Simple PHP Registration Form Only Collects NULL Values?

Question

I am attempting to create a basic login/registration for a website using PHP. The code below shows that I required config.php which I tested and it connects to my site smoothly. What happens is when I go to the page, and enter in values, no matter what I enter for email and password, it says they always match. When I try to output the values of email1 and email2, it outputs nothing. I think the form isn't collecting the data when you press submit. If anyone could see what I am doing wrong it would be so appreciated!

<?php
require('config.php');
if(isset($_POST['submit'])) {
    $email1 = $POST['email1'];
    $email2 = $POST['email2'];
    $pass1 = $POST['pass1'];
    $pass2 = $POST['pass2'];

    if($email1 == $email2) 
    {
        echo "Emails match.<br />";
        if($pass1 == $pass2)
        {
            echo "Passwords match.<br />";
        }
        else 
        {
            echo "Sorry, your passwords do not match.<br />";
            exit();
        }
    }
    else 
    {
        echo "Sorry, your emails do not match.<br /><br />";
    }

}
else {
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type = "text" name = "lname" /><br />
User Name: <input type = "text" name = "uname" /><br />
Email: <input type = "text" name = "email1" /><br />
Confirm Email: <input type = "text" name = "email2" /><br />
Password: <input type = "password" name = "pass1" /><br />
Confirm Password: <input type = "password" name = "pass2" /><br />
<input type = "submit" value = "Register" name = "submit" />
</form>

EOT;
echo $form;
}
?>

Answer 1

The problem is that you've forgotten the underscores for all $POST 's

Change them all to $_POST

It's a superglobal which 8 out of 9 of those require the underscore, unlike $GLOBALS

• $GLOBALS <=== No underscore required for this one.
• $_SERVER
• $_GET
• $_POST <=== Change them all to this.
• $_FILES
• $_COOKIE
• $_SESSION
• $_REQUEST
• $_ENV

---

Had error reporting been set/on, you would have been signaled of the error, and multiple times:

Notice: Undefined variable: POST in...

To enable it, you can add the following after your opening <?php tag:

error_reporting(E_ALL);
ini_set('display_errors', 1);

NB: Error reporting should only be done in staging, and never production.

---

Sidenote:

Since you're obviously running the entire code from the same page, you can simply change action="register.php" to action="" if you want.

---

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

• CRYPT_BLOWFISH
• crypt()
• bcrypt()
• scrypt()
• On OPENWALL
• PBKDF2
• PBKDF2 on PHP.net
• PHP 5.5's password_hash() function.
• Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

• PBKDF2 For PHP

---

• If you use plain text as a password storage method, I'm afraid that it will just be a question of time before your site gets compromised.