Right now I am trying to set up a user registration page, and I've been having trouble with verifying that the e-mail is not already in use. I figured all I had to do was make a query to my database to check and see if the e-mail was already in use. This seems pretty straight forward, so I don't know why it's giving me such a problem.
I've read several posts, and tried several approaches with PDO and mysqli, but I have still yet to get this script to function properly. Any help would be greatly appreciated.
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password'])&& !empty($_POST['firstname'])&& !empty($_POST['lastname'])&& !empty($_POST['phone'])&& !empty($_POST['address'])&& !empty($_POST['city'])&& !empty($_POST['zip'])):
//check to see if e-mail is already being used
//This method always says that the email is already in use, even if I am entering a new one.
/*
$records = $conn->prepare('SELECT * FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if( count($results) > 0){
$message = "Sorry, that E-mail address is already registered to an account.";
}
*/
//this one never says that the email is in use.
/*
$email = $_POST['email'];
$query = mysqli_query($conn, "SELECT * FROM users WHERE email='".$email."'");
if(mysqli_num_rows($query) > 0){
$message = "Sorry, that E-mail address is already registered to an account.";
}
*/
//this was the last method I tried, and it also never says that the email is in use.
try{
$stmt2 = $conn->prepare('SELECT `email` FROM `user` WHERE email = ?');
$stmt2->bindParam(1, $_POST['email']);
$stmt2->execute();
while($row = $stmt2->fetch(PDO::FETCH_ASSOC)) {
}
}
catch(PDOException $e){
echo 'ERROR: ' . $e->getMessage();
}
if($stmt2->rowCount() > 0){
//echo "The record exists!";
$message = "Sorry, that E-mail address is already registered to an account.";
}
else{
// Enter the new user in the database
$sql = "INSERT INTO users (email, password, firstname, lastname, phone, address, city, zip) VALUES (:email, :password, :firstname, :lastname, :phone, :address, :city, :zip)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':firstname', $_POST['firstname']);
$stmt->bindParam(':lastname', $_POST['lastname']);
$stmt->bindParam(':phone', $_POST['phone']);
$stmt->bindParam(':address', $_POST['address']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':zip', $_POST['zip']);
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
}
endif;
?>