I have a simple function that creates an admin login. It checks if the password equals the confirmed password. What happens though is when you type the confirm password wrong and it'll say the passwords do not match, when you type the correct confirmed password, it'll go through and create the admin login and enter in the mysql table twice...if I end up putting the password and confirmed password in correctly only once, it'll go through and insert into the table once. What is going on?
My Jquery:
$('#create_adminForm').submit(function() {
$(this).on('valid.fndtn.abide', function() {
var str = $(this).serialize();
$('#createResponse').html('Please wait...');
$.ajax({
type: "POST",
url: "inc/functions.inc.php?action=createAdmin",
data: str,
success: function(data){ // if success then generate the div and append the the following
if(data == "false confirm") {
//if passwords do not match
$('#createResponse').html('Passwords do not match!');
$('.login-box').effect( "shake" );
}
if(data == "created") {
//else - the account is created! verification email has sent
$('#createResponse').html('Account created!');
$('#general_modal').foundation('reveal', 'open');
$('#insertModalHeader').html('Account Created');
$('#modalContent').html('Admin Account has been created! Please check your email to activate the account. <br><Br> You will be now redirected to the login page...');
}
},
error: function(jqXHR, status, error) { //this is to check if there is any error
alert("status: " + status + " message: " + error);
}
});
});
});
My php:
if($_GET['action'] == "createAdmin") {
$email = filter_input(INPUT_POST, 'email');
$username = filter_input(INPUT_POST, 'username');
$password = filter_input(INPUT_POST, 'password');
$confirm = filter_input(INPUT_POST, 'confirm_password');
$current_date = date("Y-m-d h:i:s a");
$microTime = microtime();
if($password == $confirm) {
$hash_pass = crypt($password .$microTime);
$pass_crypt = crypt($password); // let the salt be automatically generated
$statement_insertAdmin = $conn->prepare("INSERT INTO admin_login(username, password, email, created_date, hash)
VALUES(:user, :pass, :email, :created, :hash)");
$statement_insertAdmin->execute(array(
"user" => $username,
"pass" => $pass_crypt,
"email" => $email,
"created" => $current_date,
"hash" => $hash_pass
));
//send verification email with hash
$to = $email;
$subject = "Admin Account Created";
$htmlbody = 'Please click the link below to activate your admin account! <br><Br>
<a href=\'http://www.companyname.com/admin/activate.php? a=1&h='.$hash.'\'>
Activate Now </a>
';
$headers = "MIME-Version: 1.0" . "
";
$headers .= "Content-type:text/html;charset=UTF-8" . "
";
// More headers
$headers .= 'From: Company Name<email@email.com>';
mail($to,$subject,$htmlbody,$headers);
echo "created";
}
else {
echo 'false confirm';
}
}