BD registration with pre-filled fields

0

I am creating a registration system on top of a system I found on the net. In my system there are only 2 fields email and password, and the password will already be pre-registered, thus only the user will have to fill in the email. I am having problems when I consult the database, because I can not feed this information in the email, it follows code where I have questions about how to do this query.

if (!$this->db_connection->connect_errno) {
// escaping, additionally removing everything that could be (html/javascript-) code
    $user_email = $this->db_connection->real_escape_string(strip_tags($_POST['user_email'], ENT_QUOTES));
    $user_password = $_POST['user_password_new'];

    $sql = "SELECT * FROM users WHERE user_pass = '" . $user_password . "';";
    $query_check_user_password = $this->db_connection->query($sql);

    if ($query_check_user_password->num_rows == 1) {
        // check if user or email address already exists
        $sql = "SELECT * FROM users WHERE user_email = '" . $user_email . "';";
        $query_check_user_name = $this->db_connection->query($sql);

        if ($query_check_user_name->num_rows == 1) {
            $this->errors[] = "Sorry, that email address is already taken.";
        } else {
            // write new user's data into database
            $sql = "INSERT INTO users (user_pass, user_email) VALUES('" . $user_password . "', '" . $user_email . "');";
            $query_new_user_insert = $this->db_connection->query($sql);

            // if user has been added successfully
            if ($query_new_user_insert) {
                $this->messages[] = "Your account has been created successfully. You can now log in.";
            } else {
                $this->errors[] = "Sorry, your registration failed. Please go back and try again.";
            }
        }
    }else {
        $this->errors[] = "Sorry, that password is invalid.";
    }
}
    
asked by anonymous 19.03.2014 / 18:14

1 answer

1

I do not know if I understood correctly, but if you just want to insert the email, it's like this:

 if (!$this->db_connection->connect_errno) {

    $user_email = $this->db_connection->real_escape_string(strip_tags($_POST['user_email'], ENT_QUOTES));
    $user_password = $_POST['user_password_new'];

    $sql = "SELECT * FROM users WHERE user_pass = '" . $user_password . "';";
    $query_check_user_password = $this->db_connection->query($sql);

    if ($query_check_user_password->num_rows == 1) {
        // check if user or email address already exists
        $sql = "SELECT * FROM users WHERE user_email = '" . $user_email . "';";
        $query_check_user_name = $this->db_connection->query($sql);

        if ($query_check_user_name->num_rows == 1) {
            $this->errors[] = "Sorry, that email address is already taken.";
        } else {
            // write new user's data into database
            $sql = "UPDATE users SET user_email = '". $user_email . "' WHERE user_pass = '". $user_password ."';";
            $query_new_user_insert = $this->db_connection->query($sql);

            // if user has been added successfully
            if ($query_new_user_insert) {
                $this->messages[] = "Your account has been created successfully. You can now log in.";
            } else {
                $this->errors[] = "Sorry, your registration failed. Please go back and try again.";
            }
        }
    }else {
        $this->errors[] = "Sorry, that password is invalid.";
    }
}
    
19.03.2014 / 18:23