);
    die("Query Failed: " . mysql_error());
  } else {
    $row = mysql_fetch_array($qry);
  }

  if ($_POST['username'] == $row["username"] && $_POST['reg_id'] == $row["registration_id"]) {
    $password = $_POST['password'];
    $email    = $_POST['email'];
    $address  = $_POST['address'];

    $qry = mysql_query("
      INSERT INTO users
        (password, profile_email, profile_address)
      VALUES ('$password', '$email', '$address')", $con);

    if (!$qry) {
      die("Query Failed: " . mysql_error());
    } else {
      header('location: index.php?success-msg=You have successfully signed up');
    }
  }

  else {
    mysql_close($con);
    header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");
  }

}

I'm not sure what I messed up on, or if I even did that right, as I am still learning. I would like to thank anyone who helps me in advance, all help is much appreciated.

-James

Answer 1

you could use something like this :

if (isset($_GET['signup'])){//if

    $username = $_POST['name'];
    $reg_id = $_POST['reg_id'];

    $qry = mysql_query("SELECT * FROM users WHERE username='$username' AND registration_id='$reg_id'", $con) or die(mysql_error());
    $row=mysql_num_rows($qry);

    if($row == '1'){ ///if regcode exists
    ////insert into database
    $password = $_POST['password'];
    $email = $_POST['email'];
    $address = $_POST['address'];

    $qry2 = mysql_query("INSERT INTO
            users(password,profile_email,profile_address)
            VALUES ('$password','$email','$address')", $con) or die(mysql_error());
    header('location: index.php?success-msg=You have successfully signed up');

    }///if regcode exists
    else{
      ///didn't find the reg id
      header("location: index.php?signup&error-msg=Incorrect Username or Registration ID.");

    }


    }//if

Answer 2

Use update instead of INSERT. Following is the corrected PATCH:

$qry = mysql_query("UPDATE users SET password='$password',profile_email='$email',profile_address='$address' 
        WHERE registration_id='$reg_id'");

Answer 3

$_POST['username'] should be $_POST['name'] accoding to HTML form.