HabboPixel - Login/Register Help

xXMufaisaXx

xXMufaisaXx

Member
Apr 8, 2018
90
13
So I took that HabboPixel cms release and ive been working on it. Ive already fixed everything up including login but I cant seem to figure out what im doing wrong with register, Any help would be very much appreciated.
It says register successful but isnt inserting data.

Snip of reg form:
Code: 
<form id="form" method="post" action="<?= URL; ?>/app/signup.php">
                            <div id="response"></div>
                            <input type="text" id="guideUsername" name="username" value="" class="form-control input" placeholder="Username">
                            <input type="mail" id="guideEmail" name="email" value="" class="form-control input" placeholder="Email">
                            <input type="password" id="guidePassword" name="password" class="form-control input" placeholder="Password">
                            <input type="password" id="guideRePassword" name="password_confirmation" class="form-control input" placeholder="Confirm Password">
                            <button type="submit" class="btn btn-signup">Register</button>
                        </form>

Snip of signup(submit):
Code: 
<?php
require '../global.php';
$pdo = New Database();
$account->IPisBanned($_SERVER['REMOTE_ADDR']);
$account->isConnected();
ini_set('display_errors', 1);
if(!empty($_POST['username']) AND !empty($_POST['email']) AND !empty($_POST['password']) AND !empty($_POST['password_confirmation'])) {
    $bdd = $pdo->query('SELECT id FROM users WHERE username = ?', [$core->F_HTML($_POST['username'])]);
    if($bdd->rowCount() == 0) {
          if(preg_match('`^([a-zA-Z0-9-=?!@]{3,15})$`', $core->F_HTML($_POST['username']))) {
            $bdd2 = $pdo->query('SELECT id FROM users WHERE mail = ?', [$core->F_HTML($_POST['email'])]);
            if($bdd2->rowCount() == 0) {
                if(filter_var($core->F_HTML($_POST['email']), FILTER_VALIDATE_EMAIL)) {
                      if($_POST['password'] == $_POST['password_confirmation']) {
                        if(strlen($_POST['password']) >= 6 AND strlen($_POST['password_confirmation']) >= 6) {
                            $bdd3 = $pdo->query('INSERT INTO users (username, password, mail, credits, vip_points, activity_points, look, motto, account_created, ip_reg) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', [$core->F_HTML($_POST['username']), $core->C_PASS($_POST['password']), $core->F_HTML($_POST['email']), "0", "0", "0", "ch-235-92.sh-295-92.hr-3163-61.hd-180-1.lg-275-92", "Nouveau !", time(), $_SERVER['REMOTE_ADDR']]);
                            $_SESSION['id'] = $pdo->lastInsertId();
                            echo 'success';
                        } else {
                            echo 'Passwords do not match.';
                        }
                    } else {
                        echo 'Your password must contain more than 6 characters.';
                    }
                } else {
                    echo 'Your email address is not valid.';
                }
            } else {
                echo 'This email address is already taken.';
            }
        } else {
            echo 'Username is not valid.';
        }
    } else {
        echo 'This username is already taken.';
    }
} else {
    echo 'Please fill out all fields.';
}
?>

Thank you all in advance (Y)
 
Sort by date Sort by votes
Higoka

Higoka

Active Member
Dec 16, 2018
174
74
enable error reporting and look if any errors get logged

also use prepared statements:
Code: 
$query = $pdo->prepare(...);
$query->execute([$_POST['username'], ...]);
 
Upvote 0 Downvote
xXMufaisaXx

xXMufaisaXx

Member
Apr 8, 2018
90
13
Higoka said:
it could be because the ip_last also needs to have a value. you only have ip_reg
Click to expand...
Thank u ill check real quick. So i should do ip_reg and ip_last?
Post automatically merged:

Ive tried adding ip_reg and ip_last. Still nothing. No errors either.
 
Last edited:
Upvote 0 Downvote
Higoka

Higoka

Active Member
Dec 16, 2018
174
74
if you look at the PDO::query description:
PHP: 
public PDO::query ( string $statement ) : PDOStatement
you see that it doesn't allow more than 1 argument.

in your code however:
$bdd3 = $pdo->query('INSERT INTO users (username, password, mail, credits, vip_points, activity_points, look, motto, account_created, ip_reg) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', [$core->F_HTML($_POST['username']), $core->C_PASS($_POST['password']), $core->F_HTML($_POST['email']), "0", "0", "0", "ch-235-92.sh-295-92.hr-3163-61.hd-180-1.lg-275-92", "Nouveau !", time(), $_SERVER['REMOTE_ADDR']]);

you have more than 1 argument so this is probably your problem why it doesn't execute the query.
try and change it to this:
PHP: 
$bdd3 = $pdo->prepare('INSERT INTO users (username, password, mail, credits, vip_points, activity_points, look, motto, account_created, ip_reg) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$bdd3->execute([$core->F_HTML($_POST['username']), $core->C_PASS($_POST['password']), $core->F_HTML($_POST['email']), "0", "0", "0", "ch-235-92.sh-295-92.hr-3163-61.hd-180-1.lg-275-92", "Nouveau !", time(), $_SERVER['REMOTE_ADDR']]);



and your SELECT statements also probably doesn't get executed:
PHP: 
$bdd = $pdo->query('SELECT id FROM users WHERE username = ?', [$core->F_HTML($_POST['username'])]);

$bdd2 = $pdo->query('SELECT id FROM users WHERE mail = ?', [$core->F_HTML($_POST['email'])]);

change to this:
PHP: 
$bdd = $pdo->prepare('SELECT id FROM users WHERE username = ?');
$bdd->execute([$core->F_HTML($_POST['username'])]);

$bdd2 = $pdo->prepare('SELECT id FROM users WHERE mail = ?');
$bdd2->execute([$core->F_HTML($_POST['email'])]);
 
Last edited:
Upvote 0 Downvote

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top