I followed this tutorial on youtube, for making a social network. I had to register my user. But when I register, nothing shows up on the database.. My files are:
index.php
<?php include ("./inc/header.inc.php");?>
<?php
date_default_timezone_set('UTC');
$reg = #$_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
$un = "";//Username
$em = "";//Email
$em2 = "";//Email 2
$pswd = "";//Password
$pswd2 = "";//Password 2
$d = "";//Sign Up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to findFriends</h2>Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$md5password_login = md5($password_login);
$sql = mysqli_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' AND closed='no' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysqli_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysqli_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div style="float: left;">
<h2>Already a Memeber? Login below ...</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="40" name="user_login" id="user_login" class="auto-clear" title="Username ..." /><p />
<input type="text" size="40" name="password_login" id="password_login" value="Password ..." /><p />
<input type="submit" name="button" id="button" value="Login to your account">
</form>
</div>
<div style="float: right; width: 240px;">
<h2>Sign up Below ...</h2>
<form action="#" method="post">
<input type="text" size="40" name="fname" class="auto-clear" title="First Name" value="<? echo $fn; ?>"><p />
<input type="text" size="40" name="lname" class="auto-clear" title="Last Name" value="<? echo $ln; ?>"><p />
<input type="text" size="40" name="username" class="auto-clear" title="Username" value="<? echo $un; ?>"><p />
<input type="text" size="40" name="email" class="auto-clear" title="Email" value="<? echo $em; ?>"><p />
<input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" value=" <? echo $em2; ?>"><p />
<input type="password" size="40" name="password" value="Password ..."><p />
<input type="password" size="40" name="password2" value="Password ..."><p />
<input type="submit" name="reg" value="Sign Up!">
</form>
</div>
connect.inc.php:
<?php
$con = mysqli_connect("localhost", "root", "password") or die("Unable to connect");
mysqli_select_db($con, "socialnetworkdatabase") or die("Could not open the db");
mysqli_close($con);
?>
When I open the database on phpmyadmin, It shows : MySQL returned an empty result set (i.e. zero rows). (Query took 0.0000 seconds.)
I edited the code index.php and it looks like this:
<?php include ("./inc/header.inc.php");?>
<?php include("./inc/connect.inc.php");?>
<?php
$con = mysqli_connect("localhost" ,"root" ,"iamanasian", "theworlddatabase" );
date_default_timezone_set('UTC');
if(isset($_POST['reg'])){
$reg = $_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
$un = "";//Username
$em = "";//Email
$em2 = "";//Email 2
$pswd = "";//Password
$pswd2 = "";//Password 2
$d = "";//Sign Up Date
$u_check = ""; // Check if username exists
//registration form
$fn = stripslashes($_POST['fname']);
$fn = mysqli_real_escape_string($con,$_POST['fname']);
$ln = stripslashes($_POST['lname']);
$ln = mysqli_real_escape_string($con,$_POST['lname']);
$un = stripslashes($_POST['username']);
$un = mysqli_real_escape_string($con,$_POST['username']);
$em = stripslashes($_POST['email']);
$em = mysqli_real_escape_string($con,$_POST['email']);
$em2 = stripslashes($_POST['email2']);
$em2 = mysqli_real_escape_string($con,$_POST['email2']);
$pswd = stripslashes($_POST['password']);
$pswd = mysqli_real_escape_string($con,$_POST['password']);
$pswd2 = stripslashes($_POST['password2']);
$pswd2 = mysqli_real_escape_string($con,$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysqli_query($con, "SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysqli_query($con,"SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query($con,"INSERT INTO users (id, username, first_name, last_name, email, password, sign_up_date, activated ) VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to findFriends</h2>Login to your account to get started ..." ) or die(mysqli_error($con));
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Enter the New World Today!</h2>
</td>
<td width="40%" valign="top">
<h2>Sign Up Below!</h2>
<form action="#" method="POST">
<input type="text" name="fname" size="25" placeholder="First Name"><br/> <br/>
<input type="text" name="lname" size="25" placeholder="Last Name"><br/><br/>
<input type="text" name="username" size="25" placeholder="Username"><br/><br/>
<input type="text" name="email" size="25" placeholder="Email"><br/><br/>
<input type="text" name="email2" size="25" placeholder="Re-enter Email"><br/><br/>
<input type="password" name="password" size="25" placeholder="Password"><br/><br/>
<input type="password" name="password2" size="25" placeholder="Re-enter Password"><br/><br/>
<input type="submit" name="reg" value="Enter The World!">
</form>
</td>
</tr>
</table>
<?php include ("./inc/footer.inc.php");?>
And it's still not working
Firstly, you are not passing the DB connection variable $con to any of your queries, it's required.
$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");
$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");
$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
$sql = mysqli_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' AND closed='no' LIMIT 1"); // query the person
Use it like this and do the same for the others:
mysqli_query($con, "SELECT ...
mysqli_query($con, "INSERT ...
Sidenote about your INSERT: It is best to include the actual columns when doing an INSERT.
I.e.: INSERT INTO table (column_x, column_y) VALUES ('value_x', 'value_y')
You're also potentially missing session_start(); since you are using sessions, it is required and to be placed at the top of every file using sessions.
You should be using or die(mysqli_error($con)) to mysqli_query() in order to get the errors, if any.
Also, adding this to the top of your files:
error_reporting(E_ALL);
ini_set('display_errors', 1);
Sidenote: Error reporting should only be done in staging, and never production.
Remove the # symbols from your POST variables; they suppress potential errors.
Plus, instead of strip_tags() which strips out HTML and PHP tags from a string, use mysqli_real_escape_string() and stripslashes()
I.e.:
$fn = stripslashes($_POST['fname']);
$fn = mysqli_real_escape_string($con,$_POST['fname']);
and do the same for the others.
Your present code is open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements.
For password storage, use any of the following and do not use MD5, it is old and considered broken.
CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack.
Edit:
Place the following and wrap the braces within the code you wish to execute:
// This is related to your named submit button
if(isset($_POST['reg'])){
// code to execute
}
which is why you're getting an Undefined index: reg notice.
Edit #2:
Place the following and wrap the braces within the code you wish to execute:
<?php include ("./inc/header.inc.php");?>
<?php
date_default_timezone_set('UTC');
if(isset($_POST['reg'])){
$reg = $_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
// put the rest of your code
}
}
} // closing brace for if(isset($_POST['reg']))
?>
<div style="float: left;">
// rest of your code
Parse error: syntax error, unexpected '{
that is most likely caused by short tags not being set.
change
<?
//Login Script
to
<?php
//Login Script
Related
My site won't let me log into it after filling out the registration form, everything in the database is correct but it just wont let me log in! Also if I do sort out the logging in problem will it let me pass over to 'home.php'? Sorry for being such a novice and thank you for your time in advance!
<?php
session_start();
if(!isset($_SESSION["userlogin"])){
}else{
$username = $_SESSION["userlogin"];
}
?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$first_name = ""; //First Name
$last_name = ""; //Last Name
$username = ""; //Username
$email = ""; //Email
$email2 = ""; //Email 2
$password = ""; //Password
$password2 = ""; // Password 2
$signupdate = ""; // Sign up Date
$usercheck = ""; // Check if username exists
//registration form
$first_name = strip_tags(#$_POST['first_name']);
$last_name = strip_tags(#$_POST['last_name']);
$username = strip_tags(#$_POST['username']);
$email = strip_tags(#$_POST['email']);
$email2 = strip_tags(#$_POST['email2']);
$password = strip_tags(#$_POST['password']);
$password2 = strip_tags(#$_POST['password2']);
$signupdate = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($email==$email2) {
// Check if user already exists
$usercheck = mysql_query("SELECT username FROM users WHERE username='$username'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($usercheck);
//Check whether Email already exists in the database
$echeck = mysql_query("SELECT email FROM users WHERE email='$email'");
//Count the number of rows returned
$emailcheck = mysql_num_rows($echeck);
if ($check == 0) {
if ($emailcheck == 0) {
//check all of the fields have been filed in
if ($username && $first_name && $last_name &&
$email && $email2 && $password && $password2)
{
// check that passwords match
if ($password==$password2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($username)>25 ||
strlen($first_name)>25 ||
strlen($last_name)>25)
{
echo "The maximum limit for username/first name/last name is 25 characters!";
}else {
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($password)>30||strlen($password)<5) {
echo "Your password must be between 5 and 30 characters long!";
}else {
//encrypt password and password 2 using crypt before sending to database
$password = crypt($password);
$password2 = crypt($password2);
$query = mysql_query("INSERT INTO users VALUES ('','$username','$first_name','$last_name','$email','$password','$signupdate','0')");
header("Location: index.php");
exit;
}
}
} else {
echo "Your passwords don't match!";
}
} else {
echo "Please fill in all of the fields";
}
}else{
echo "Sorry, but it looks like someone has already used that email!";
}
}else{
echo "Username already taken ...";
}
}else {
echo "Your E-mails don't match!";
}
}
?>
<?php
//Login Script
if (isset($_POST["userlogin"]) && isset($_POST["passwordlogin"])) {
$userlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["userlogin"]); // filter everything but numbers and letters
$passwordlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["passwordlogin"]); // filter everything but numbers and letters
$cryptpasswordlogin = crypt($passwordlogin);
$sql = mysql_query("SELECT id FROM users WHERE username='$userlogin' AND password='$cryptpasswordlogin' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql);
echo mysql_error();
//Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["userlogin"] = $userlogin;
header("home.php");
exit();
}else{
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div>
<h2>Already a Memeber? Login below ...</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="40" name="userlogin" id="user_login" class="auto-clear" placeholder="Username..." /><p />
<input type="text" size="40" name="passwordlogin" id="password_login" placeholder="Password..." /><p />
<input type="submit" name="button" id="button" value="Login to your account">
</form>
</div>
<div>
<h2>Sign up Below ...</h2>
<form action="#.php" method="post">
<input type="text" size="40" name="username" class="auto-clear" title="Username" placeholder="Username..."><p />
<input type="text" size="40" name="first_name" class="auto-clear" title="First Name" placeholder="First name..."><p />
<input type="text" size="40" name="last_name" class="auto-clear" title="Last Name" placeholder="Last name..."><p />
<input type="text" size="40" name="email" class="auto-clear" title="Email" placeholder="Email..."><p />
<input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" placeholder="Email again..."><p />
<input type="password" size="40" name="password" placeholder="Password..."><p />
<input type="password" size="40" name="password2" placeholder="Password again..."><p />
<input type="submit" name="reg" value="Sign Up!">
</form>
</div>
</div>
</body>
</html>
Please note in this simple test. Using crypt() twice on the same string will not generate the same result.
echo crypt('password') . PHP_EOL;
echo crypt('password') . PHP_EOL;
Results are :
$1$5u1.o45.$QqFY/BeCcln/LO7efiDp61
$1$R55.G3..$LQ9HxetMhV3KmJYM2q8UR/
So when you use crypt() to HASH the password on registration, and then again when you try the login part of your script, even if the user enters the correct password it will NOT generate the same HASH therefore this query will not find the user row
SELECT id
FROM users
WHERE username='$userlogin'
AND password='$cryptpasswordlogin'
LIMIT 1
i.e. crypt() will not generated the same HASH twice from the same string.
Please dont roll your own password hashing. PHP provides password_hash()
and password_verify() please use them.
And here are some good ideas about passwords
If you are using a PHP version prior to 5.5 there is a compatibility pack available here
I've been trying to troubleshoot a problem I have but I've had no luck so far.
I have a profile page that echoes the user's first and last name. This function works when users first register. The problem is, however, that when the user logs out (ending session) and logs back in and goes back to his/her profile page, the first and last names do not show, leaving instead blanks.
To better clarify consider the pathways:
1.User registers -> profile displays first and last name
2.User logs in -> profile does not display first and last name
Here are the codes pertaining to this issue (I already have session_start() at the top of each page I have; also, my variables, reg form and login form are under one php enclosure):
Variables:
<?php
error_reporting(E_ALL ^ E_NOTICE);
$reg = $_POST['reg'];
//initializing registration variables to prevent errors
$fn = ""; //first name
$ln = ""; //last name
$em = ""; //email
$em2 = ""; //email 2
$pass = ""; //password
$bday = ""; //birthday
$sud = ""; //sign up date
$em_check =""; //check if email exists
//registration variables + form
$fn = mysqli_real_escape_string($con, $_POST['first_name']);
$ln = mysqli_real_escape_string($con, $_POST['last_name']);
$em = mysqli_real_escape_string($con, $_POST['email']);
$em2 = mysqli_real_escape_string($con, $_POST['email2']);
$pass = mysqli_real_escape_string($con, $_POST['password']);
$bday = date("Y");
$sud = date("Y-m-d H:i:s"); // Year - Month - Day
Registration Form:
if(isset($_POST['reg'])) {
if($em==$em2) {
//check if email already exists
$emSQLI = "SELECT email FROM `users` WHERE email='$em'";
$em_check = mysqli_query($con, $emSQLI); //checks whether both entered emails are identical
$check = mysqli_num_rows($em_check); //count the amount of rows where email = $em
if ($check == 0) {
//check if all fields have been filled
if($fn && $ln && $em && $em2 && $pass && $bday) {
//check the maximum length of relevant fields
if(strlen($fn)>90||strlen($ln)>90) {
echo "Maximum limit for first/last names is 90 characters.";
}
else{
if (strlen($pass)<6||strlen($pass)>99) {
echo "Password must be between 6 and 99 characters long.";
}
else {
$pass = md5($pass);
$regSQLI = "INSERT INTO users (id, email, birth_date, first_name, last_name, password, sign_up_date, activated) VALUES ('','$em','$bday','$fn','$ln','$pass','$sud','0')";
$regQuery = mysqli_query($con, $regSQLI);
//variables that will be passed over from the register fields to forthcoming sessions
$_SESSION["email_login"] = $em;
$_SESSION["first_name"] = $fn;
$_SESSION["last_name"] = $ln;
}
}
header("location: profile.php");
exit();
}
else {
echo '<div id="regerrormsg">Please fill in all required fields. </div>';
}
}
else {
echo '<div id="regerrormsg"> Email is already registered. </div>';
}
}
else {
echo '<div id="regerrormsg">Entered emails do not match. </div>';
}
}
Log In Form:
if(isset($_POST['email_login']) && isset($_POST['pass_login'])) {
$email_login = mysqli_real_escape_string($con, $_POST['email_login']);
$pass_login = mysqli_real_escape_string($con, $_POST['pass_login']);
$pass_login = md5($pass_login);
$logquery = "SELECT id FROM users WHERE email='$email_login' AND password='$pass_login' LIMIT 1";
$sqli = mysqli_query($con, $logquery);
$userCount = mysqli_num_rows($sqli); // Count number of rows returned
// checks the database for respective items
if ($userCount == 1) { //if the search finds a matching record of the login input form
while( $row = mysqli_fetch_assoc($sqli)) { // use fetch_assoc
$id = $row["id"];
}
$_SESSION["email_login"] = $email_login;
$_SESSION["first_name"] = $fn;
$_SESSION["last_name"] = $ln;
header("location: home.php");
exit();
}
else {
echo '<div id="regerrormsg">Login information is invalid. </div>';
}
}
And finally, the profile page that displays the names:
<?php
session_start();
include ( "./inc/connect.inc.php");
if(!isset($_SESSION["email_login"])) {
header("location: index.php");
exit();
}
else {
}
?>
<?php
echo "Delighted to have you here, " .$_SESSION["first_name"]." ".$_SESSION["last_name"].".";
?>
I am stuck and would like help in troubleshooting this, thank you!
EDIT: Here are the html codes:
Login Form:
<form action="index.php" method="POST">
<input type="email" name="email_login" size="60" placeholder="Email" /><br /><br /><br />
<input type="password" name="pass_login" size="60" placeholder="Password" /><br /><br /><br />
<input type="submit" name="login" id="login" value="LOG IN">
</form>
Register Form:
<form action="index.php" method="POST">
<input type="text" name="first_name" size="15" placeholder="First name" /><br /><br /><br />
<input type="text" name="last_name" size="15" placeholder="Last name" /><br /><br /><br />
<input type="email" name="email" size="15" placeholder="Email" /><br /><br /><br />
<input type="email" name="email2" size="25" placeholder="Re-enter email" /><br /><br /><br />
<input type="password" name="password" size="15" placeholder="New password" /><br /><br /><br />
<p5>Birthyear</p5><br />
<div id="date1" class="datefield">
<input id="birth_year" type="tel" name="birth_year" maxlength="4" placeholder="YYYY" />
</div>
<input type="submit" name="reg" value="Sign Up"><br />
</form>
In your Log form, replace this
$logquery = "SELECT id FROM users WHERE email='$email_login' AND password='$pass_login' LIMIT 1";
$sqli = mysqli_query($con, $logquery);
$userCount = mysqli_num_rows($sqli); // Count number of rows returned
// checks the database for respective items
if ($userCount == 1) { //if the search finds a matching record of the login input form
while( $row = mysqli_fetch_assoc($sqli)) { // use fetch_assoc
$id = $row["id"];
}
$_SESSION["email_login"] = $email_login;
$_SESSION["first_name"] = $fn; // -> $fn not defined
$_SESSION["last_name"] = $ln; // -> $ln not defined
header("location: home.php");
exit();
}
else {
echo '<div id="regerrormsg">Login information is invalid. </div>';
}
By this
$logquery = "SELECT * FROM users WHERE email='$email_login' AND password='$pass_login' LIMIT 1";
$sqli = mysqli_query($con, $logquery);
$userCount = mysqli_num_rows($sqli); // Count number of rows returned
// checks the database for respective items
if ($userCount == 1) { //if the search finds a matching record of the login input form
while( $row = mysqli_fetch_assoc($sqli)) { // use fetch_assoc
$id = $row["id"];
$_SESSION["email_login"] = $row["email"];
$_SESSION["first_name"] = $row["first_name"]; // -> retrieve the data from the result of the query
$_SESSION["last_name"] = $row["last_name"];
}
// EDIT: i moved the $_SESSION part above, my bad !
header("location: home.php");
exit();
}
else {
echo '<div id="regerrormsg">Login information is invalid. </div>';
}
Hope it will help.
The database is working, but when I try to login with the info I signed up with it just tells me information is incorrect as I told it to say that but I know info is right. I do not see a problem below so any help is 100% appreciated. Please note Im new to coding to. If you need to see more code I can post. Also I am only using md5 as I was told to sub that in for now and it should work but still nope.
Thanks!
//User login
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["password_login"]); // filter everything but numbers and letters
$password_login_md5 = md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5 LIMIT 1"); // query
//Check for their existence
$valid = md5($password, $hash) === $hash;
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["user_login"] = $user_login;
header("location: home.php");
exit();
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Already a member? Sign in below!</h2>
<form action="index.php" method="POST">
<input type="text" name="user_login" size="25" placeholder="Username" /><br /><br />
<input type="text" name="password_login" size="25" placeholder="Password" /><br /><br />
<input type="submit" name="login" size="25" value="Login!" />
Sign up form.
<?php include ( "./inc/header.inc.php" ); ?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 30 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started!");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields!";
}
}
else
{
echo "Username already taken!";
}
}
else {
echo "Your E-mails don't match!";
}
}
Edit (03/30/2014)
All new code put together.
<?php include ( "./inc/header.inc.php" ); ?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 30 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started!");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields!";
}
}
else
{
echo "Username already taken!";
}
}
else {
echo "Your E-mails don't match!";
}
}
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
// filter everything but numbers and letters
$user_login = strip_tags($_POST['user_login']);
$password_login = strip_tags($_POST["password_login"]);
// md5 to hide the password
$password_login_md5 = md5($password_login);
// check for user in the database
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1");
// checck how many results were found
$usercount = mysql_num_rows($sql);
if ($userCount == 1) {
// if there's only one row, you don't need a while loop as it will only loop once anyway.
$row = mysql_fetch_array($sql);
// set the ID of the user
$id = $row["id"];
// set the user login to session
$_SESSION["user_login"] = $user_login;
// redirect user and exit
header("location: home.php");
exit();
} else {
// a user was not found with that password, show an error
echo 'That information is incorrect, try again.';
exit();
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Already a member? Sign in below!</h2>
<form action="index.php" method="POST">
<input type="text" name="user_login" size="25" placeholder="Username" /><br /><br />
<input type="text" name="password_login" size="25" placeholder="Password" /><br /><br />
<input type="submit" name="login" size="25" value="Login!" />
</form>
</td>
<td width="40%" valign="top">
<h2>Sign Up Below!</h2>
<form action="index.php" method="POST">
<input type="text" name="fname" size="25" placeholder="First Name" /><br /><br />
<input type="text" name="lname" size="25" placeholder="Last Name" /><br /><br />
<input type="text" name="username" size="25" placeholder="Username" /><br /><br />
<input type="text" name="email" size="25" placeholder="Email Address" /><br /><br />
<input type="text" name="email2" size="25" placeholder="Email Address (again)" /><br /><br />
<input type="text" name="password" size="25" placeholder="Password" /><br /><br />
<input type="text" name="password2" size="25" placeholder="Password (again)" /><br /><br />
<input type="submit" name="reg" size="25" value="Sign Up!" />
</form>
</td>
</tr>
</table>
<?php include ( "./inc/footer.inc.php" ); ?>
0) You're missing the closing quote on your password ->
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1"); // query
1) $userCount doesn't seem to be defined anywhere.
$usercount = mysql_num_rows($sql);
1f ($userCount == 1) {...}
It helps to keep your code clean as well, especially when you're learning. Try this.
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
// filter everything but numbers and letters
$user_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["password_login"]);
// md5 to hide the password
$password_login_md5 = md5($password_login);
// check for user in the database
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1");
// checck how many results were found
$usercount = mysql_num_rows($sql);
if ($userCount == 1) {
// if there's only one row, you don't need a while loop as it will only loop once anyway.
$row = mysql_fetch_array($sql);
// set the ID of the user
$id = $row["id"];
// set the user login to session
$_SESSION["user_login"] = $user_login;
// redirect user and exit
header("location: home.php");
exit();
} else {
// a user was not found with that password, show an error
echo 'That information is incorrect, try again';
exit();
}
}
EDIT
One more tip..
Check your query for errors
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1") or die(mysql_error());
you may have misspelled something or not even be connected to the database at all.
EDIT II
You have to handle the username and password exactly the way you handle it your sign up form, if you strip_tags the password before inserting it then you have to strip_tags it before you check it. If you preg_replace it in the login form, but didn't in the sign up form then of course it will be different.
you need to remove these lines
$user_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["password_login"]);
and replace them with
$user_login = strip_tags($_POST['user_login']);
$password_login = strip_tags($_POST["password_login"]);
Don't forget to hit the check mark by my answer.
This is the error i have fill in all fields and it still pops up and an warning that looks like this
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, string given in C:\xampp\htdocs\Site\index.php on line 35
Please fill in all fields
Code:
<?php include ("inc/incfiles/header.inc.php");
?>
<?php
$reg = #$_POST['reg'];
//decalring variables to prevent errors
$fn = $ln = $un = $em = $em2 = $pswd = $pswd2 = $d = $u_check = "";
/**
* Alla dessa variablar nedan bör kunna bytas ut mot det ovan för att göra det lite enklare.
* */
/*$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email2
$pswd = ""; //Password
$pswd2 = ""; // Password2
$d = ""; // Sign Up Date
$u_check = ""; // Check if username exists */
//registration form
$fn = mysql_real_escape_string(#$_POST['fname']);
$ln = mysql_real_escape_string(#$_POST['lname']);
$un = mysql_real_escape_string(#$_POST['username']);
$em = mysql_real_escape_string(#$_POST['email']);
$em2 = mysql_real_escape_string(#$_POST['email2']);
$pswd = mysql_real_escape_string(#$_POST['password']);
$pswd2 = mysql_real_escape_string(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg)
{
if ($em == $em2)
{
//Check if user alredy exists
$un_check = mysql_query("SELECT Count(*) AS count FROM users WHERE username='$un'");
$data=mysql_fetch_assoc("$un_check");
if($data['count'] > 0){
// Username Alredy In Use
}
else{
// Username Free
}
{
//check all of the fields have been filed in
if ($fn && $ln && $un && $em && $em2 && $pswd && $pswd2)
{
// check that passwords match
if ($pswd == $pswd2)
{
// cheack the maximum lenght of of username/first name/last name does not exceed 25 characters
if (strlen($un) > 25 || strlen($fn) > 25 || strlen($ln) > 25)
{
echo "The maximum limit for username/first name/last name is 25 characters!";
} else
{
// check the maximum lenght of password deoes not exceed 25 characters and is not less that 5
if (strlen($pswd) > 30 || strlen($pswd) < 5)
{
echo "Your password must be between 5 and 30 characters long!";
} else
{
//encrypt password and password 2 using md5 berfore sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to Mysite</h2>Login to your account to get started ...");
}
}
} else
{
echo "Your passwords don't match!";
}
} else
{
echo "Please fill in all fields";
}
}
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // Filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); //Filter everything but numbers and letters
$sql = mysql_query ("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Cheack for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) }
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect try again';
exit();
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // Filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); //Filter everything but numbers and letters
$sql = mysql_query ("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Cheack for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) }
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect try again';
exit();
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a Member Loign Below!</h2></br>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="25" name="user_login" id="user_login" placeholder="Username" />
<input type="password" size="25" name="user_password" id="user_password" placeholder="Password" /><br />
<input type="submit" name="button" id="button" value="Login!">
<form>
</td>
<td width="40%" valign="top">
<h2>Sign Up Below</h2>
<form action="#" method="post">
<input type="text" size="25" name="firstname" placeholder="First Name" value="<?php echo $fn; ?>">
<input type="text" size="25" name="lastname" placeholder="Last Name" value="<?php echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<?php echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<?php echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Repeat Email" value="<?php echo $em2; ?>">
<input type="password" size="32" name="password" placeholder="Password">
<input type="password" size="32" name="password2" placeholder="Repeat Password"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
<table>
</body>
</html>
You've put in the variable as a string, simply change
$data=mysql_fetch_assoc("$un_check");
to
$data=mysql_fetch_assoc($un_check);
and it will work ;)
Try
Change
$data=mysql_fetch_assoc("$un_check");
to
$data=mysql_fetch_assoc($un_check);
<input type="text" size="25" name="**firstname**" placeholder="First Name" value="<?php echo $fn; ?>">
<input type="text" size="25" name="**lastname**" placeholder="Last Name" value="<?php echo $ln; ?>">
you need defind the veraibles right: change
<input type="text" size="25" name="**fname**" placeholder="First Name" value="<?php echo $fn; ?>">
<input type="text" size="25" name="**lname**" placeholder="Last Name" value="<?php echo $ln; ?>">
and its will work .
but still need to take a another look at (
**if ($reg)
{
if ($em == $em2)
{ ............. )
its not right ,and work right**
I've created a login + register site. The register page works fine, login too except that when I have to write in my password I have to write in the encrypted version, the md5...
I've done in register page so that their password gets encrypted. How can I make in login page so that they dont need to write their md5 password, just their normal one?
The register.php looks like:
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to InstaWord!</h2>Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Share your texts!</h2>
<img src="img/animation.gif" width="930">
</td>
<td width="40%" valign="top">
<h2>Sign up</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Repeat Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password">
<input type="password" size="25" name="password2" placeholder="Repeat Password"> <br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
And the login.php looks like this:
<?php
session_start();
//This displays your login form
function index(){
echo "<form action='?act=login' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."<input type='submit' value='Login'>"
."</form>";
}
//This function will find and checks if your data is correct
function login(){
//Collect your info from login form
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
//Connecting to database
$connect = mysql_connect("myserver", "username", "password");
if(!$connect){
die(mysql_error());
}
//Selecting database
$select_db = mysql_select_db("database_name", $connect);
if(!$select_db){
die(mysql_error());
}
//Find if entered data is correct
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = mysql_fetch_array($result);
$id = $row['id'];
$select_user = mysql_query("SELECT * FROM users WHERE id='$id'");
$row2 = mysql_fetch_array($select_user);
$user = $row2['username'];
if($username != $user){
die("Username is wrong!");
}
$pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'");
$row3 = mysql_fetch_array($pass_check);
$email = $row3['email'];
$select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'");
$row4 = mysql_fetch_array($select_pass);
$real_password = $row4['password'];
if($password != $real_password){
die("Your password is wrong!");
}
//Now if everything is correct let's finish his/her/its login
session_register("username", $username);
session_register("password", $password);
echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";
}
switch($act){
default;
index();
break;
case "login";
login();
break;
}
?>
Please help me fix this...
You are not using md5 to check while login....
Use $password = md5($_REQUEST['password']); In your login function().
This will take the normal password and check it with encrypted version in database and then will successfully log the user in.
Hope this helps.
You should not apply a strip_tags() to the $_POST['password'], just feed the incoming value to the password hashing function.
To protect your user's passwords, you need to do better than md5 hash the passwords.
You need
a better hashing algorithm: BCrypt hash
add a random salt value
The good news is that you can just use a drop-in library and use that: PHPass
require('PasswordHash.php');
$pwdHasher = new PasswordHash(8, FALSE);
// $hash is what you would store in your database
$hash = $pwdHasher->HashPassword( $_POST['password'] );
// $hash would be the $hashed stored in your database for this user
$checked = $pwdHasher->CheckPassword($_POST['password'], $hash);
if ($checked) {
echo 'password correct';
} else {
echo 'wrong credentials';
}
Encrypt the input password with md5() when you pass the details into sql query while checking correct login details.
$password_encrypt = md5($password);
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password_encrypt '");