Register wont work?

[syco]

For some reason it says there is an invalid key or something... dusacomp.zxq.net/register.phptry and register and it says:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/zxq.net/d/u/s/dusacomp/htdocs/register.php on line 28Warning: Cannot modify header information - headers already sent by (output started at /www/zxq.net/d/u/s/dusacomp/htdocs/register.php:28) in /www/zxq.net/d/u/s/dusacomp/htdocs/register.php on line 37

<?phprequire_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'register'){  $email = trim($_POST['email']); // trim to remove whitespace  $name = trim($_POST['username']); // trim to remove whitespace  $password = $_POST['password'];  $conf_password = $_POST['conf_password'];  if (!isValidEmail($email))	$error_string .= 'Please enter a valid email address.<br>';  if ($name == '')	$error_string .= 'Please enter your name.<br>';  if (strlen(trim($password)) < 6)	$error_string .= 'You must enter a password of at least 6 characters.<br>';  if ($password != $conf_password)	$error_string .= 'The password and confirmation password do not match.<br>';  if ($error_string == '')  {	$result = db_query("SELECT id FROM users WHERE email='" . mysql_real_escape_string($email) . "'");	if (mysql_num_rows($result) > 0)	  $error_string .= 'That email address is already registerd.<br>';	else	{	  $email = mysql_real_escape_string($email); // protect against SQL attacks	  $name = mysql_real_escape_string($name);	  $password = sha1($password); // hash password	  	  db_query("INSERT INTO users (email, name, password) VALUES ('{$email}', '{$name}', '{$password}')");	  header('Location: thankyou.php');	  exit();	}  }}function isValidEmail($email = ''){	return preg_match("/^[\d\w\/+!=#|$?%{^&}*`'~-][\d\w\/\.+!=#|$?%{^&}*`'~-]*@[A-Z0-9][A-Z0-9.-]{1,61}[A-Z0-9]\.[A-Z]{2,6}$/ix",$email);}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>	<title>Register</title>	<style type="text/css">	.error_text {	  color: #FF0000;	  width: 400px;	  text-align: center;	}	.left_box {	  float: left;	  width: 150px;	  text-align: right;	  padding-right: 5px;	}	.right_box {	  clear: right;	}	</style>  </head>  <body>	<div class="error_text"><?php echo $error_string; ?></div>	<form action="register.php" method="post">	<input type="hidden" name="page_mode" value="register">	<div class="left_box">Email address</div>	<div class="right_box"><input type="text" name="email" size="30" maxlength="255" value="<?php if (isset($email)) echo $email; ?>"></div>	<div class="left_box">Username</div>	<div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($name)) echo $name; ?>"></div>	<div class="left_box">Password</div>	<div class="right_box"><input type="password" name="password" size="30"></div>	<div class="left_box">Confirm Password</div>	<div class="right_box"><input type="password" name="conf_password" size="30"></div>	<div class="left_box"> </div>	<div class="right_box"><input type="submit" value="Register" size="30"></div>	</form>  </body></html>

[Ingolme]

Can you show me where you declared the function db_query()? I'd say there's something wrong with it.Why not try mysql_query() instead?

[syco]

In the required file db.php

<?php$con = mysql_connect('localhost', '*********************', '*******'); // host, username, passwordmysql_select_db('**********************', $con);function db_query($sql){  return mysql_query($sql, $GLOBALS['con']);}?>

Also it said something about my mysql_num_rows() code

[Ingolme]

I recommend you edit your post and hide your information of the mysql_connect() function for security.Why not writing echo mysql_error(); to see what it tells you?

[syco]

1st i dont know where to put it but i put it there anyways, and nothing changed when i put it where i think it went...

[Ingolme]

Put it here:

   $result = db_query("SELECT id FROM users WHERE email='" . mysql_real_escape_string($email) . "'");   echo "<strong>Error:</strong> " . mysql_error();

And check what the page outputs when you run it.

[syco]

It basically said i had to move the header, but i don't know where to mover it

Error: Warning: Cannot modify header information - headers already sent by (output started at /www/zxq.net/d/u/s/dusacomp/htdocs/register.php:28) in /www/zxq.net/d/u/s/dusacomp/htdocs/register.php on line 38

[Ingolme]

OK, I wasn't thinking about that.Try this instead:

 if ($error_string == '')  {	$result = db_query("SELECT id FROM users WHERE email='" . mysql_real_escape_string($email) . "'");	$error_string = "<strong>Error:</strong> " . mysql_error();	...	...

[syco]

nothing happened but now when i register nothing comes up in the table

[Ingolme]

Well, let's get down to the basics:SELECT id FROM users WHERE email=' something '1. Is there a field id?2. Is there a table called users?3. Is there a field email and is it spelled that way?

[syco]

Register works now, so does login. but when you logged in your username won't appear where i specified it to.Just register and login so you know what i mean. http://dusacomp.zxq.net

<?phpsession_start();?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>	<title>Index</title>  </head>  <body>	<?php	if (isset($_SESSION['user_id']))	{	?>	Hello, <?php echo $_SESSION['user_username']; ?>, what do you think you're doing?  I'm sorry, <?php echo $_SESSION['user_username']; ?>, I can't let you do that.	<br><br>	<a href="logout.php">Log out</a>	<?php	}	else	{	?>	Click <a href="register.php">here</a> to register or click <a href="login.php">here</a> to log in.	<?php	}	?>  </body></html>

[Wander]

are you sure u saved the username in $_SESSION['user_username']?, else try print_r($_SESSION); to see whats stored in the session

[syco]

yes i was sure but when i plugged in that code it says there is no username... try registering and logging in your self

[justsomeguy]

If it's saying no one is logged in then $_SESSION['user_id'] is not being set.

[syco]

it is set other wise it would tell you to register or login

[justsomeguy]

Right, I thought that was the problem. If the user name just isn't being printed then you're not saving the username in the variable that you're printing. That should be obvious. If you're printing $_SESSION['user_username'], and it's not printing anything, then there's nothing in it. Check the login page to see what is being set.

[syco]

i don't know exactly what being set b/c it was your code with a couple changes.

<?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){  $username = $_POST['username'];  $password = $_POST['password'];  if (trim($username) == '' || trim($password) == '')	$error_string .= 'Please enter your username and password.<br>';  else  {	$result = db_query("SELECT id, email, password FROM users WHERE username='" . mysql_real_escape_string($username) . "'");	if (!($row = mysql_fetch_assoc($result)))	  $error_string .= 'The username was not found.<br>';	elseif ($row['password'] != sha1($password))	  $error_string .= 'The password did not match.<br>';	else	{	  $_SESSION['user_id'] = $row['id'];	  $_SESSION['user_username'] = $row['username'];	  $_SESSION['user_email'] = $row['email'];	  header('Location: index.php');	  exit();	}  }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>	<title>Login</title>	<style type="text/css">	.error_text {	  color: #FF0000;	  width: 400px;	  text-align: center;	}	.left_box {	  float: left;	  width: 150px;	  text-align: right;	  padding-right: 5px;	}	.right_box {	  clear: right;	}	</style>  </head>  <body>	<div class="error_text"><?php echo $error_string; ?></div>	<form action="login.php" method="post">	<input type="hidden" name="page_mode" value="login">	<div class="left_box">Username</div>	<div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($email)) echo $email; ?>"></div>	<div class="left_box">Password</div>	<div class="right_box"><input type="password" name="password" size="30"></div>	<div class="left_box"> </div>	<div class="right_box"><input type="submit" value="Log In" size="30"></div>	</form>  </body></html>

[justsomeguy]

One of the changes messed it up. You're saving $row['username'] into $_SESSION['user_username'], but you're not getting the username from the database. Either get the username from the database or save the $username variable instead of $row['username'].