We Keep Coding

Can't pass over to another page after logging in to site & It also won't let me log in after filling out the registration form

My site won't let me log into it after filling out the registration form, everything in the database is correct but it just wont let me log in! Also if I do sort out the logging in problem will it let me pass over to 'home.php'? Sorry for being such a novice and thank you for your time in advance!
<?php
session_start();
if(!isset($_SESSION["userlogin"])){
}else{
$username = $_SESSION["userlogin"];
}
?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$first_name = ""; //First Name
$last_name = ""; //Last Name
$username = ""; //Username
$email = ""; //Email
$email2 = ""; //Email 2
$password = ""; //Password
$password2 = ""; // Password 2
$signupdate = ""; // Sign up Date
$usercheck = ""; // Check if username exists
//registration form
$first_name = strip_tags(#$_POST['first_name']);
$last_name = strip_tags(#$_POST['last_name']);
$username = strip_tags(#$_POST['username']);
$email = strip_tags(#$_POST['email']);
$email2 = strip_tags(#$_POST['email2']);
$password = strip_tags(#$_POST['password']);
$password2 = strip_tags(#$_POST['password2']);
$signupdate = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($email==$email2) {
// Check if user already exists
$usercheck = mysql_query("SELECT username FROM users WHERE username='$username'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($usercheck);
//Check whether Email already exists in the database
$echeck = mysql_query("SELECT email FROM users WHERE email='$email'");
//Count the number of rows returned
$emailcheck = mysql_num_rows($echeck);
if ($check == 0) {
if ($emailcheck == 0) {
//check all of the fields have been filed in
if ($username && $first_name && $last_name &&
$email && $email2 && $password && $password2)
{
// check that passwords match
if ($password==$password2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($username)>25 ||
strlen($first_name)>25 ||
strlen($last_name)>25)
{
echo "The maximum limit for username/first name/last name is 25 characters!";
}else {
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($password)>30||strlen($password)<5) {
echo "Your password must be between 5 and 30 characters long!";
}else {
//encrypt password and password 2 using crypt before sending to database
$password = crypt($password);
$password2 = crypt($password2);
$query = mysql_query("INSERT INTO users VALUES ('','$username','$first_name','$last_name','$email','$password','$signupdate','0')");
header("Location: index.php");
exit;
}
}
} else {
echo "Your passwords don't match!";
}
} else {
echo "Please fill in all of the fields";
}
}else{
echo "Sorry, but it looks like someone has already used that email!";
}
}else{
echo "Username already taken ...";
}
}else {
echo "Your E-mails don't match!";
}
}
?>
<?php
//Login Script
if (isset($_POST["userlogin"]) && isset($_POST["passwordlogin"])) {
$userlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["userlogin"]); // filter everything but numbers and letters
$passwordlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["passwordlogin"]); // filter everything but numbers and letters
$cryptpasswordlogin = crypt($passwordlogin);
$sql = mysql_query("SELECT id FROM users WHERE username='$userlogin' AND password='$cryptpasswordlogin' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql);
echo mysql_error();
//Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["userlogin"] = $userlogin;
header("home.php");
exit();
}else{
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div>
<h2>Already a Memeber? Login below ...</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="40" name="userlogin" id="user_login" class="auto-clear" placeholder="Username..." /><p />
<input type="text" size="40" name="passwordlogin" id="password_login" placeholder="Password..." /><p />
<input type="submit" name="button" id="button" value="Login to your account">
</form>
</div>
<div>
<h2>Sign up Below ...</h2>
<form action="#.php" method="post">
<input type="text" size="40" name="username" class="auto-clear" title="Username" placeholder="Username..."><p />
<input type="text" size="40" name="first_name" class="auto-clear" title="First Name" placeholder="First name..."><p />
<input type="text" size="40" name="last_name" class="auto-clear" title="Last Name" placeholder="Last name..."><p />
<input type="text" size="40" name="email" class="auto-clear" title="Email" placeholder="Email..."><p />
<input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" placeholder="Email again..."><p />
<input type="password" size="40" name="password" placeholder="Password..."><p />
<input type="password" size="40" name="password2" placeholder="Password again..."><p />
<input type="submit" name="reg" value="Sign Up!">
</form>
</div>
</div>
</body>
</html>

Please note in this simple test. Using crypt() twice on the same string will not generate the same result.
echo crypt('password') . PHP_EOL;
echo crypt('password') . PHP_EOL;
Results are :
$1$5u1.o45.$QqFY/BeCcln/LO7efiDp61
$1$R55.G3..$LQ9HxetMhV3KmJYM2q8UR/
So when you use crypt() to HASH the password on registration, and then again when you try the login part of your script, even if the user enters the correct password it will NOT generate the same HASH therefore this query will not find the user row
SELECT id
FROM users
WHERE username='$userlogin'
AND password='$cryptpasswordlogin'
LIMIT 1
i.e. crypt() will not generated the same HASH twice from the same string.
Please dont roll your own password hashing. PHP provides password_hash()
and password_verify() please use them.
And here are some good ideas about passwords
If you are using a PHP version prior to 5.5 there is a compatibility pack available here

Data not coming up on database

I followed this tutorial on youtube, for making a social network. I had to register my user. But when I register, nothing shows up on the database.. My files are:
index.php
<?php include ("./inc/header.inc.php");?>
<?php
date_default_timezone_set('UTC');
$reg = #$_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
$un = "";//Username
$em = "";//Email
$em2 = "";//Email 2
$pswd = "";//Password
$pswd2 = "";//Password 2
$d = "";//Sign Up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to findFriends</h2>Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$md5password_login = md5($password_login);
$sql = mysqli_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' AND closed='no' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysqli_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysqli_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div style="float: left;">
<h2>Already a Memeber? Login below ...</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="40" name="user_login" id="user_login" class="auto-clear" title="Username ..." /><p />
<input type="text" size="40" name="password_login" id="password_login" value="Password ..." /><p />
<input type="submit" name="button" id="button" value="Login to your account">
</form>
</div>
<div style="float: right; width: 240px;">
<h2>Sign up Below ...</h2>
<form action="#" method="post">
<input type="text" size="40" name="fname" class="auto-clear" title="First Name" value="<? echo $fn; ?>"><p />
<input type="text" size="40" name="lname" class="auto-clear" title="Last Name" value="<? echo $ln; ?>"><p />
<input type="text" size="40" name="username" class="auto-clear" title="Username" value="<? echo $un; ?>"><p />
<input type="text" size="40" name="email" class="auto-clear" title="Email" value="<? echo $em; ?>"><p />
<input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" value=" <? echo $em2; ?>"><p />
<input type="password" size="40" name="password" value="Password ..."><p />
<input type="password" size="40" name="password2" value="Password ..."><p />
<input type="submit" name="reg" value="Sign Up!">
</form>
</div>
connect.inc.php:
<?php
$con = mysqli_connect("localhost", "root", "password") or die("Unable to connect");
mysqli_select_db($con, "socialnetworkdatabase") or die("Could not open the db");
mysqli_close($con);
?>
When I open the database on phpmyadmin, It shows : MySQL returned an empty result set (i.e. zero rows). (Query took 0.0000 seconds.)
I edited the code index.php and it looks like this:
<?php include ("./inc/header.inc.php");?>
<?php include("./inc/connect.inc.php");?>
<?php
$con = mysqli_connect("localhost" ,"root" ,"iamanasian", "theworlddatabase" );
date_default_timezone_set('UTC');
if(isset($_POST['reg'])){
$reg = $_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
$un = "";//Username
$em = "";//Email
$em2 = "";//Email 2
$pswd = "";//Password
$pswd2 = "";//Password 2
$d = "";//Sign Up Date
$u_check = ""; // Check if username exists
//registration form
$fn = stripslashes($_POST['fname']);
$fn = mysqli_real_escape_string($con,$_POST['fname']);
$ln = stripslashes($_POST['lname']);
$ln = mysqli_real_escape_string($con,$_POST['lname']);
$un = stripslashes($_POST['username']);
$un = mysqli_real_escape_string($con,$_POST['username']);
$em = stripslashes($_POST['email']);
$em = mysqli_real_escape_string($con,$_POST['email']);
$em2 = stripslashes($_POST['email2']);
$em2 = mysqli_real_escape_string($con,$_POST['email2']);
$pswd = stripslashes($_POST['password']);
$pswd = mysqli_real_escape_string($con,$_POST['password']);
$pswd2 = stripslashes($_POST['password2']);
$pswd2 = mysqli_real_escape_string($con,$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysqli_query($con, "SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysqli_query($con,"SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query($con,"INSERT INTO users (id, username, first_name, last_name, email, password, sign_up_date, activated ) VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to findFriends</h2>Login to your account to get started ..." ) or die(mysqli_error($con));
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Enter the New World Today!</h2>
</td>
<td width="40%" valign="top">
<h2>Sign Up Below!</h2>
<form action="#" method="POST">
<input type="text" name="fname" size="25" placeholder="First Name"><br/> <br/>
<input type="text" name="lname" size="25" placeholder="Last Name"><br/><br/>
<input type="text" name="username" size="25" placeholder="Username"><br/><br/>
<input type="text" name="email" size="25" placeholder="Email"><br/><br/>
<input type="text" name="email2" size="25" placeholder="Re-enter Email"><br/><br/>
<input type="password" name="password" size="25" placeholder="Password"><br/><br/>
<input type="password" name="password2" size="25" placeholder="Re-enter Password"><br/><br/>
<input type="submit" name="reg" value="Enter The World!">
</form>
</td>
</tr>
</table>
<?php include ("./inc/footer.inc.php");?>
And it's still not working

Firstly, you are not passing the DB connection variable $con to any of your queries, it's required.
$u_check = mysqli_query("SELECT username FROM users WHERE username='$un'");
$e_check = mysqli_query("SELECT email FROM users WHERE email='$em'");
$query = mysqli_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
$sql = mysqli_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' AND closed='no' LIMIT 1"); // query the person
Use it like this and do the same for the others:
mysqli_query($con, "SELECT ...
mysqli_query($con, "INSERT ...
Sidenote about your INSERT: It is best to include the actual columns when doing an INSERT.
I.e.: INSERT INTO table (column_x, column_y) VALUES ('value_x', 'value_y')
You're also potentially missing session_start(); since you are using sessions, it is required and to be placed at the top of every file using sessions.
You should be using or die(mysqli_error($con)) to mysqli_query() in order to get the errors, if any.
Also, adding this to the top of your files:
error_reporting(E_ALL);
ini_set('display_errors', 1);
Sidenote: Error reporting should only be done in staging, and never production.
Remove the # symbols from your POST variables; they suppress potential errors.
Plus, instead of strip_tags() which strips out HTML and PHP tags from a string, use mysqli_real_escape_string() and stripslashes()
I.e.:
$fn = stripslashes($_POST['fname']);
$fn = mysqli_real_escape_string($con,$_POST['fname']);
and do the same for the others.
Your present code is open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements.
For password storage, use any of the following and do not use MD5, it is old and considered broken.
CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack.
Edit:
Place the following and wrap the braces within the code you wish to execute:
// This is related to your named submit button
if(isset($_POST['reg'])){
// code to execute
}
which is why you're getting an Undefined index: reg notice.
Edit #2:
Place the following and wrap the braces within the code you wish to execute:
<?php include ("./inc/header.inc.php");?>
<?php
date_default_timezone_set('UTC');
if(isset($_POST['reg'])){
$reg = $_POST['reg'];
//declaring variables
$fn = "";//First name
$ln ="";//Last name
// put the rest of your code
}
}
} // closing brace for if(isset($_POST['reg']))
?>
<div style="float: left;">
// rest of your code
Parse error: syntax error, unexpected '{
that is most likely caused by short tags not being set.
change
<?
//Login Script
to
<?php
//Login Script

User login won't work?

The database is working, but when I try to login with the info I signed up with it just tells me information is incorrect as I told it to say that but I know info is right. I do not see a problem below so any help is 100% appreciated. Please note Im new to coding to. If you need to see more code I can post. Also I am only using md5 as I was told to sub that in for now and it should work but still nope.
Thanks!
//User login
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["password_login"]); // filter everything but numbers and letters
$password_login_md5 = md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5 LIMIT 1"); // query
//Check for their existence
$valid = md5($password, $hash) === $hash;
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["user_login"] = $user_login;
header("location: home.php");
exit();
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Already a member? Sign in below!</h2>
<form action="index.php" method="POST">
<input type="text" name="user_login" size="25" placeholder="Username" /><br /><br />
<input type="text" name="password_login" size="25" placeholder="Password" /><br /><br />
<input type="submit" name="login" size="25" value="Login!" />
Sign up form.
<?php include ( "./inc/header.inc.php" ); ?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 30 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started!");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields!";
}
}
else
{
echo "Username already taken!";
}
}
else {
echo "Your E-mails don't match!";
}
}
Edit (03/30/2014)
All new code put together.
<?php include ( "./inc/header.inc.php" ); ?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sighn up date and time
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un' ");
// Count the amount of rows where username - $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
// Check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// Check that passwords match
if ($pswd==$pswd2) {
// Check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// Check the maximum length of password does not exceed 30 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to YouBook</h2>Login to your account to get started!");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields!";
}
}
else
{
echo "Username already taken!";
}
}
else {
echo "Your E-mails don't match!";
}
}
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
// filter everything but numbers and letters
$user_login = strip_tags($_POST['user_login']);
$password_login = strip_tags($_POST["password_login"]);
// md5 to hide the password
$password_login_md5 = md5($password_login);
// check for user in the database
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1");
// checck how many results were found
$usercount = mysql_num_rows($sql);
if ($userCount == 1) {
// if there's only one row, you don't need a while loop as it will only loop once anyway.
$row = mysql_fetch_array($sql);
// set the ID of the user
$id = $row["id"];
// set the user login to session
$_SESSION["user_login"] = $user_login;
// redirect user and exit
header("location: home.php");
exit();
} else {
// a user was not found with that password, show an error
echo 'That information is incorrect, try again.';
exit();
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Already a member? Sign in below!</h2>
<form action="index.php" method="POST">
<input type="text" name="user_login" size="25" placeholder="Username" /><br /><br />
<input type="text" name="password_login" size="25" placeholder="Password" /><br /><br />
<input type="submit" name="login" size="25" value="Login!" />
</form>
</td>
<td width="40%" valign="top">
<h2>Sign Up Below!</h2>
<form action="index.php" method="POST">
<input type="text" name="fname" size="25" placeholder="First Name" /><br /><br />
<input type="text" name="lname" size="25" placeholder="Last Name" /><br /><br />
<input type="text" name="username" size="25" placeholder="Username" /><br /><br />
<input type="text" name="email" size="25" placeholder="Email Address" /><br /><br />
<input type="text" name="email2" size="25" placeholder="Email Address (again)" /><br /><br />
<input type="text" name="password" size="25" placeholder="Password" /><br /><br />
<input type="text" name="password2" size="25" placeholder="Password (again)" /><br /><br />
<input type="submit" name="reg" size="25" value="Sign Up!" />
</form>
</td>
</tr>
</table>
<?php include ( "./inc/footer.inc.php" ); ?>

0) You're missing the closing quote on your password ->
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1"); // query
1) $userCount doesn't seem to be defined anywhere.
$usercount = mysql_num_rows($sql);
1f ($userCount == 1) {...}
It helps to keep your code clean as well, especially when you're learning. Try this.
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
// filter everything but numbers and letters
$user_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["password_login"]);
// md5 to hide the password
$password_login_md5 = md5($password_login);
// check for user in the database
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1");
// checck how many results were found
$usercount = mysql_num_rows($sql);
if ($userCount == 1) {
// if there's only one row, you don't need a while loop as it will only loop once anyway.
$row = mysql_fetch_array($sql);
// set the ID of the user
$id = $row["id"];
// set the user login to session
$_SESSION["user_login"] = $user_login;
// redirect user and exit
header("location: home.php");
exit();
} else {
// a user was not found with that password, show an error
echo 'That information is incorrect, try again';
exit();
}
}
EDIT
One more tip..
Check your query for errors
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1") or die(mysql_error());
you may have misspelled something or not even be connected to the database at all.
EDIT II
You have to handle the username and password exactly the way you handle it your sign up form, if you strip_tags the password before inserting it then you have to strip_tags it before you check it. If you preg_replace it in the login form, but didn't in the sign up form then of course it will be different.
you need to remove these lines
$user_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', ' ', $_POST["password_login"]);
and replace them with
$user_login = strip_tags($_POST['user_login']);
$password_login = strip_tags($_POST["password_login"]);
Don't forget to hit the check mark by my answer.

PDO reg form results in "Please fill in all fields" when all fields are filled in

I am building a social network, and trying to implement PDO instead of mysql, and I haven't finished implementing all of the PDO because I can't find a way to make a working version of PDO for inserting my table values. I have no clue why it is resulting in this but here is the code. As the title says, with the PDO code I have provided, I fill in all of the fields, click sign up, and it displays "Please fill in all fields" at the top of the header. If more code is needed (for other .php pages please comment, as I do not know what all is needed. I picked the ones that I knew went together.).
original working mysql code to insert user's input into the database
("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
Index.php
<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$statement = $db->prepare('SELECT username FROM users WHERE username= :username');
//query succeeded
if ($statement->execute(array(':username' => $un))) {
//user exists
if ($statement->rowCount() > 0){
//check all of the fields have been filled in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the length of the password is between 5 and 30 characters long
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
//prepare the SQL statement
$db_connect = $db->prepare
("INSERT INTO users(
fname,
lname,
username,
email,
password,
d,
0
)
Value (
:fn,
:ln,
:un,
:em,
:pswd,
:d,
0
)"
);
//bind the parameters
$db_connect->bindParam(':fn', $fn);
$db_connect->bindParam(':ln', $ln);
$db_connect->bindParam(':un', $un);
$db_connect->bindParam(':em', $em);
$db_connect->bindParam(':pswd', $pwsd);
$db_connect->bindParam(':d', $d);
//execute the prepared statement
$db_connect->execute();
}
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all fields";
}
}
else
{
echo "Username already taken.";
}
}
else {
echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$password_login=md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_Session["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div style="float: left;">
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login below.</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="25" name="user_login" id="user_login" placeholder="username" title="username"/>
<br />
<input type="password" size="25" name="password_login" id="password_login" placeholder="password" title="Password"/>
<br />
<input type="submit" name="button" id="button" value="Login to your account!">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign up below...</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" title="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" title="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" title="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" title="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Re-enter Email" title="Re-enter Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password" title="Password" value="<? echo $pswd; ?>">
<input type="password" size="25" name="password2" placeholder="Re-enter Password" title="Re-enter Password" value="<? echo $pswd2; ?>"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
header.inc.php
<?
include ("inc/scripts/db_connect.inc.php");
session_start();
if (!isset($_SESSION["user_login"])) {
}
else
{
header("location: home.php");
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="img/find_friends_logo.png">
</div>
<div class="search_box">
<form method="get" action="search.php" id="search">
<input name="q" type="text" size="60" placeholder="Search..." />
</form>
</div>
<div id="menu">
Home
About
Sign Up
Login
</div>
</div>
</div>
<br />
<br />
<br />
<br />
db_connect.inc.php
<?
$db = new PDO('mysql:host=localhost;dbname=socialnetwork', '*********', '*********');
?>
results after taking off #
Notice: Undefined index: reg in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 3
Notice: Undefined index: fname in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 14
Notice: Undefined index: lname in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 15
Notice: Undefined index: username in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 16
Notice: Undefined index: email in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 17
Notice: Undefined index: email2 in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 18
Notice: Undefined index: password in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 19
Notice: Undefined index: password2 in C:\xampp\htdocs\tutorial\FindFriends\index.php on line 20

ERROR 310: too many redirects. Occurring with php coded pages for website I am coding

I am currently coding pages for a social network (it's only going to run locally) for my senior project and I am running in to these redirect errors that I have no clue on how to solve. There are around three pages that have the 'header('location:...') code in it. I didn't know what it would do at the different levels of coding so I put all of the coding with an equal amount of indention.
index.php
<? include("inc/incfiles/header.inc.php"); ?>
<?
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up Date
$u_check = ""; //Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filled in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the length of the password is between 5 and 30 characters long
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','d','0')");
die("<h2>Welcome to Rebel Connect</h2>Login to your account to get started.");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all fields";
}
}
else
{
echo "Username already taken.";
}
}
else {
echo "Your e-mails don't match!";
}
}
?>
<?
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["user_password"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); // filter everything but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]); // filter everything but numbers and letters
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_Session["password_login"] = $password_login;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login below.</h2>
<form>
<input type="text" size="25" name="user_login" id="user_login" placeholder="username" />
<input type="password" size="25" name="user_password" id="user_password" placeholder="password" /><br />
<input type="submit" name="button" id="button" value="Login to your account!">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign up below...</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Re-enter Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password" value="<? echo $pswd; ?>">
<input type="password" size="25" name="password2" placeholder="Re-enter Password" value="<? echo $pswd2; ?>"><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
header.inc.php
<?
include ("inc/scripts/mysql_connect.inc.php");
// starts the session
session_start();
// checks whether the user is logged in or not
$user = $_SESSION["user_login"];
if (!isset($_SESSION["user_login"])) {
header("location: index.php");
exit();
}
else
{
header("location: home.php");
exit();
}
?>
<html>
<head>
<link href="css/main.css" rel="stylesheet" type="text/css">
<title>Rebel Reach - PHS Student Social Network</title>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="img/find_friends_logo.png">
</div>
<div class="search_box">
<form method="get" action="search.php" id="search">
<input name="q" type="text" size="60" placeholder="Search..." />
</form>
</div>
<div id="menu">
Home
About
Sign Up
Login
</div>
</div>
</div>
<br />
<br />
<br />
<br />
home.php
<?
session_start();
$user = $_SESSION["user_login"];
//If the user is not logged in
if (!isset($_SESSION["user_login"])) {
header('location: index.php');
exit();
}
else
{
//If the user is logged in
echo "Hi, $user, You're logged in<br />Welcome to what is soon to be your NEWSFEED";
}
?>

You've got a catch-22 in your code:
index.php includes your function library
the function library checks for the existence of that session variable.
if the variable doesn't exist, redirect to index.php
e.g. you've written a very complicated version of the classic BASIC 10 GOTO 10.