We Keep Coding

login displaying wrong username and password

I got this login form, it is then verified by the users.php file, but even tough the username and the password are on the database, it says the password is wrong. The database is working correctly and it's connected to the page.
Login form:
<?php
require_once('/funcoes/Users.php');
if( !empty($_POST)){
try{
$users = new OOP_Users();
$result = $users->login($_POST['username'], $_POST['password']);
if ( $result == 'ok'){
}
else{
echo "Username/Password erradas!!";
}
}
catch(Exception $e){
echo "Authentication error!";
}
}
else{
session_start();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body><?php
if(!isset($_SESSION['username'])){
?>
<form name="Formulario_Login" action="#" method="POST"/>
<table>
<tr>
<td> Username </td><td><input name="username" type="text" <span style="font-size: 15px;" ></input></td></tr>
<tr>
<td> Password </td><td><input name="password" type="password" <span style="font-size: 15px;"></input></td></tr></tr>
<td colspan="7"><input type="submit" value="Login"></td></tr>
</table>
<?php
}
else{
echo 'Welcome ' . $_SESSION['username'] . "! <br>".'Logout';
echo '<br>Alterar perfil';
echo '<br>Apagar conta';
}
?>
</body>
</html>
And in the users.php i got this function
Users.php:
public function login($username, $password){
$result = $this->_myDB->performQuery("SELECT * FROM `users` WHERE `username' = '$username' AND 'password' = '$password'");
if ( $result->num_rows != 1 ){
return ('Authentication error');
}
else{
session_start();
$_SESSION['username'] = $username;
return('ok');
}
}
Even tough i have the username "ines" and the password "ines123" on the database, every time i try to login i got the error: "Authentication error!"
Can anyone tell me what am i doing wrong?

make session for pdo php

base on my question here i was able to make a session but what i dont get is that i dont direct to the welcome page no matter what i do here is the code.
lock.php
<?php
include('config.php');
session_start();
$user_check=$_SESSION['login_user'];
$stmt = $dbh->prepare("SELECT * FROM member WHERE username = ? ") ;
$stmt->bindValue(1,$user_check);
$stmt->execute();
$selected_row = $stmt->fetch(PDO::FETCH_ASSOC);
$login_session=$selected_row['username'];
if(!isset($login_session))
{
header("Location: login.php");
}
?>
crud.php
<?php
include_once('config.php');
$error="";
function LoginUser() {
echo "login";
global $dbh;
if(!empty($_POST['un'])){
$username = trim($_POST['un']);
$password = trim($_POST['pw']);
$stmt = $dbh->prepare("SELECT * FROM member WHERE username = ? ") ;
$stmt->bindValue(1,$_POST['un']);
$stmt->execute();
$selected_row = $stmt->fetch(PDO::FETCH_ASSOC);
if($selected_row['username']===$_POST['un']){
if($selected_row['password']===$_POST['pw']){
$_SESSION['username'] = $_POST['un'];
echo $_SESSION['username'];
header("location: welcome.php");
die();
}else{
echo "incorrect password";
header("location: login.php");
die();
}
}else{
echo "user does not exist";
header("location: login.php");
die();
}
}else{
echo "empty";
header("location: login.php");
die();
}
}
function SignUp(){
global $dbh;
if(!empty($_POST['un'])){
$username = trim($_POST['un']);
$password = trim($_POST['pw']);
$stmt = $dbh->prepare("SELECT * FROM member WHERE username = ?") ;
$stmt->bindValue(1,$_POST['un']);
$stmt->execute();
$selected_row = $stmt->fetch(PDO::FETCH_ASSOC);
//if(!empty($stmt->rowCount())){
if($selected_row['username']===$_POST['un']){
//echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
trigger_error("SORRY...YOU ARE ALREADY REGISTERED USER...");
}else{
NewUser();
}
}else{
header("location: signup.php");
die();
}
}
function NewUser(){
global $dbh;
$firstname = trim($_POST['fn']); //at a minimus clear whitespace.
$lastname = trim($_POST['ln']);
$username = trim($_POST['un']);
$password = trim($_POST['pw']);
$address = trim($_POST['cp']);
$stmt = $dbh->prepare("INSERT INTO member (fname,lname,username,password) VALUES (?,?,?,?)");
$stmt->bindValue(1,$firstname,PDO::PARAM_STR);
$stmt->bindValue(2,$lastname,PDO::PARAM_STR);
$stmt->bindValue(3,$username,PDO::PARAM_STR);
$stmt->bindValue(4,$password,PDO::PARAM_STR);
if($stmt->execute()){
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
if (isset($_POST['signup'])) {
//action for update here
SignUp();
}
if (isset($_POST['login'])) {
//action for delete
LoginUser();
}
if (isset($_POST['register'])) {
//action for delete
header("Location: signup.php");
}
if (isset($_POST['back'])) {
//action for delete
header("Location: login.php");
}
?>
login.php
<?php
include_once('crud.php');
include("config.php");
// Inialize session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
<style type="text/css">
body
{
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label
{
font-weight:bold;
width:100px;
font-size:14px;
}
.box
{
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor="#FFFFFF">
<div align="center">
<div style="width:300px; border: solid 1px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style="margin:30px">
<form action="crud.php" method="post">
<form method="POST" action="crud.php">
<table border="0">
<form method="POST" action="crud.php">
<tr>
<td>UserName :</td>
<td>
<input type="text" name="un" class="box"/>
</td>
</tr>
<tr>
<td>Password :</td>
<td>
<input type="password" name="pw" class="box" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="Login " name="login"/><br />
</td>
<td>
<input type="submit" value="Register " name="register"/><br />
</td>
</tr>
<tr><td><div style="font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div></td></tr>
</form>
</table>
</div>
</div>
</div>
</body>
</html>
welcome.php
<?php include("config.php");?>
<?php include("lock.php");?>
<?php include_once('crud.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Welcome </title>
</head>
<body>
<h1>Welcome <?php echo $login_session; ?></h1>
<h2>Sign Out</h2>
</body>
</html>
from the above code there are a few question i have in mind..
Why is it that i am not directing to welcome when infact i log in correctly.
Is it possible that the lock.php is getting nothing?i mean no value for username.
I am using this in local and I cant access debug in chrome so I have no idea where I get error.
fyi this is from a tutorial.

simple answer:
include_once('crud.php');
in the lock.php because it where the data is from.

Session values not being recognized

I was testing my script and the session values were not registering. Here is my error message:
Notice: Undefined index: email1 in /home/content/78/10212078/html/ads/new_topic.php on line 11
Notice: Undefined index: pass1 in /home/content/78/10212078/html/ads/new_topic.php on line 12
ERROR: You do not exist in the system.
And here is line 11 and 12:
$u_email = mysql_real_escape_string($_SESSION['email1']);
$u_pass = mysql_real_escape_string($_SESSION['pass1']);
And here is the full code for new_topic.php:
<?php
error_reporting(E_ALL); ini_set('display_errors', '1');
session_start();
include_once "../ads/connect_to_mysql.php"; // Connect to the database
// Assume they are a member because they have a password session variable set
// Check the database to be sure that their ID, password, and email session variables all match in the database
$u_id = mysql_real_escape_string($_SESSION['id']);
$u_name = mysql_real_escape_string($_SESSION['username']);
$u_email = mysql_real_escape_string($_SESSION['email1']);
$u_pass = mysql_real_escape_string($_SESSION['pass1']);
$sql = mysql_query("SELECT * FROM members1 WHERE id='$u_id' AND username='$u_name' AND email1='$u_email' AND pass1='$u_pass'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
echo "ERROR: You do not exist in the system.";
exit();
}
// Check to make sure the URL variables of "sid" and "title" are set
if (!isset($_POST['ad_id']) || $_POST['ad_id'] == "" || !isset($_POST['ad_title']) || $_POST['ad_title'] == "") {
echo "Important variables are missing";
exit();
} else {
// Acquire the variables and proceed to show them a form for creating a new topic
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['ad_id']);
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['ad_title']);
}
$sql = mysql_query("SELECT * FROM ad_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
echo "ERROR: That section deos not exist.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="style/style.css" rel="stylesheet" type="text/css" />
<title>Create New Topic</title>
<script type="text/javascript" language="javascript">
<!--
function validateMyForm ( ) {
var isValid = true;
if ( document.form1.post_title.value == "" ) {
alert ( "Please type in a title for this classified" );
isValid = false;
} else if ( document.form1.post_title.value.length < 10 ) {
alert ( "Your title must be at least 10 characters long" );
isValid = false;
} else if ( document.form1.post_body.value == "" ) {
alert ( "Please type in your classified body." );
isValid = false;
}
return isValid;
}
//-->
</script>
</head>
<body>
<table style="background-color: #F0F0F0; border:#069 1px solid; border-top:none;" width="900" border="0" align="center" cellpadding="12" cellspacing="0">
<tr>
<td width="731" valign="top">
<div id="breadcrumbs">Locally Sold Home ← Section Home ← <?php echo $forum_section_title; ?></div>
<h2>Creating New Classified In the <em><?php echo $forum_section_title; ?></em> Forum</h2>
<form action="parse_post.php" method="post" name="form1">
<input name="post_type" type="hidden" value="a" />
Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" />
<br /><br />
Please type in a title for your classified here:<br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br />
Please type in your classified body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea>
<br /><br /><input name="" type="submit" value="Create my classified now!" onclick="javascript:return validateMyForm();"/><input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" />
<input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" />
<input name="uid" type="hidden" value="<?php echo $_SESSION['id']; ?>" />
<input name="upass" type="hidden" value="<?php echo $_SESSION['pass1']; ?>" />
</form>
</td>
<td width="189" valign="top"><div style=" width:160px; height:600px; background-color: #999; color: #CCC; padding:12px;"> <br/>
<br/>
<br />
<h3>Ad Space or Whatever</h3>
</div></td>
</tr>
</table>
</body>
</html>
Here is where the the session variables are set on login.php:
<?php
// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Initialize some vars
$errorMsg = '';
$email = '';
$pass = '';
$remember = '';
if (isset($_POST['email1'])) {
$email = $_POST['email1'];
$pass = $_POST['pass1'];
if (isset($_POST['remember'])) {
$remember = $_POST['remember'];
}
$email = stripslashes($email);
$pass = stripslashes($pass);
$email = strip_tags($email);
$pass = strip_tags($pass);
// error handling conditional checks go here
if ((!$email) || (!$pass)) {
$errorMsg = 'Please fill in both fields';
} else { // Error handling is complete so process the info if no errors
include 'connect_to_mysql.php'; // Connect to the database
$email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query
//$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query
$pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
// Make the SQL query
$sql = mysql_query("SELECT * FROM members1 WHERE email1='$email' AND pass1='$pass' AND email_activated='1'");
$login_check = mysql_num_rows($sql);
// If login check number is greater than 0 (meaning they do exist and are activated)
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0 thru 5.3+)
// Create session var for their raw id
$id = $row["id"];
$_SESSION['id'] = $id;
// Create the idx session var
$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
// Create session var for their username
$username = $row["username"];
$_SESSION['username'] = $username;
// Create session var for their email
$useremail = $row["email1"];
$_SESSION['useremail'] = $useremail;
// Create session var for their password
$userpass = $row["pass1"];
$_SESSION['userpass'] = $userpass;
mysql_query("UPDATE members1 SET last _log_date=now() WHERE id='$id' LIMIT 1");
} // close while
// Remember Me Section
if($remember == "yes"){
$encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
}
// All good they are logged in, send them to homepage then exit script
header("location: index.php?test=$id");
exit();
} else { // Run this code if login_check is equal to 0 meaning they do not exist
$errorMsg = "Incorrect login data, please try again";
}
} // Close else after error checks
} //Close if (isset ($_POST['uname'])){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="icon" href="favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<link href="style/main.css" rel="stylesheet" type="text/css" />
<script src="/jquery-1.9.0.js" type="text/javascript"></script>
<title>Log In</title>
<style type="text/css">
<!--
body {
margin-top: 0px;
}
-->
</style></head>
<body>
<div align="center"><img src="images/logo1.png" alt="Locally Sold Home Page" width="197" height="104" border="0" /></div>
<table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;">
<form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform">
<tr>
<td width="23%"><font size="+2">Log In</font></td>
<td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td>
</tr>
<tr>
<td><strong>Email:</strong></td>
<td><input name="email1" type="text" id="email1" style="width:60%;" /></td>
</tr>
<tr>
<td><strong>Password:</strong></td>
<td><input name="pass1" type="password" id="pass1" maxlength="24" style="width:60%;"/></td>
</tr>
<tr>
<td align="right"> </td>
<td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" />
Remember Me</td>
</tr>
<tr>
<td> </td>
<td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td colspan="2">Forgot your password? Click Here
<br /></td>
</tr>
<tr>
<td colspan="2">Need an Account? Click Here<br /> <br /></td>
</tr>
</form>
</table>
<br />
<br />
<br />
</body>
</html>

You're not setting the session variables anywhere.
To set session values, you do the following:
if ( /* username and password are correct */ ) {
$_SESSION['id'] = $row['id']; //taken from db
$_SESSION['username'] = $row['username'];
// etc
}

use session_start on all pages where you want to use session function.
after that set your session like this...
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];

blank screen when login

I need some help with my code. It works on XAMPP on my computer but when it's live on my server it won't work all I get is a blank screen. You can have a look what happens at <a href="http://www.redhotessentials.com/prototype/pages/login.php</a> put username allanallan password allanallan and you can see what happens thanks
<?php
if (isset($_POST['email'])) {
//Connect to the database through our include
require("db.php");
$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
$password = md5($password);
// Make query and then register all database data that -
// cannot be changed by member into SESSION variables.
// Data that you want member to be able to change -
// should never be set into a SESSION variable.
$sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password' AND emailactivated='1'");
$login_check = mysql_num_rows($sql);
if($login_check>0){
while($row = mysql_fetch_array($sql)){
// Get member ID into a session variable
$id = $row['id'];
session_register('id');
$_SESSION['id'] = $id;
// Get member username into a session variable
$username = $row['username'];
session_register('username');
$_SESSION['username'] = $username;
// Update last_log_date field for this member now
mysql_query("UPDATE members SET lastlogin=now() WHERE id='$id'");
// Print success message here if all went well then exit the script
header("location: endlessnails_blog.php");
exit();
} // close while
} else {
// Print login failure message to the user and link them back to your login page
print '<br /><br /><font color="#FF0000">No match in our records, try again </font><br />
<br />Click here to go back to the login page.';
exit();
}
}// close if post
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login to your profile</title>
<link rel="stylesheet" type="text/css" href="../../css/main4.css" />
<script type="text/javascript">
<!-- Form Validation -->
function validate_form ( ) {
valid = true;
if ( document.logform.email.value == "" ) {
alert ( "Please enter your User Name" );
valid = false;
}
if ( document.logform.pass.value == "" ) {
alert ( "Please enter your password" );
valid = false;
}
return valid;
}
<!-- Form Validation -->
</script>
</head>
<?php include("header.php"); ?>
<?php include("nav.php"); ?>
<body>
<div id="container">
<div id="box3">
<div align="center">
<h3 id="login2"><br />
<br />
Log into Endless Nails Blog<br />
<br />
</h3>
</div>
<div id="loginformmove">
<table class="style7" align="center" cellpadding="5">
<form action="index.php" method="post" enctype="multipart/form-data" name="logform"
id="logform" onsubmit="return validate_form ( );">
<tr>
<td class="style7"><div align="right">Email Address:</div></td>
<td class="style7"><input name="email" type="text" id="email" size="30" maxlength="64" /></td>
</tr>
<tr>
<td class="style7"><div align="right">Password:</div></td>
<td class="style7"><input name="password" type="password" id="password" size="30" maxlength="24" /></td>
</tr>
<tr>
<td class="style7"> </td>
<td id="login3"><input name="Submit" type="submit" value="Login" class="login_pad" /></td>
</tr>
</form>
</table>
</div>
</div>
</div>
</div>
</body>
</html>

Remove the enctype from your FORM attributes, since you are not Uploading files, just use the method="POST"

How can Update account which corresponds with the Pin inputted?

I have this Alumni Directory System that when users wants to join the site, he/she will input the correct pin for his/her account. If the pin was correct, he will be directed to the account creation page which includes: username,password and email.
This inputs will be updated to his existing record on the database. Here's the scripts that I've been using, and got problem on how to update the inputs of the user to the database.
verify.php
<?php
// Start Session to enable creating the session variables below when they log in session_start();
include 'scripts/connect_to_mysql.php';
// Connect to the database
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1'); ?> <?php //
//Initialize some vars
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link href="stylesheets/style.css" rel="stylesheet" type="text/css"/>
<title>Enter Your Pin</title>
<body>
<div id="main_content">
<form id="form1" name="form1" method="post" action="createaccount.php" style="height: 96px;">
<label>Confirmation Number:
<input type="text" name="confirm" id="ed"/> </label>
<p>
<input name="" type="submit" value="Log-in" id="button1"/>
</p>
</form>
createaccount.php
<?php
include_once "scripts/connect_to_mysql.php";
$confirm = $_POST['confirm'];
$result = mysql_query("SELECT * FROM myMembers where confirmation='$confirm'");
while($row = mysql_fetch_array($result))
{
$id = $row['id'];
$username = $row['username'];
$password = $row['password'];
$email = $row['email'];
}
?>
<?php
if (isset ($_POST['username'])){
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
$email = $_POST['email'];
$password = $_POST['password'];
$email = stripslashes($email);
$password= stripslashes($password);
$email = strip_tags($email);
$password= strip_tags($password);
// Connect to database
include_once "scripts/connect_to_mysql.php";
$emailCHecker = mysql_real_escape_string($email);
$emailCHecker = str_replace("`", "", $emailCHecker);
// Database duplicate username check setup for use below in the error handling if else conditionals
$sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);
// Error handling for missing data
if ((!$username) || (!$email) || (!$password)) {
$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
}
if(!$username){
$errorMsg .= ' * User Name<br />';
}
if(!$email){
$errorMsg .= ' * Email Address<br />';
}
if(!$password){
$errorMsg .= ' * Password<br />';
} else if (strlen($username) < 4) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else { // Error handling is ended, process the data and add member to database
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}
$username = mysql_real_escape_string($username);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
// Add MD5 Hash to the password variable
$db_password = md5($password);
// GET USER IP ADDRESS
$ipaddress = getenv('REMOTE_ADDR');
// Add user info into the database table for the main site table
$sql = mysql_query("UPDATE myMembers SET username='$username', email='$email', password='$db_password', ipaddress='ipaddress', sign_up_date WHERE confirmation='$confirm'");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Create Account | <?php echo $MySocialSitename; ?></title>
<link href="style/main.css" rel="stylesheet" type="text/css" />
<script src="js/jquery-1.4.2.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript">
$(document).ready(function() {
$("#username").blur(function() {
$("#nameresponse").removeClass().text('Checking Username...').fadeIn(1000);
$.post("scripts/check_signup_name.php",{ username:$(this).val() } ,function(data) {
$("#nameresponse").fadeTo(200,0.1,function() {
$(this).html(data).fadeTo(900,1);
});
});
});
});
function toggleSlideBox(x) {
if ($('#'+x).is(":hidden")) {
$('#'+x).slideDown(300);
} else {
$('#'+x).slideUp(300);
}
}
</script>
</head>
<body>
<br /><br />
<table class="mainBodyTable" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="738" valign="top">
<h2 style="margin-left:80px;">Create Your Account </h2>
<table width="600" align="center" cellpadding="8" cellspacing="0" style="border:#999 1px solid; background-color:#FBFBFB;">
<form action="createaccount.php" method="post" style="margin-top: -31px;" name="personal">
<tr>
<td colspan="2"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td>
</tr>
<tr>
<tr>
<td width="114" bgcolor="#FFFFFF">User Name:<span class="brightRed"> *</span></td>
<td width="452" bgcolor="#FFFFFF"><input name="username" type="text" class="formFields" id="username" value="<?php echo $username;?>" size="32" maxlength="20" /><br />
<span id="nameresponse"><span class="textSize_9px"><span class="greyColor">Alphanumeric Characters Only</span></span></span></td>
</tr>
<tr>
<td><div align="right" class="style1">Password:</div></td>
<td><input name="password" type="password" class="ed" id="last" size="40" value="" /></td>
<td> </td>
</tr>
<tr>
<td><div align="right" class="style1">Email Address:</div></td>
<td><input name="email" type="text" class="ed" id="address" size="40" value="" /></td>
<td> </td>
</tr>
<tr>
<td><div align="right"></div></td>
<td colspan="2"><label>
<input type="checkbox" name="condition" value="checkbox" />
<span class="style1"><small>i agree the <a rel="facebox" href="terms_condition.php">terms and condition</a> of this alumni</small></span></label></td>
</tr>
<tr>
<td><div align="right"></div></td>
<td><input name="but" type="submit" value="Confirm" /></td>
<td> </td>
</tr>
</table>
</form>
</table>
</body>
</html>
After the update was finished it will direct the user to the login page.

You should Post your Verify.php file code as you say the error is in that page,
Assuming entiries for each person will have only their passcoe and all other fields are empty before they create their account
// in verify.php page
if(isset($_POST['passcode']))
{
$enteredCode=$_POST['passcode'];
$records=mysql_query("select passcode from table where user_id =X");
if( mysql_num_rows($records == 1)
{
while($row=mysql_fetch_array($records))
{
$passcode==$row['passcode'];
}
if($enteredCode == $passcode)
{
header("location:createAccount.php");
}
else
{
// do not redirect, print error msg
}
}
}