MySQL only registering the first user

73 views Asked by At

I have been on this for hours, here is my code, and its supposed to register a user so that they can later login into the app. The code works fine on all angles but, one I register a user, it won't let me register the second user. Can someone help me if possible to find why?

<?php
header('Access-Control-Allow-Origin: *');
header("Cache-Control: cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 2097 05:00:00 GMT"); // Date in the future

function getConnection() {
    $dbhost="localhost";
    $dbuser="root";
    $dbpass="";
    $dbname="cybank";
    $dbh = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    return $dbh;
}

    try {
        $conn = getConnection();

        // Account Number Login
        $aclenth       = 8;
        $accountNumber = substr( str_shuffle( md5( time() ) ), 0, $aclenth );
        $accountNumber = 'CYB-' . strtoupper( $accountNumber );

        //Pin Logic
        $regpin = rand ( 1111 , 9999 );

        //Reg date logic
        $regdate = date('Y-m-d');

        $account_id = $accountNumber;
        $device_uuid = $_POST['reguuid'];
        $name_first = $_POST['regfname'];
        $name_last = $_POST['reglname'];
        $gender = $_POST['reggender'];
        $username = $_POST['regusername'];
        $password = $_POST['regpassword'];
        $pin = $regpin;
        $email = $_POST['regemail'];
        $do_birth = $_POST['regdob'];
        $do_reg = $regdate;
        $address_1 = $_POST['regaddress'];
        $city = $_POST['regcity'];
        $country = $_POST['regcountry'];
        $phone_home = $_POST['regphonehome'];
        $phone_mobile = $_POST['regphonemobile'];
        $last_login_date = '';
        $account_status = 'Active';
        $emailVerified = '0';

        $cost = 10;
        $salt = strtr( base64_encode( mcrypt_create_iv( 16, MCRYPT_DEV_URANDOM ) ), '+', '.' );
        $salt = sprintf( "$2a$%02d$", $cost ) . $salt;
        $hash = crypt( $password, $salt );

        // Create token to verify with
        $tokenVerify = bin2hex(openssl_random_pseudo_bytes(16));

        // set the PDO error mode to exception
        $conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
        $sql = "INSERT INTO cy_user_accounts (account_id,device_uuid,name_first,name_last,gender,username,password,pin,email,do_birth,do_reg,address_1,city,country,phone_home,phone_mobile,last_login_date,account_status,emailVerified,tokenClient,tokenAdmin,tokenExpires,tokenVerify) VALUES ('$account_id','$device_uuid','$name_first','$name_last','$gender','$username','$hash','$pin','$email','$do_birth','$do_reg','$address_1','$city','$country','$phone_home','$phone_mobile','$last_login_date','$account_status','$emailVerified','','','','$tokenVerify')";

        $conn->exec( $sql );

    } catch ( PDOException $e ) {
        echo $sql . "<br>" . $e->getMessage();
    }

    $conn = null;

?>

Here is the Mysql table in question:

            CREATE TABLE IF NOT EXISTS `cy_user_accounts` (
            `id` int(11) NOT NULL,
              `account_id` varchar(255) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `device_uuid` varchar(255) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `name_first` varchar(150) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `name_last` varchar(150) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `gender` varchar(20) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `username` varchar(255) NOT NULL,
              `password` varchar(255) NOT NULL,
              `pin` int(10) NOT NULL,
              `email` varchar(250) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `do_birth` date NOT NULL,
              `do_reg` date NOT NULL,
              `address_1` varchar(255) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `city` varchar(150) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `country` varchar(65) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `phone_home` varchar(50) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `phone_mobile` varchar(50) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
              `last_login_date` datetime NOT NULL,
              `account_status` varchar(100) NOT NULL,
              `emailVerified` int(11) NOT NULL,
              `tokenClient` varchar(255) NOT NULL,
              `tokenAdmin` varchar(255) NOT NULL,
              `tokenExpires` date NOT NULL,
              `tokenVerify` varchar(255) NOT NULL
            ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;    
1

There are 1 answers

2
symcbean On BEST ANSWER

This should be a comment, but its a bit long....

header("Cache-Control: cache, must-revalidate"); // HTTP/1.1

Should be....

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1

And...

$sql = "INSERT INTO cy_user_accounts
(account_id,device_uuid,name_first,name_last,gender,
username,password,pin,email,do_birth,do_reg,
address_1,city,country,phone_home,phone_mobile,last_login_date,
 account_status,emailVerified,tokenClient,tokenAdmin,
tokenExpires,tokenVerify) 
VALUES
 ('$account_id','$device_uuid','$name_first','$name_last','$gender',
'$username','$hash','$pin','$email','$do_birth','$do_reg',
'$address_1','$city','$country','$phone_home','$phone_mobile','$last_login_date',
'$account_status','$emailVerified','','','','$tokenVerify')";

Is rather remarkable - you've managed to write a script with pdo which is vulnerable to SQL injection.

$accountNumber = substr( str_shuffle( md5( time() ) ), 0, $aclenth );
    $accountNumber = 'CYB-' . strtoupper( $accountNumber );

This is a really horrible bit of code.

Your table has no primary key and the design looks silly in lots of other ways too. You might want to read up on database design.

It would be helpful if you explained why you can't register a second user. You should be polling for a pdo error. Hint: you've said Id must not be null but you don't set a value in the insert.

Until you've got the hang of programming, try working with much simpler structures/functionality and add a feature at a time testing as you go.