I'm working on a register form, for my website.
<?php
include('config.php');
if(isset($_SESSION['username'])) {
header('Location:index.php');
}
if(isset($_POST['submit-registerform'])) {
Register();
}
function Register() {
if(!empty($_POST['username']) &&
!empty($_POST['password']) &&
!empty($_POST['lastname']) &&
!empty($_POST['email'])) {
// Database Connection:
require('config.php');
$MyConnection = new PDO('mysql:host=x;dbname=x', $dbusername, $dbpassword);
$MyConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Information from user:
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$lastname = htmlspecialchars($_POST['lastname']);
$email = htmlspecialchars($_POST['email']);
// Hashing the password:
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("$2a$%02d$", $cost) . $salt;
$hash = crypt($password, $salt);
// Check if username already exists in the database:
$findUser = $MyConnection->prepare("SELECT Username FROM Users WHERE Username = :username OR Email = :email");
$findUser->bindParam(':username', $username);
$findUser->bindParam(':email', $email);
$findUser->execute();
$foundUser = $findUser->fetch(PDO::FETCH_OBJ);
if($username == $foundUser->Username) {
echo '
<div id="pop-up">
This username is already in use. Please choose another one.
</div>
';
}
elseif($email == $foundUser->Email) {
echo '
<div id="pop-up">
This email address is already in use. Please sign up with a different one. <br />
If this is impossible, please <a href="contact.php">contact us</a>.
</div>
';
}
else {
// Store information into the database:
$sql = $MyConnection->prepare("INSERT INTO Users (Username, Password, Lastname, Email)
VALUES (:username, :password, :lastname, :email");
$sql->bindParam(':username', $username);
$sql->bindParam(':password', $hash);
$sql->bindParam(':lastname', $lastname);
$sql->bindParam(':email', $email);
if($sql->execute()) {
echo '
<div id="pop-up">
Your account has succesfully been registered. You can start using it right away, by clicking
<a href="login.php">here</a>.
</div>
';
}
}
}
}
?>
When I fill in information in my form, and I already use a username that I have stored into my database, I get the right pop-up, displaying that that username is already in use. But when I fill in different information (with or without the same email address) I get sent to another webpage, which doesn't exist, so my hosts takes over and displays their error screen.
Does anybody know why it sends the visitor of the webpage to another page (that doesn't exist)?
Thanks in advance!