CODEWITHSUNDEEP
php
Lucasirusta
Lucasirusta

Reputation: 15

Confirm password PHP

<?PHP
require_once('connect.php');
if(isset($_POST) & !empty($_POST)){
  $username = $_POST['username'];
  $password = $_POST['password'];

  $sql = "INSERT INTO login (username, password) VALUES ('$username', 
'$password')";
  $result = mysqli_query($connection, $sql);

  if ($result){
    $smsg = "User Registration successful, Redirecting to Login."; 
  } else {
    $fmsg = "User Registation failed";
  }
}
?>

    <label for="inputEmail" class="sr-only">Email address</label>
    <input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address">

    <label for="inputPassword" class="sr-only">Password</label>
    <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password">

    <label for="inputPassword" class="sr-only">Password</label>
    <input type="password" name="cpassword" id="inputPassword" class="form-control" placeholder="Confirm password">
    <div id="Passwordsmatch">
    </div>  

    <button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
    <br>
    <p class="haveanacc">Already have an account? <a href="login.php">Login</a></p>
  </form>
</div>

I need password validation help ensure password === confirmpassword. How do I make the password field have to equal the confirm password field, or $fmsg / echo passwords do not match.

Tried a lot of different things nothing seems to work. I'm relatively new to PHP.

Upvotes: 0

Views: 2212

Answers (3)

Marius Bogdan
Marius Bogdan

Reputation: 434

Please be very careful with the syntax.

if ($a & $b) {
// is not equal to
if ($a && $b) 

// notice && vs &

First of all you need to sanitize your user input. What you do there it can be easily a sql injection security issue. There are tools that can provide you sanitization for user input but for this small example let's say that you only want alfa-numeric characters for username and password. You also may follow this tutorial here http://docs.kisphp.net/database-connect/ and use OOP

No special characters

<?php
// rest of the code here
function sanitize($input) // this should be in a different file
{
    return preg_replace('/([^a-zA-Z0-9]+)/', '', $input);
}

$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
$password_confirm = sanitize($_POST['password_confirm']);

if (strcmp($password, $password_confirm) !== 0) {
    die('Password do not match');
    // or add the message in flash session and redirect user
}

// if everything is fine
$sql = "INSERT INTO users SET ";
$sql .= sprintf("username = '%s', ", $username);
$sql .= sprintf("password = '%s'", md5($password));
// instead of md5 you can use some other algorithm

$result = mysqli_query($mysqli_connection, $sql) or die(mysqli_error($mysqli_connection));

if (mysqli_insert_id($mysqli_connection) > 0) {
    echo "Success";
    // make redirect here
} else {
    // display error here
}

I suggest you to use OOP as much as possible. There are ORMs out there that you can use successfully and will provide you more feedback than plain php. If you don't know how to do it, please follow the tutorial from the above url and it will make it more clear for you.

P.S. I am not using procedural approach so you might have some errors if you copy paste this code.

P.P.S

I see a lot of examples with comparison like this:

if ($a == $b)

DON'T DO THIS

If you run this code:

if ($any_string == 0) {
    echo "this will always be shown, no matter what you have in variable";
}

Use strcmp or ===.

Upvotes: 0

Faridul Khan
Faridul Khan

Reputation: 2007

Try this:

<?PHP
require_once('connect.php');
if(isset($_POST) & !empty($_POST)){
$username = $_POST['username'];
$password = $_POST['password'];

After then add

$cpassword = $_POST['cpassword'];
if($password == $capssword){

...... Your rest of the code

}

Upvotes: 2

hasnain
hasnain

Reputation: 137

Add One more field con_password. for password confirmation

if(isset($_POST)){
$username = $_POST['username'];
$password = $_POST['password'];
$con_password = $_POST['con_password'];
 if($password == $con_password){
$sql = "INSERT INTO login (username, password) VALUES ('$username', 
'$password')";
$result = mysqli_query($connection, $sql);
if ($result){
$smsg = "User Registration successful, Redirecting to Login."; 
} else {
$fmsg = "User Registation failed";`
}
}}

Upvotes: -1

Related Questions