Login/ Signup Not working

[mikemanx2]

Hi I have a web site that you can sign up on and loginbut when you sigh up it always says you are now sucsesfuly registered even if the same user name and every thing i want it to say this user name has already been taken. i dont thing its saving into my database.And my login when i login with an existing user and click login it gos to a black page not say you are now loged in or wrong username or password it just gos to a black page.PLZ Help

[justsomeguy]

I suggest that you check in your database to determine whether or not information is being saved or if a lookup is being done properly. You'll also want to check your login code to see where it redirects and make sure it's redirecting to the right place.Or you can post your code.

[mikemanx2]

<body bgcolor="#000000"><font color="#FF0000"><?php// Define variables and connect to database$user = $_POST['user'];$pass = $_POST['pass'];// Connect to database$dbuser = "*";$dbpass = "*";$host = "*";$db_connect = mysql_connect($host, $dbuser, $dbpass) or die("Could not connect to database");$select_db = mysql_select_db("*", $db_connect) or die("Could not select database");// Now to encrypt the password.$encrypted_pass = md5($pass);// Define the query:$query = "SELECT username, memberpass FROM members WHERE username='$user' AND memberpass='$encrypted_pass'";// Run the query and check it it worked.$result = mysql_query($query) or die("Could not execute query." . mysql_error());if (mysql_num_rows($result) != "0") {{session_register($user); // session register the usernamesetcookie ("siteuser",$user,time()+604800); // set cookie containing username echo "You are logged in as $user";} else {echo "Could not log you in. Check your username and password and try again."}?>

Well thats my login code i dont knnow how to make somthing redrect so i have it ware it gose to the page and you click a link.

[justsomeguy]

OK, you've got a few things wrong. From the looks of the code it looks like you're just starting out, so I'll be happy to help you out.First off, you have a lot of things correct. The code is well-commented, it's easy to understand, and you're basically doing everything correct up until the point where you deal with sessions and cookies.As a minor point, before we get started, the HTML <font> tag is no longer valid. You can replace <font color="#FF0000"></font> with <span style="color: #FF0000;"></span>, and it will do the same thing (for now anyway).Secondly, you need to be aware of a type of server attack known as a SQL injection attack. SQL injection allows someone to run any code on your database that they want. The way your page is now, it is vulnerable. This is why it is vulnerable:

$user = $_POST['user'];...$query = "SELECT username, memberpass FROM members WHERE username='$user' AND memberpass='$encrypted_pass'";

You use the $user variable in your query exactly as you get it from POST. This is a problem because an attacker could create a page that submits a post request that contains SQL code. Say an attacker writes this into the "user name" field:'; delete from members where 1;Look what happens when that gets substituted into the SQL query:SELECT username, memberpass FROM members WHERE username=''; delete from members where 1;' AND memberpass=''The SQL server will execute a select statement, then a delete statement that deletes all your users, then generates some syntax error. You can protect against this by escaping your SQL variables. As a general rule, never never trust any data coming from the user. This is how you should write your SQL statement:$query = "SELECT username, memberpass FROM members WHERE username='" . mysql_escape_string($user) . "' AND memberpass='$encrypted_pass'";The mysql_escape_string will make your string data "safe" for the query. The password doesn't need to get escaped because it already went through the md5() function, which is safe for SQL code. Using the same example above, the query with the dangerous code now looks like this:SELECT username, memberpass FROM members WHERE username='\'; delete * from members;' AND memberpass=''The only difference is the \ before the quote in the username, but that makes all the difference. MySQL will simply return an empty result set, which is what you want to happen.Now that we have that out of the way, let's move on to cookies and sessions. Your code puts the login name into a session variable, and then sets a cookie. You are using the session_register function, which will probably work for you, but session_register is going away in PHP. The next major version of PHP will not include it at all, so you might as well use the $_SESSION variable instead, which isn't going anywhere. Also, if you haven't explicity started your session yet, you might as well use session_start to kick it off. So your session_register line changes to this:session_start();$_SESSION['user'] = $user;Now you have created a session variable called "user", and given it the value of what the user logged in as. The session_start function did some housekeeping to make all this possible.The good news is that you don't necessarily need to explicitly set the cookie, but the bad news is that you have to create another page. The reason you need to create another page is because of how cookies work, and I'll explain that if you want me to, but you can't set a cookie on one page after you have already sent HTML, and you can't set a cookie on a page and then redirect to another page. You need to set a cookie before you send anything to the browser, and then show the page. That means that you need to go to a new page, and start with the cookie. This is the reason why you see all those pages that say "thanks for logging in (or out..), you are being redirected". So now you get to create your own.If you have your form processing script on the same page as your HTML form, you will need to do a redirect. But if your form submits to a different page, you can just use that page. So if the <form> tag of your login form (say "login_form.php") points to a different page, and maybe looks like this:<form action="process_login.php" method="post">Then this is what your process_login.php looks like:

<?php// Define variables and connect to database$user = $_POST['user'];$pass = $_POST['pass'];// Connect to database$dbuser = "*";$dbpass = "*";$host = "*";$db_connect = mysql_connect($host, $dbuser, $dbpass) or die("Could not connect to database");$select_db = mysql_select_db("*", $db_connect) or die("Could not select database");// Now to encrypt the password.$encrypted_pass = md5($pass);// Define the query:$query = "SELECT username, memberpass FROM members WHERE username='" . mysql_escape_string($user) .' AND memberpass='{$encrypted_pass}'";// Run the query and check if it worked.$result = mysql_query($query) or die("Could not execute query." . mysql_error());if (mysql_num_rows($result) > "0"){  session_start();  $_SESSION['siteuser'] = $user;  $_SESSION['sitepass'] = $encrypted_pass;  if ($the_user_wants_to_be_logged_in_for_a_year)  {    setcookie("siteuser", $user, time() + (86400 * 365), "/", $_SERVER["HTTP_HOST"], 0);    setcookie("sitepass", $encrypted_pass, time() + (86400 * 365), "/", $_SERVER["HTTP_HOST"], 0);  }    write_session();}else{  // bad login, send them back to the login page with an error  header("Location: login_form.php?error=" . urlencode("Sorry sucker, your username and password are wrong! You fail it!");  exit();}?><html>  <head>    <title>Sweet login processor</title>    <meta http-equiv="refresh" content="2; url=http://www.yourdomain.com/user_menu.php">  </head>  <body>    show some sweet "you are being redirected" thing  </body></html>

Now the user is logged in through the session, and a cookie has been sent to the client. You have shown them a little page that will redirect to the user menu in 2 seconds (or however long you say in the <meta> tag). So now this is how you check on the user menu, or wherever else, that they are logged in:

<?php$siteuser = "";$sitepass = "";// check in the session firstsession_start();if (isset($_SESSION['siteuser']) && isset($_SESSION['sitepass'])){  $siteuser = $_SESSION['siteuser'];  $sitepass = $_SESSION['sitepass'];}// check in the cookie (cookie overwrites the session)if (isset($_COOKIES['siteuser']) && isset($_COOKIES['sitepass'])){  $siteuser = $_COOKIES['siteuser'];  $sitepass = $_COOKIES['sitepass'];}// check in the databaseif ($siteuser != "" && $sitepass != ""){  // Connect to database  $dbuser = "*";  $dbpass = "*";  $host = "*";  $db_connect = mysql_connect($host, $dbuser, $dbpass) or die("Could not connect to database");  $select_db = mysql_select_db("*", $db_connect) or die("Could not select database");  // Define the query:  $query = "SELECT username, memberpass FROM members WHERE username='" . mysql_escape_string($siteuser) . "' AND memberpass='" . mysql_escape_string($sitepass) . "'";  // Run the query and check it it worked.  $result = mysql_query($query) or die("Could not execute query." . mysql_error());  if (mysql_num_rows($result) == "0")  {    $siteuser = "";    $sitepass = "";  }}// at this point, if $siteuser and $sitepass are empty, the user is not logged inif ($siteuser != "")  echo "You are logged in as {$siteuser}";else  echo "You are not logged in.  You fail it.";?>

Ask if you have any questions on anything.

[mikemanx2]

<?php$siteuser = "";$sitepass = "";// check in the session firstsession_start();if (isset($_SESSION['siteuser']) && isset($_SESSION['sitepass'])){ $siteuser = $_SESSION['siteuser']; $sitepass = $_SESSION['sitepass'];}// check in the cookie (cookie overwrites the session)if (isset($_COOKIES['siteuser']) && isset($_COOKIES['sitepass'])){ $siteuser = $_COOKIES['siteuser']; $sitepass = $_COOKIES['sitepass'];}// check in the databaseif ($siteuser != "" && $sitepass != ""){ // Connect to database $dbuser = "*"; $dbpass = "*"; $host = "*"; $db_connect = mysql_connect($host, $dbuser, $dbpass) or die("Could not connect to database"); $select_db = mysql_select_db("*", $db_connect) or die("Could not select database"); // Define the query: $query = "SELECT username, memberpass FROM members WHERE username='" . mysql_escape_string($siteuser) . "' AND memberpass='" . mysql_escape_string($sitepass) . "'"; // Run the query and check it it worked. $result = mysql_query($query) or die("Could not execute query." . mysql_error()); if (mysql_num_rows($result) == "0") {   $siteuser = "";   $sitepass = ""; }}// at this point, if $siteuser and $sitepass are empty, the user is not logged inif ($siteuser != "") echo "You are logged in as {$siteuser}";else echo "You are not logged in.  You fail it.";?>

So is this the new code that should work and redirest to a new page

[justsomeguy]

No, that is the code that checks if the user is already logged in.

[mikemanx2]

Well then wares the code for the people to login

[justsomeguy]

You mean I spent 2 hours writing that and you didn't even read it?I'll give you a hint. It's just after this line:"Then this is what your process_login.php looks like:"

[mikemanx2]

Well sry i asked for help with my logining in php page not a page that would check if a user was loged inoya i tryed the login page and i always asyed could not login

[justsomeguy]

What I wrote is a description of the entire login process. It really doesn't do any good to have someone log in if you aren't checking for people that are logged in, does it? Do you just log someone in, and then never check if they are logged in? What I explained is 1) how to log someone in and 2) how to check if someone is logged in. You can only do one of them if you really want, but there's not really a point.

[mikemanx2]

Ok sry im like totaly confused can you explan why i need a program to cheack if there loged in see i dont no what thats for i only needed unless i figure out why i need somthing to cheack if there logedin i was asking for a program that will make the cookie and log the person in

[pulpfiction]

The reason why you have a login is to make sure that only restricted users are allowed to view certain pages. so for every page after the login page, you need to check if the user is logged in or not. if you dont do so then any user can directly type the URL of restricted page and view it without logging in

[mikemanx2]

ok i get it now but this code dosent work on my site

<?php// Define variables and connect to database$user = $_POST['user'];$pass = $_POST['pass'];// Connect to database$dbuser = "*";$dbpass = "*";$host = "*";$db_connect = mysql_connect($host, $dbuser, $dbpass) or die("Could not connect to database");$select_db = mysql_select_db("*", $db_connect) or die("Could not select database");// Now to encrypt the password.$encrypted_pass = md5($pass);// Define the query:$query = "SELECT username, memberpass FROM members WHERE username='" . mysql_escape_string($user) .' AND memberpass='{$encrypted_pass}'";// Run the query and check if it worked.$result = mysql_query($query) or die("Could not execute query." . mysql_error());if (mysql_num_rows($result) > "0"){ session_start(); $_SESSION['user'] = $user; $_SESSION['pass'] = $encrypted_pass; if ($the_user_wants_to_be_logged_in_for_a_year) {   setcookie("siteuser", $user, time() + (86400 * 365), "/", $_SERVER["HTTP_HOST"], 0);   setcookie("sitepass", $encrypted_pass, time() + (86400 * 365), "/", $_SERVER["HTTP_HOST"], 0); }  write_session();}else{ // bad login, send them back to the login page with an error header("Location: login_form.php?error=" . urlencode("Sorry sucker, your username and password are wrong! You fail it!"); exit();}?><html> <head>   <title>Sweet login processor</title>   <meta http-equiv="refresh" content="2; url=http://www.yourdomain.com/user_menu.php"> </head> <body>   show some sweet "you are being redirected" thing </body></html>

[pulpfiction]

This is the Login script, when you pass the username and password, it'll check if the user exists in the DB or not and if username and pwd match, then redirect. what sort of error are you getting

[justsomeguy]

Note: I made a mistake when I posted the code, these two lines should be changed:$_SESSION['user'] = ...$_SESSION['pass'] = ...to$_SESSION['siteuser'] = ...$_SESSION['sitepass'] = ...If you want me to help with this, let me know what the problem is. Saying it doesn't work isn't enough for me to help with anything. Most of the code there is code you posted. You will need to change the database information, and set up the actual login form. I called the login form login_form.php (so if you have a different name, make sure you update the code), and it needs a user field called "user", a password field called "pass", and probably some checkbox labelled "remember me" or something, that's what I was checking for here:if ($the_user_wants_to_be_logged_in_for_a_year)So update that if statement with your checkbox info. On your login_form.php you will also need to check $_GET['error'] to look for an error message, and show that to the user. And then you also need to update the meta tag to send the user to the appropriate page (where I have "http://www.yourdomain.com/user_menu.php").Thanks for your input pulpfiction.

[mikemanx2]

Thx for all the help guys im still trying to get that to work but i have a friend that i can see if he can help me but thx guys you really helped but i have one more thing im trying to put this pice of php into my frount page i have it as a .php but it shows up as a blank page can you look anhd see whats wrong with it.

<html><body bgcolor="#333333"><title>Mikemanx.com-A Flash Fantasy</title><STYLE TYPE="text/css"><!--FORM { margin-bottom : 0px; margin-top : 0px; }body{	background-color: #2F3238;	color: #C2C7CB;	background-image: url(/images2006/bg_gradient.gif);	background-repeat: repeat-x;	margin-top: 0px;	margin-left: 0px;	margin: 0px;}a { text-decoration: none; }a:link { color: #FFAB0D; }a:visited { color: #B47101; }a:active { color: #FFAB0D; }a:hover { color: #FFEE70; }body, div, td{	scrollbar-face-color: #000000;	scrollbar-highlight-color: #FF0000;	scrollbar-3dlight-color: #000000;	scrollbar-darkshadow-color: #000000;	scrollbar-shadow-color: #000000;	scrollbar-arrow-color: #FF0000;	scrollbar-track-color: #FF0000;}.global_field{	font-family: Arial;	color: #000000;	font-size: 11px;	font-weight: bold;	background-color: #FFCC00;	background-image: url('/layout04/newhf/tf_bg_sm.gif');	border-left: #000000 2px solid;	border-top: #000000 2px solid;	border-right: #45494F 1px solid;	border-bottom: #45494F 1px solid;}.global_field_sm{	font-family: Arial;	color: #000000;	font-size: 10px;	background-color: #FFCC00;	background-image: url('/layout04/newhf/tf_bg_sm.gif');	border-left: #000000 2px solid;	border-top: #000000 2px solid;	border-right: #45494F 1px solid;	border-bottom: #45494F 1px solid;}.button_normal{	font-family: Arial;	color: #FFCC00;	font-size: 11px;	font-weight: bold;	background-color: #41464E;	border-left: #20252A 1px solid;	border-top: #20252A 1px solid;	border-right: #5F656B 1px solid;	border-bottom: #5F656B 1px solid;}.font_contact{	font-family: Arial,Helvetica;	font-size: 10px;}.font_vd_small{	font-family: Verdana,Arial,Helvetica;	font-size: 10px;}.font_a2{	font-family: Arial,Helvetica;	font-size: 13px;}a.header:link { color: #ffcc00; }a.header:visited { color: #ffcc00; }a.header:hover { color: #ffffff; }a.header:active { color: #ffab0d; }.font_header{	font-family: Arial,Helvetica;	font-size: 10px;	font-weight: bold;	letter-spacing: 1px;}.font_small_header{	font-family: Arial,Helvetica;	font-size: 9px;}//--></STYLE><table width="500" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="black">	<tr>   <td width="771">      <a href="index.html" onmouseover="RollOver('nav_b1');window.status='';return true;" onmouseout="RollOut('nav_b1');window.status='';return true;"><img src="logo.png" width="770" height="130" alt="MikeManx.com" name="nav_b1" border="0"></a></td>  </tr>	<tr>   <td>   <table border="0" cellpadding="0" cellspacing="0">   <tr> 	 <td><a href="Flash.html" onmouseover="RollOver('nav_b1');window.status='';return true;" onmouseout="RollOut('nav_b1');window.status='';return true;"><img src="flash.png" width="138" height="42" alt="Flash Movies" name="nav_b1" border="0"></a></td> 	 <td><a href="tutorail.php" onmouseover="RollOver('nav_b2');window.status='';return true;" onmouseout="RollOut('nav_b2');window.status='';return true;"><img src="fourms.png" width="127" height="42" alt="Forums" name="nav_b2" border="0"></a></td> 	 <td><a href="videos.html" onmouseover="RollOver('nav_b3');window.status='Games';return true;" onmouseout="RollOut('nav_b3');window.status='';return true;"><img src="video.png" width="74" height="42" alt="Videos" name="nav_b3" border="0"></a></td> 	 <td><a href="games.html"><img src="game.png" alt="Games" name="nav_b4" width="68" height="42" border="0"></a></td> 	 <td><a href="downloads.html" onmouseover="RollOver('nav_b5');window.status='';return true;" onmouseout="RollOut('nav_b5');window.status='';return true;"><img src="download.png" width="121" height="42" alt="Downloads" name="nav_b5" border="0"></a></td> 	 <td><a href="mailto:mikemanx2@hotmail.com"><img src="email.png" width="73" height="42" alt="Email Me" name="nav_b6" border="0"></a></td> 	 <td><a href="login.html"><img src="tutorial.png" alt="Tutorials" name="nav_b8" width="83" height="42" border="0"></a></td> 	 <td><a href="Submit.html"><img src="submit.png" alt="Submit" name="nav_b8" width="86" height="42" border="0"></a></td>   </tr>   </table>	</td>	</tr>	<tr>   <td background="bg_full.gif" align="center">  <!---------- END GLOBAL HEADER ----------><table width="770" border="0" align="" cellpadding="0" cellspacing="0" bgcolor="#000000">  <td width="10" background="/layout04/main_side_1.gif" valign="top"></td>  <!-- Left Hand Side -->  <td background="" width="771" valign="top">  <table border="0" cellpadding="0" cellspacing="0" width="220" align="left">	                <font color="red"> 	 <div align="center"><div align="top"><OBJECT CLASSID="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" CODEBASE="http://active.macromedia.com/flash2/cab5/swflash.cab#version=2,1,0,12" HEIGHT=300 WIDTH=300 ID="Shockwave5">                                                            <PARAM NAME="Movie" VALUE="flashadd.swf">                                                            <PARAM NAME="Quality" VALUE="High">                                                            <PARAM NAME="Loop" VALUE="1">                                                            <PARAM NAME="Play" VALUE="1">                                                            <PARAM NAME="Scale" VALUE="ShowAll">                                                            <PARAM NAME="SAlign" VALUE="L">                                                            <EMBED ID="Shockwave5" SRC="flashadd.swf" HEIGHT=300 WIDTH=300 PALETTE=BACKGROUND Quality=High Loop=true Play=TRUE Scale=ShowAll SAlign=L                                                             PLUGINSPAGE="http://www.macromedia.com/shockwave/download/"></OBJECT>                          	        	<OBJECT CLASSID="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" CODEBASE="http://active.macromedia.com/flash2/cab5/swflash.cab#version=2,1,0,12" HEIGHT=50 WIDTH=300 ID="Shockwave5">                                                            <PARAM NAME="Movie" VALUE="musiccontrol.swf">                                                            <PARAM NAME="Quality" VALUE="High">                                                            <PARAM NAME="Loop" VALUE="1">                                                            <PARAM NAME="Play" VALUE="1">                                                            <PARAM NAME="Scale" VALUE="ShowAll">                                                            <PARAM NAME="SAlign" VALUE="L">                                                            <EMBED ID="Shockwave5" SRC="musiccontrol.swf" HEIGHT=50 WIDTH=300 PALETTE=BACKGROUND Quality=High Loop=true Play=TRUE Scale=ShowAll SAlign=L                                                             PLUGINSPAGE="http://www.macromedia.com/shockwave/download/"></OBJECT> <?php if(ISSET($_COOKIE['siteuser'])) {echo " You are signed in as $user "} else { echo "<h5 class="heading">Member Login</h5> 	 <form action="memberlogin.php" method="post">    <div class="row">   	 <label for="email">Username:</label>   	 <input type="text" name="user"><br/>    </div>    <div class="row"> 	    	 <label for="password">Password:</label>   	 <input type="password" name="pass"><br/>        </div>    <br />    <div align="center">   	 <input type="submit" value="Login" alt="Log In">   	 <a id="ctl00_Main_SplashDisplay1_login1_HyperLink1" href="signup.html"><img src="signup.png" style="border-width:0px;" /></a><br />   	 <a href="http://www.mikemanx.com/passforget.html">Forgot your password?</a>    </div> 	 </form> "} ?> 	 	</tr>	</td>	</table>	  	<font color="red">	        <table border="0" cellpadding="0" cellspaceing="0" width="400" align="center">  <td><tr>	                          	 <h5 class="heading">MikeManX.com News</h5><p>Sry i havent updated in a wile ive been realy busy latly...<p><b>New Update</b>: ReDesined logo and new pages.. i got rid of the old movies because they wernt that good buti put in the on that i finish that ive been working on for two weeks also i got the submit page working so youcan submit movies and it will got right into the flash movies page, the same with the tutorial page im not goingto suply the this web site with tutorails because im not good with writing tutorials so i have it ware you can submit the. Dont submit the tutorails in the flash movie  submition thats the one on the navbar dont submit thetutorials in the submition you can submit them by going to the tutorial page and there will be a butten that sayssubmit tutorials in the submit page...  THX</p><b>New Work</b>: Im curently working on new updates for the site and more ideas for movies.<br><p><b>Flash Movie of the month...<b><p><a href="Clockwars001.html"><img src="clocklogo.png" width="70" height="50" border="0"> StarWars(Clock)</a></p>	 	 <br />  </div></font></td> 	 </tr> 	 <tr>    <td width="100%">    <table border="0" cellpadding="0" cellspacing="0" width="100%">   	 <tr>      <td>      <table border="0" cellpadding="0" cellspacing="0">     	 <tr>        <td><img src="" width="8" height="25"></td>        <td background="" class="font_vd_small"><b></td>        <td></td>     	 </tr>      </table>      </td>                  <td align="right"></td>   	 </tr>    </table>    </td><font size="2">        <center> Copywrite © 2006 Mikemanx Production All Rights Reserved,<br>Special Thx To Jeremy B. For helping me with most of my php code. </html>

[justsomeguy]

One thing is that you are missing a head, and you start the body too early. Replace your first <body> tag with a <head> tag, and the closing </head> tag should appear after the </style> tag. Open your body after the </head> tag, and make sure you put a </body> tag before the last </html> tag. You also didn't close the <font> and <center> tags at the end, and there's also an unclosed <table> tag by the time you finish.You should validate this code:http://validator.w3.org/As it is now, the validator finds 55 errors in the markup.As a side note, I'm not sure of the legalities involved, but if "Mikemanx Production" is not a legally registered entity, you may get in trouble for claiming copyright with it. If you want to set up your own company, all you need to do is file the appropriate paperwork and pay the fee (which isn't a lot). If you happen to be in Arizona, I can point you to the corporation commission, or else you might want to search for your local body that does that type of thing.

[mikemanx2]

ok ill fix those errors but do i just send my file to that page and they will go through and fix all the errorsWhat dose it meen by mark up

[mikemanx2]

They say they wont take php files

[justsomeguy]

Markup is the HTML code (HyperText Markup Language). XML is also markup, CSS might technically be markup as well. You can copy and paste your code into the text box labeled "Validate by Direct Input", or if it is online you can point it to the URL in the "Validate by URL" field. And no, they don't fix your errors for you, because they don't know what you want. But they do tell you what and where your errors are.