register/login scripts

[JC5]

Ok I have created the register scripts perfectly. they register the person and add to database and send activation email and everything. then I created a login thing but the login doesn't reference to the database to check if the user is there.I'm not quite sure what to post because all in all i have like 10 files i would have to post here. but th names of my documents (so you get the general idea and u can maybe post what i should post code wise)activate.php (should be fine, no relevance)admin.php (error because it doesn't reference. Note: not tested because i cant get signed in)config.php (this is for the registration which works but i may have to reference but i dont know)index.php (this is page where i sign in, most likely problem here)login.php (i haven't used this page really yet.)logout.php (I know this page should work)process.php (I forget what this is about, should work i think but dont take my word on it)register.php (works fine, go try it out)So just tell me what files to produce and ill produce it. Not quite sure where to start except for maybe index.php or config or login or process

[justsomeguy]

The register page should give an example of using the database, or the activate page might be another example of getting a record from the database. You just need to get the name the user entered on the login form and their password, get a record from the database that matches the user name, if there aren't any records show an error that the username wasn't found, or else check the password they entered with the password you got from the database and either show an error or set the session. There is an example of registering and logging in users here:http://w3schools.invisionzone.com/index.php?showtopic=12509Is this something you made yourself or did you get the code from somewhere else?

[JC5]

I made the code myself. Ok the problem was there were 2 different databases and i changed one to the one it should i tink. now i have an error in process.php

<?phpsession_start();		// Shows we are using sessions$dbHost = 'localhost';$dbUser = '*****';$dbPass = '********';$dbname = '****_member';	$username = $_POST['username'];	// Gets the inputted username from the form$password = $_POST['password'];	// Gets the inputted password from the form$time = time();			// Gets the current server time$check = $_POST['setcookie'];		// Checks if the remember me button was ticked$db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Codemysql_select_db($dbname,$db);					 // Connects to database$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);if(mysql_num_rows($result)) {	// If the username and password are correct do the following;   $_SESSION['loggedin'] = 1;		// Sets the session 'loggedin' to 1	if($check) {	// Check to see if the 'setcookie' box was ticked to remember the user	setcookie("DevWebSites[username]", $username, $time + 3600);		// Sets the cookie username	setcookie("DevWebSites[password]", $password, $time + 3600);	// Sets the cookie password	}   header('Location: http://www.devwebsites.com/admin.php'); // Forwards the user to this URL   exit();}else	// If login is unsuccessful forwards the user back to the index page with an error{   header('Location: http://www.devwebsites.com/index.php?error=1');   exit();}?>

Heres the errorWarning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/****/public_html/process.php on line 15Warning: Cannot modify header information - headers already sent by (output started at /home/****/public_html/process.php:15) in /home/ericr/public_html/process.php on line 29

[Ingolme]

I'm not sure why your query won't work, but you should echo mysql_error(); to get more information about it.About the second warning, you're calling session_start() after some content has already been written.Aside from that, you have a security problem here:

$username = $_POST['username'];	// Gets the inputted username from the form$password = $_POST['password'];	// Gets the inputted password from the form...$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";

People can use SQL injection to do other things in your database, like:$password = "a'; DROP TABLE login;";Or something similar to that.

[JC5]

so you want me to change the variable name?

[JC5]

Also just to avoid the error I have decided to drop the header thing for now and only have the first errorheres my process.php

<?phpsession_start();		// Shows we are using sessions$dbHost = 'localhost';$dbUser = '**';$dbPass = '**';$dbname = '**';	$username = $_POST['username'];	// Gets the inputted username from the form$password = $_POST['password'];	// Gets the inputted password from the form$time = time();			// Gets the current server time$check = $_POST['setcookie'];		// Checks if the remember me button was ticked$db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Codemysql_select_db($dbname,$db);					 // Connects to database$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);echo mysql_error();if(mysql_num_rows($result)) {	// If the username and password are correct do the following;   $_SESSION['loggedin'] = 1;		// Sets the session 'loggedin' to 1	if($check) {	setcookie("DevWebSites[username]", $username, $time + 3600);			setcookie("DevWebSites[password]", $password, $time + 3600);		}   exit();}else   {   exit();}?>

and I echoed it and i dotn know if i echoed in the right spot but.. the error wasNo database selectedWarning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/process.php on line 16obviously the database probably had a wrong name or something but i have the name correct and am sure of it. maybe another file has a different database registered???

[Ingolme]

Apparently no database has been selected. Are you sure you're selecting the right database? It's the only reason this could be happening.

[JC5]

hmm i have the same database name in all my files..lets c..alsoParse error: syntax error, unexpected $end in /home/ericr/public_html/process.php on line 30i have that with this code

<?phpsession_start();$dbHost = 'localhost';$dbUser = '*';$dbPass = '*';$dbname = '*';	$username = $_POST['username'];$password = $_POST['password'];$time = time(); $check = $_POST['setcookie'];$db = mysql_connect($dbHost,$dbUser,$dbPass);mysql_select_db($dbname,$db); $query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);if(mysql_num_rows($result)) {   $_SESSION['loggedin'] = 1;	if($check) {	setcookie("DevWebSites['username']", $username, $time + 3600);			setcookie("DevWebSites['password']", $password, $time + 3600);     exit();}else{   exit();}?>

ill try lookin through all the files

[JC5]

Ok well i found one error. one of the files had ***_members instead of member but now when i go to register script it says it cant find db..

[justsomeguy]

You made the code yourself, but you don't know what some of the files do and you're able to insert a user but not check them? That seems strange.About the SQL injection, changing variable names doesn't help. The MySQL extension for PHP doesn't let you run more than one query at once, so people won't be able to drop your table, but they can sign in. If someone types in this for both the user name and password:' OR '' = 'then this is the query you send to the database:SELECT user, pass FROM login WHERE user = '' OR '' = '' AND pass = '' OR '' = ''which is always going to return a result, and since you're only checking if the query returned results then they will get access to your site. You need to use a function like mysql_real_escape_string to sanitize any user input that you put in a query without validating, and it would also be a good idea to select the password from the database where the row matches the user name and then check if the password in the row is the same as the password they entered instead of just checking if the query returned more than 0 records.

maybe another file has a different database registered???

That could only be true if you included process.php from another page, but even if another page was using a different database it should still work in process.php because you're saving the return value from mysql_connect and using that to select the database and run the query. So if the database name is correct then it should work.

[Ingolme]

There's nothing I can do to help with that, since it's all down to connecting to the right server, with the right user and password, and then selecting the right database.If you've spelled any of them wrong it won't work.

[JC5]

hmm..turns out it was db name **_members not **_member..changed it and am trying the scripts now

[JC5]

yep in process.php same errorParse error: syntax error, unexpected $end in /home/ericr/public_html/process.php on line 30heres process.php

<?phpsession_start();$dbHost = 'localhost';$dbUser = '*';$dbPass = '*';$dbname = '**';	$username = $_POST['username'];$password = $_POST['password'];$time = time(); $check = $_POST['setcookie'];$db = mysql_connect($dbHost,$dbUser,$dbPass);mysql_select_db($dbname,$db); $query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);if(mysql_num_rows($result)) {   $_SESSION['loggedin'] = 1;	if($check) {	setcookie("DevWebSites['username']", $username, $time + 3600);			setcookie("DevWebSites['password']", $password, $time + 3600);     exit();}else{   exit();}?>

ok time to get everything coveredsetcookie("DevWebSites['password']", $password, $time + 3600); does the devwebsites name matter? could i technically switch that to anything? hmm and from the index.php which refers to process.php to loginmysql_select_db($dbname,$db); do i need to replace &dbname or &db with the actual database name?

[Ingolme]

You've forgotten a closing brace for this line:if(mysql_num_rows($result)) {

[JC5]

Nice eye there ingol but new error!Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/ericr/public_html/process.php on line 18

<?phpsession_start();$dbHost = 'localhost';$dbUser = '*';$dbPass = '*';$dbname = '*';	$username = $_POST['username'];$password = $_POST['password'];$time = time(); $check = $_POST['setcookie'];$db = mysql_connect($dbHost,$dbUser,$dbPass);mysql_select_db($dbname,$db); $query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);if(mysql_num_rows($result)) {   $_SESSION['loggedin'] = 1;	if($check) {	setcookie("DevWebSites['username']", $username, $time + 3600);			setcookie("DevWebSites['password']", $password, $time + 3600);     exit();}else{   exit();}}?>

man if i get this working im definately saving these files for future work :/

[Ingolme]

echo mysql_error() again to see why that's happening.

[JC5]

Table 'ericr_members.login' doesn't existis errori no what that means. guess i hvae to create that table

[JC5]

Thanks for all the help guys it works now.

[JC5]

Ok new problem I am trying to get it if the person is logged in then it will displayWelcome (username)Forums UserCPLogoutand if it doesnt it displays the form for login it displays errorParse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/ericr/public_html/index.php on line 146but ive been combing it for the past half an hour trying new things and cant figure it out

<?phpif(isset($_COOKIE['DevWebSites']))// If the cookie DevWebSites is set, do the following;{$dbHost = 'localhost';// Database Connection Details - Host$dbUser = '**';// Database Connection Details - Username$dbPass = '*';// Database Connection Details - Password$dbname = '**';// Database Connection Details - Database Name$username = $_COOKIE['DevWebSites']['username'];// Select the username from the cookie$password = $_COOKIE['DevWebSites']['password'];// Select the password from the cookie$db = mysql_connect($dbHost,$dbUser,$dbPass);	 // Connection Codemysql_select_db($dbname,$db);					 // Connects to database$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);if(mysql_num_rows($result))		 // If the login information is correct do the following;	{	$_SESSION['loggedin'] = 1;	// Set the session 'loggedin' to 1 and forward the user to the admin page	header('Location: http://www.devwebsites.com/');	exit();	}}/*	If the cookie doesn't exist or the login	information  stored within the cookies	are   wrong   show   the   login   form.*/if ($_SESSION['loggedin'] = 0) {?><form method="post" name="cookie" action="process.php"><p><label for="username">Username : <input type="text" name="username" id="username" /></label></p><p><label for="password">Password : <input type="password" name="password" id="password" /></label></p><p><input type="checkbox" name="setcookie" value="setcookie" /> Remember Me</p><p><input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" /></p></form><?php}if (isset($_GET['error']) AND !empty($_GET['error'])){	echo 'Invalid login data supplied. Please try again.';}else{echo "Welcome <a href="http://www.devwebsites.com/profile/$Username"$Username</a><br />";  <--Line 146?><br /><ul><li><a href="http://www.devwebsites.com/forums/usercp.php"Forums UserCP</a></li><li><a href="http://www.devwebsites.com/logout.php"Logout</a></li>

[Ingolme]

You should notice that you're closing the string hereecho "Welcome <a href=-->"<--http://www.devwebsites.com/profile/$Username"$Username</a><br />";Aside from that, this condition is always going to return true:if ($_SESSION['loggedin'] = 0) {

[justsomeguy]

A syntax error means the code is not formatted correctly, usually something is left out. If it's complaining about an expected string then either a semicolon or dot operator was probably left out.

Aside from that, this condition is always going to return true:if ($_SESSION['loggedin'] = 0) {

Actually, it will always evaluate to false.

[JC5]

You should notice that you're closing the string hereecho "Welcome <a href=-->"<--http://www.devwebsites.com/profile/$Username"$Username</a><br />";

Ah thanks ingol me i switched hte " for ' and it worked good Parse error: syntax error, unexpected $end in /home/ericr/public_html/index.php on line 330and 330 is the end of the document and itried seeing where the ?> and the <?php's were and they all seem to work fine :)

[justsomeguy]

Ah thanks ingol me i switched hte " for ' and it worked good

No it didn't, it worked well.Unexpected end usually means there's an open bracket { with no closing one.

[JC5]

Wow you were totally right I missed one, but it still displayed the same error. I went back and combed thru it twice and it still came up with the error. Ok in an attempt to amend this I will post my entire index.php file Just in case

<?phpsession_start();?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head><meta name="description" content="*" /><meta name="keywords" content="*" /><meta name="author" content="Author: Eric Reese" /><script type="text/javascript" src="bookmark.js"></script><link rel="icon" type="image/png" href="/logo.png" /><title>DevWebSites.com || Your source for web development and design ||</title><link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /><link href="http://www.devwebsites.com/style.css" rel="stylesheet" type="text/css" /></head><body><div id="ipbwrapper"><div id="logostrip"><a href="/"><!--ipb.logo.start--><img src="logo_devweb.jpg" alt="IPB" class="c1" width="100%" border="0" height="210px" /></a><!--ipb.logo.end--></div><div id="submenu"><p class="home"><!--ipb.leftlinks.start--><a>www.DevWebSites.com</a><!--ipb.leftlinks.end--></p><p><!--ipb.rightlinks.start--><a href="http://www.devwebsites.com/contact.php">Contact</a><a href="/sitemap.xml">Site Map</a> <a href="http://devwebsites.com/forums/memberlist.php">Members</a><!--ipb.rightlinks.end--></p></div></div><div id="myass-content" class="c3"></div><div id="loading-layer" class="c6"><table width="100%" align="center" border="0" cellpadding="0" cellspacing="1"><tbody><tr><td valign="top" width="100%"><div class="borderwrap maintitlecollapse c7" id="fc_announcement"><p>Announcement</p></div><div class="borderwrap c8" id="fo_announcement"><div class="maintitle"><p>Announcements</p></div><table width="100%" cellpadding="4" cellspacing="1" align="left"><tbody><tr><td class="row1" colspan="2"><form action="http://www.google.com/cse" id="cse-search-box" target="_blank">  <div>	<input type="hidden" name="cx" value="partner-pub-0405738179168907:x7d1u-es4sa" />	<input type="hidden" name="ie" value="ISO-8859-1" />	<input type="text" name="q" size="31" />	<input type="submit" name="sa" value="Search" />  </div></form><script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script></td></tr></tbody></table></div><br /></td></tr></tbody></table><table width="100%" align="center" border="0" cellspacing="1"><tbody><tr><td valign="top" width="21%"><div class="borderwrap maintitlecollapse c7" id="fc_loginbox"><p>Please Login</p></div><div class="borderwrap c8" id="fo_loginbox"><div class="maintitle"><p>Please Login</p></div><table width="100%" cellpadding="4" cellspacing="1"><tbody><tr><td class="row1"><div id="membership" class="loggedin"><div class="links" style="text-align:left;padding-left:17px;"></div></div><div class="links"><?phpif(isset($_COOKIE['DevWebSites']))// If the cookie DevWebSites is set, do the following;{$dbHost = 'localhost';// Database Connection Details - Host$dbUser = '****';// Database Connection Details - Username$dbPass = '********';// Database Connection Details - Password$dbname = '*********';// Database Connection Details - Database Name$username = $_COOKIE['DevWebSites']['username'];// Select the username from the cookie$password = $_COOKIE['DevWebSites']['password'];// Select the password from the cookie$db = mysql_connect($dbHost,$dbUser,$dbPass);	 // Connection Codemysql_select_db($dbname,$db);					 // Connects to database$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";$result = mysql_query($query, $db);if(mysql_num_rows($result))		 // If the login information is correct do the following;	{	$_SESSION['loggedin'] = 1;	// Set the session 'loggedin' to 1 and forward the user to the admin page	header('Location: http://www.devwebsites.com/');	exit();	}}/*	If the cookie doesn't exist or the login	information  stored within the cookies	are   wrong   show   the   login   form.*/if ($_SESSION['loggedin'] = 0) {?><form method="post" name="cookie" action="process.php"><p><label for="username">Username : <input type="text" name="username" id="username" /></label></p><p><label for="password">Password : <input type="password" name="password" id="password" /></label></p><p><input type="checkbox" name="setcookie" value="setcookie" /> Remember Me</p><p><input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" /></p></form><?php}if (isset($_GET['error']) AND !empty($_GET['error'])){	echo 'Invalid login data supplied. Please try again.';}else{echo "Welcome";echo '<a href="http://www.devwebsites.com/profile/$Username"$Username</a><br />'; ?><br /><ul><li><a href="http://www.devwebsites.com/forums/usercp.php"Forums UserCP</a></li><li><a href="http://www.devwebsites.com/logout.php"Logout</a></li>}		</td></tr></tbody></table></div><br /><div class="borderwrap maintitlecollapse c7" id="fc_navigation"><p>Main Menu</p></div><div class="borderwrap c8"><div class="maintitle"><p>Main Menu</p></div><table width="100%" cellpadding="4" cellspacing="1"><tbody><tr><td class="row1" style="text-align:left;padding-left:22px;" colspan="2"><a href="/">Home</a><br /><a href="http://www.devwebsites.com/forums">Forums</a><br /><a href="/articles">Articles</a><br /><a href="http://www.devwebsites.com/forums/memberlist.php">Member List</a><br /><a href="/sitemap.xml">Site Map</a><br /><form action="#"><input type="button" value="Bookmark" onclick="bookmark('http://devwebsites.com/','DevWebSites Bookmark')" /></form></td></tr></tbody></table></div></div><br /><div class="borderwrap maintitlecollapse c7" id="fc_site_search"><p>Articles</p></div><div class="borderwrap c8" id="fo_site_search"><div class="maintitle" style="text-align:left;padding-left:22px;"><p>Articles</p></div><table width="100%" cellpadding="4" cellspacing="1"><tbody><tr><td style="text-align:left;padding-left:25px;"><a href="http://www.devwebsites.com/articles/Php.html">PHP</a><br /><a href="http://www.devwebsites.com/articles/Mysql.html">MySQL</a><br /><a href="http://www.devwebsites.com/articles/asp.html">ASP</a><br /><a href="http://www.devwebsites.com/articles/ado.html">ADO</a><br /><a href="http://www.devwebsites.com/articles/seo.html">SEO</a><br /><a href="http://www.devwebsites.com/articles/ajax.html">Ajax</a><br /><a href="http://www.devwebsites.com/articles/oracle.html">Oracle</a><br /><a href="http://www.devwebsites.com/articles/apache.html">Apache</a><br /><a href="http://www.devwebsites.com/articles/xhtml.html">[X]HTML</a><br /><a href="http://www.devwebsites.com/articles/css.html">CSS</a><br /><a href="http://www.devwebsites.com/articles/javascript.html">JavaScript</a><br /><a href="http://www.devwebsites.com/articles/actionscript.html">ActionScript</a><br /></td></tr></tbody></table></div><br /></td><td width="2%"><br /></td><td valign="top" width="51%"><div class="borderwrap maintitlecollapse c7" id="fc_real_news"><p>DevWebSites.com News</p></div><div class="borderwrap c8" id="fo_real_news"><table><tbody><tr><td			</td></tr></tbody></table></div><br /></td><td width="2%"><br /></td><td valign="top" width="21%"><div class="borderwrap maintitlecollapse c7" id="fc_latest_posts"><p class="expand"><a href="'java script:togglecategory("></a></p></div><div class="borderwrap maintitlecollapse c7" id="fc_ads"><p class="expand"><a href="'java script:togglecategory("></a></p><p>Advertisements</p></div><div class="borderwrap c8" id="fo_ads"><div class="maintitle"><p>Advertisements</p></div><script type="text/javascript"><!--google_ad_client = "pub-0405738179168907";/* DevWebSites Ads */google_ad_slot = "3912446892";google_ad_width = 250;google_ad_height = 250;//--></script><script type="text/javascript"src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script><script type="text/javascript"src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script><table width="100%" cellpadding="4" cellspacing="1"><tbody><tr><td class="row1" colspan="2"><br /></td></tr></tbody></table></div></td></tr></tbody></table><table width="100%" align="center" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td><br /></td></tr></tbody></table><table id="gfooter" cellspacing="0"><tbody><tr><td width="10%" align="center" nowrap="nowrap"></td><td width="45%" align="right" nowrap="nowrap"><script type="text/javascript">//<![CDATA[function startTime(){var today=new Date();var h=today.getHours();var m=today.getMinutes();var s=today.getSeconds();// add a zero in front of numbers<10m=checkTime(m);s=checkTime(s);document.getElementById('txt').innerHTML=h+":"+m+":"+s;t=setTimeout('startTime()',500);}function checkTime(i){if (i<10)  {  i="0" + i;  }return i;}//]]></script><div id="txt"></div><script type="text/javascript">//<![CDATA[menu_do_global_init();//]]></script></td></tr></tbody></table></body></html>

[justsomeguy]

This is missing one:else{echo "Welcome";echo '<a href="http://www.devwebsites.com/profile/$Username"$Username</a><br />'; ?>