I am trying to do a check on my database table.
It checks if, for a provided username, there exists an email address or password. In the event that either of them are present in the database for the provided username, the user is shown an error message and records are not altered.
Problem: However, for some reason my check only works if both, the password and email is present for the record (it does not display the error message if the email address is empty but password is not). Below is my code:
require ('core/dbcon.php');
$user = mysqli_real_escape_string($con, $_GET['user']);
$acc_status = mysqli_real_escape_string($con, $_GET['status']);
if(empty($_POST['form']) === false){
$usr_email = mysqli_real_escape_string($con, $_POST['email']);
$pwd = mysqli_real_escape_string($con, $_POST['password']);
$rpwd = mysqli_real_escape_string($con, $_POST['rpwd']);
$qry = mysqli_query($con, "SELECT * FROM users WHERE email='$usr_email'") or die(mysqli_error($con));
$usr_details = mysqli_fetch_assoc($qry);
if(empty($usr_details['email'])=== true && empty($usr_details['password'])=== true){
if(mysqli_num_rows($qry) == 0){
if($pwd && $rpwd && $usr_email){
if($pwd === $rpwd){
$pwd = md5($pwd);
$query = mysqli_query($con, "SELECT * FROM users WHERE username='$user' AND email='$usr_email'") or die(mysqli_error($con));
if (mysqli_num_rows($query)== 1){
//update database table
}else{
$errors[] = 'Error! Your details were not added to the system due to a technical error. Please contact the Admin.';
}
}else{
$errors[] = 'Please make sure that the password entered in both fields are the same.';
}
}else{
$errors[] = 'Please complete all fields marked with a red asterisk';
}
}else{
$errors[] = 'Error! <b>'.$usr_email.'</b> already existis in our system.';
}
}else{
$errors[] = 'Error! It looks like the username you have entered has been assigned an email address and password already.';
}
}
I have a record with username 'testuser', email 'test@email.com', and password 'password'. My check works fine as it stands, it displays the error "Error! It looks like the username you have entered has been assigned an email address and password already." However, when I delete the email address form the database it somehow assumes the following conditions have been met: if(empty($usr_details['email'])=== true && empty($usr_details['password'])=== true){ when empty($usr_details['password'])===false.
I have tried changing the logical operator from && to || but I get the same issue (as OR should accept one empty and one non-empty variable in the first place). Your assistance will be greatly appreciated.
