Login/register script

[RobberBaron]

I'm writing a website wherein if the user is not logged in, they will be redirected to "login.php", which gives the option of logging in or registering; the issue is, when I submit the Login or Register form, all that happens is the page refreshes - I've checked the database, nothing is inserted. When the login is submitted, if there are no errors then it should redirect to "index.php"When the registration form is submitted, it should redirect to "login.php?r=1" - this is the login/register page only with a notification saying the registration worked.Any help? :/ Here's the code for "login.php":

 <?phpIf (isset($_POST['do_rblogin'])){Include('db.php');// Makes sure they filled it inIf (!$_POST['user_text']){Die('You need to enter a username to login.');}Elseif(!$_POST['user_pass']){Die('Please enter a password.');};//Checks it against the database, gives error if user doesn't exist$check=mysql_query('SELECT * FROM users WHERE username = "'.$_POST['user_text'].'"') or die(mysql_error());If (mysql_num_rows($check)==0){Die('That user does not exist, maybe try registering silly.');};While($info=mysql_fetch_array($check)){$_POST['pass']=stripslashes($_POST['pass']);$info['password'] = stripslashes($info['password']);$_POST['pass'] = md5($_POST['pass']);//Gives error if the password is wrongIf ($_POST['pass']!=$info['password']){Die('Incorrect password, please try again.');}Else{ //if login is ok then we add a cookie setcookie('rb_userid', $info['ID'], time()*10);Header("Location: index.php"); }}}Elseif (isset($_POST['do_rbreg'])){Include('db.php');//Register code// $_POST['user_text']// $_POST['user_pass']// $_POST['user_cr_pass']// $_POST['user_email'] //This makes sure they did not leave any fields blank If (!$_POST['user_text']){Die('Please enter a username.');}Elseif (!$_POST['user_pass']){Die('Please enter a password.');}Elseif (!$_POST['user_cr_pass']||$_POST['user_pass']!=$_POST['user_cr_pass']){Die('Please check your secondary password - this ensures you know the password that you\'ll be using to login.');}; //Check if username is in use$usercheck=$_POST['user_text'];$check=mysql_query('SELECT username FROM users WHERE username = "'.$usercheck.'"') or die(mysql_error());//If the name exists it gives an errorIf (mysql_num_rows($check)!= 0) {die('Sorry, the username '.$usercheck.' is already in use, please select another.');};//Encrypt the password and add slashes if needed$_POST['user_pass']=md5($_POST['user_pass']);If (!get_magic_quotes_gpc()){$_POST['user_text']=addslashes($_POST['user_text']);$_POST['user_pass']=addslashes($_POST['user_pass']);$_POST['user_email']=addslashes($_POST['user_email']);}; //Now we insert it into the databasemysql_query('INSERT INTO users (username, password, email) VALUES ("'.$_POST['user_text'].'", "'.$_POST['user_pass'].'", "'.$_POST['user_email'].'")') or die(mysql_error());Header('Location: login.php?r=1');}Else{?><html><head><title>RobberBaron</title></head><body><h1>RobberBaron Accounts</h1><hr /><h1><?php If (isset($_GET['r'])) { Echo('Registration complete  Now '); }; ?>Login</h1><form name="login" action="index.php?do=login" method="post"><input type="hidden" id="do_rblogin" value="1" /><table border="0"><tr><td>Username:</td><td><input type="text" id="user_text" /></td></tr><tr><td>Password:</td><td><input type="password" id="user_pass" /></td></tr></table><input type="submit" value="Submit" /><input type="reset" value="Clear" /></form><hr /><h1>...or register</h1><form name="register" action="index.php?do=register" method="post"><input type="hidden" id="do_rbreg" value="1" /><table border="0"><tr><td>Username:</td><td><input type="text" id="user_text" /></td></tr><tr><td>Password:</td><td><input type="password" id="user_pass" /></td></tr><tr><tr><td>Confirm Password:</td><td><input type="password" id="user_cr_pass" /></td></tr><tr><td>Email:</td><td><input type="text" id="user_email" /></td></tr></table><input type="submit" value="Submit" /><input type="reset" value="Clear" /></form><?php};?>

Thanks for any help

[RobberBaron]

Update: I commented out the register form, and yet submitting the Login form still just refreshed the page. What's going wrong :/

[Don E]

For the forms, you have to have the name attribute for the input element in order for $_POST to work after submitting. Try this instead: <form name="login" action="index.php?do=login" method="post"><input type="hidden" id="do_rblogin" value="1" /><table border="0"><tr><td>Username:</td><td><input type="text" name="user_text" /></td></tr><tr><td>Password:</td><td><input type="password" name="user_pass" /></td></tr></table><input type="submit" value="Submit" /><input type="reset" value="Clear" /></form> .... instead of id. <form name="register" action="index.php?do=register" method="post"><input type="hidden" id="do_rbreg" value="1" /><table border="0"><tr><td>Username:</td><td><input type="text" name="user_text" /></td></tr><tr><td>Password:</td><td><input type="password" name="user_pass" /></td></tr><tr><tr><td>Confirm Password:</td><td><input type="password" name="user_cr_pass" /></td></tr><tr><td>Email:</td><td><input type="text" name="user_email" /></td></tr></table><input type="submit" value="Submit" /><input type="reset" value="Clear" /></form> Then if you want once the form(s) is submitted, you can assign variables like so:$username = $_POST['user_text'];$user_email = $_POST['user_email']; etc...

[RobberBaron]

Thanks, however after posting this I updated all the form inputs so that the name property is equal to the ID property, so that made no difference, it still just refreshes the page :/ The whole website depends on this page: http://robberbaron.comeze.com

[RobberBaron]

Found the problem. The forms are submitting to "index.php?do=etc" rather than login.php, so therefore index.php realizes they're not logged in and just sends them back to the login page. Thanks anyway.