Error in simple PHP registration form / function

Question

I have the following PHP function that attempts to register a user in a database with a temporary password when they post an email adress via a form:

 public function registerNewUser() {

        $temp_pass = '';
        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $random_string_length=8;
        for ($i = 0; $i < $random_string_length; $i++) {
            $temp_pass .= $characters[rand(0, strlen($characters) - 1)];
        }

            if (empty($_POST['user_email'])) {

                $this->errors[] = FEEDBACK_EMAIL_FIELD_EMPTY;

            } elseif (strlen($_POST['user_email']) > 64) {

                $this->errors[] = FEEDBACK_EMAIL_TOO_LONG;

            } elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {     

                $this->errors[] = FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN;

} elseif (!empty($_POST['user_email'])
  && strlen($_POST['user_email']) <= 64
  && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {

    $this->user_email = htmlentities($_POST['user_email'], ENT_QUOTES);

    $this->user_password = $temp_pass;

    $this->hash_cost_factor = (defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null);
    $this->user_password_hash = password_hash($this->user_password, PASSWORD_DEFAULT, array('cost' => $this->hash_cost_factor));

    $sth = $this->db->prepare("SELECT * FROM users WHERE user_email = :user_email ;");
    $sth->execute(array(':user_email' => $this->user_email));

    $count =  $sth->rowCount();            

    if ($count == 1) {

        $this->errors[] = FEEDBACK_USEREMAIL_ALREADY_TAKEN;

    } else {

        $this->user_activation_hash = sha1(uniqid(mt_rand(), true));

        $sth = $this->db->prepare("INSERT INTO users (user_email, user_password_hash, user_activation_hash) VALUES(:user_email, :user_password_hash, :user_activation_hash) ;");
        $sth->execute(array(':user_email' => $this->user_email, ':user_password_hash' => $this->user_password_hash, ':user_activation_hash' => $this->user_activation_hash));                    

        $count =  $sth->rowCount();

        if ($count == 1) {

            $this->user_id = $this->db->lastInsertId();                      

                        // send a verification email
            if ($this->sendVerificationEmail()) {

                            // when mail has been send successfully
                $this->messages[] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED;
                $this->registration_successful = true;
                return true;

            } else {

                $sth = $this->db->prepare("DELETE FROM users WHERE user_id = :last_inserted_id ;");
                $sth->execute(array(':last_inserted_id' => $this->db->lastInsertId() ));                            

                $this->errors[] = FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED;

            }

        } else {

            $this->errors[] = FEEDBACK_ACCOUNT_CREATION_FAILED;

        }
    }            

} else {

    $this->errors[] = FEEDBACK_UNKNOWN_ERROR;

}          

        // standard return. returns only true of really successful (see above)
return false;
}

I keep tripping the FEEDBACK_ACCOUNT_CREATION_FAILED error, but can't figure out why. Any ideas?

Answer 1

Have you dumped "$sth" after it does the insert? What does that give you? If you are using mysql you can turn the general_log ( http://dev.mysql.com/doc/refman/5.1/en/query-log.html ) to see the mysql query that gets executed. This way you can see if the query is getting created properly.

Turning on mysql logging can be very useful if you are not sure whats happening at the other end.