Jump to content

login register scipt


mikemanx2
 Share

Recommended Posts

hey i run the website mikemanx.com but ive been trying ever sens i made it to make people be abole to login and register im predy sher i got my login script right but when it comes to the register i have everything working right but it does not save the user into my database so you cant login because theres no user heres my login and register codelogin script login.php

<?php// database connect script.require 'db_connect.php';if($logged_in == 1) {	die('You are already logged in, '.$_SESSION['username'].'.');}?><html><head><title>Login</title></head><body><?phpif (isset($_POST['submit'])) { // if form has been submitted	/* check they filled in what they were supposed to and authenticate */	if(!$_POST['uname'] | !$_POST['passwd']) {		die('You did not fill in a required field.');	}	// authenticate.	if (!get_magic_quotes_gpc()) {		$_POST['uname'] = addslashes($_POST['uname']);	}	$check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");	if (DB::isError($check) || $check->numRows() == 0) {		die('That username does not exist in our database.');	}	$info = $check->fetchRow();	// check passwords match	$_POST['passwd'] = stripslashes($_POST['passwd']);	$info['password'] = stripslashes($info['password']);	$_POST['passwd'] = md5($_POST['passwd']);	if ($_POST['passwd'] != $info['password']) {		die('Incorrect password, please try again.');	}	// if we get here username and password are correct, 	//register session variables and set last login time.	$date = date('m d, Y');	$update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");	$_POST['uname'] = stripslashes($_POST['uname']);	$_SESSION['username'] = $_POST['uname'];	$_SESSION['password'] = $_POST['passwd'];	$db_object->disconnect();?><h1>Logged in</h1><p>Welcome back <?php echo $_SESSION['username']; ?>, you are logged in.</p><?php} else {	// if form hasn't been submitted?><h1>Login</h1><form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"><table align="center" border="1" cellspacing="0" cellpadding="3"><tr><td>Username:</td><td><input type="text" name="uname" maxlength="40"></td></tr><tr><td>Password:</td><td><input type="password" name="passwd" maxlength="50"></td></tr><tr><td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td></tr></table></form><?php}?></body></html>

Heres my register, register.php

<?phprequire('db_connect.php');	// database connect script.?><html><head><title>Register an Account</title></head><body><?phpif (isset($_POST['submit'])) { // if form has been submitted	/* check they filled in what they supposed to, 	passwords matched, username	isn't already taken, etc. */	if (!$_POST['uname'] | !$_POST['passwd'] | !$_POST['passwd_again'] | !$_POST['email']) {		die('You did not fill in a required field.');	}	// check if username exists in database.	if (!get_magic_quotes_gpc()) {		$_POST['uname'] = addslashes($_POST['uname']);	}	$name_check = $db_object->query("SELECT username FROM users WHERE username = '".$_POST['uname']."'");	if (DB::isError($name_check)) {		die($name_check->getMessage());	}	$name_checkk = $name_check->numRows();	if ($name_checkk != 0) {		die('Sorry, the username: <strong>'.$_POST['uname'].'</strong> is already taken, please pick another one.');	}	// check passwords match	if ($_POST['passwd'] != $_POST['passwd_again']) {		die('Passwords did not match.');	}	// check e-mail format	if (!preg_match("/.*@.*..*/", $_POST['email']) | preg_match("/(<|>)/", $_POST['email'])) {		die('Invalid e-mail address.');	}	// no HTML tags in username, website, location, password	$_POST['uname'] = strip_tags($_POST['uname']);	$_POST['passwd'] = strip_tags($_POST['passwd']);	$_POST['website'] = strip_tags($_POST['website']);	$_POST['location'] = strip_tags($_POST['location']);	// check show_email data	if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) {		die('Nope');	}	/* the rest of the information is optional, the only thing we need to 	check is if they submitted a website, 	and if so, check the format is ok. */	if ($_POST['website'] != '' & !preg_match("/^(http|ftp):///", $_POST['website'])) {		$_POST['website'] = 'http://'.$_POST['website'];	}	// now we can add them to the database.	// encrypt password	$_POST['passwd'] = md5($_POST['passwd']);	if (!get_magic_quotes_gpc()) {		$_POST['passwd'] = addslashes($_POST['passwd']);		$_POST['email'] = addslashes($_POST['email']);		$_POST['website'] = addslashes($_POST['website']);		$_POST['location'] = addslashes($_POST['location']);	}	$regdate = date('m d, Y');	$insert = "INSERT INTO users (			username, 			password, 			regdate, 			email, 			website, 			location, 			show_email, 			last_login) 			VALUES (			'".$_POST['uname']."', 			'".$_POST['passwd']."', 			'$regdate', 			'".$_POST['email']."', 			'".$_POST['website']."', 			'".$_POST['location']."', 			'".$_POST['show_email']."', 			'Never')";	$add_member = $db_object->query($insert);	if (DB::isError($add_member)) {		die($add_member->getMessage());	}	$db_object->disconnect();?><h1>Registered</h1><p>Thank you, your information has been added to the database, you may now <a href="login.php" title="Login">log in</a>.</p><?php} else {	// if form hasn't been submitted?><h1>Register</h1><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><table align="center" border="1" cellspacing="0" cellpadding="3"><tr><td>Username*:</td><td><input type="text" name="uname" maxlength="40"></td></tr><tr><td>Password*:</td><td><input type="password" name="passwd" maxlength="50"></td></tr><tr><td>Confirm Password*:</td><td><input type="password" name="passwd_again" maxlength="50"></td></tr><tr><td>E-Mail*:</td><td><input type="text" name="email" maxlength="100"></td></tr><tr><td>Website:</td><td><input type="text" name="website" maxlength="150"></td></tr><tr><td>Location</td><td><input type="text" name="location" maxlength="150"></td></tr><tr><td>Show E-Mail?</td><td><select name="show_email"><option value="1" selected="selected">Yes</option><option value="0">No</option></select></td></tr><tr><td colspan="2" align="right"><input type="submit" name="submit" value="Sign Up"></td></tr></table></form><?php}?></body></html>

and heres my database conection db_connet.php

<?php$db_engine = 'mysql';$db_user = '**********;$db_pass = '**********';$db_host = '**********';$db_name = '*********';$datasource = $db_engine.'://'.			  $db_user.':'.			  $db_pass.'@'.		 	  $db_host.'/'.				$db_name;$db_object = DB::connect($datasource, TRUE);/* assign database object in $db_object, if the connection fails $db_object will containthe error message. */// If $db_object contains an error:// error and exit.if(DB::isError($db_object)) {	die($db_object->getMessage());}$db_object->setFetchMode(DB_FETCHMODE_ASSOC);// we write this later on, ignore for now.include('check_login.php');?>

Plz help ive been trying to do this for two years i would realy like to finish it soon plz help also i think this is the problume i dont have any tables in my data base i couldent figure out the sql code to put all the tables in... :)

Link to comment
Share on other sites

You have been trying for 2 years to add information to a database that doesn't contain any tables? Let's review the process to add information to a database:1. design the table structure2. build the tables3. add infoYou can't skip straight to #3. But, I'm glad you got that worked out now. Are you seeing any error messages? If so, you should have posted what they are. Error messages are the only indication you have of what the problem is, so if you are giving an error report you need to include error messages. Does it display the "success" messages, but nothing happens? Try using this on the top of your pages:

ini_set("display_errors", 1);error_reporting(E_ALL);

Also, a couple words about your registration process.First of all, the operator for a logical if is ||, not |. | is a bitwise if, and you are dealing with logical values, so you need to use the logical operator.Secondly, your code does various checks and makes changes to the values in $_POST along the way. You need to do all of your conversions first, and then do your checks. For example, first you check to see if the username is in the database, and then you strip the HTML tags from it. So there could be a user in your database called "test", and maybe someone chooses the username "<b>test</b>". Your check will not find the user, because you are comparing "test" with "<b>test</b>", but then you strip the HTML tags and try to add a duplicate user. Do all of your conversions (addslashes, strip_tags, etc) first, and then check in the database.Also, your regular expression check for an email is wrong. That regular expression is not the correct one to use. It will match several invalid addresses and characters. For example, it would think this is a valid address:@@@@@@@@@Here is an example that uses Perl-compatible regexp to check an email. These types of examples are all over the web:

<?php   if ($submit) { 	$okay = preg_match(	  '/^[A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{2,4}$/', 	  $emailfield	); 	if ($okay) { 	  echo "E-mail is validated"; 	} else { 	  echo "E-mail is incorrect"; 	}   }else { ?>

I guess the only other thing to say is not use die so much. It's not very user-friendly that if someone fills in the form wrong, and hits submit, all they get is a blank page with an error message on it. You should be showing them the form with everything they put already filled in, and display the error message and maybe highlight the fields that have problems.

Link to comment
Share on other sites

theres no error mesages its just not adding the info its conecting i added the table and it still dident work

Link to comment
Share on other sites

Did you add the ini_set and error_reporting calls to the top of your PHP page and run it? Logically, either you should get an error message or it should work. It shouldn't execute your insert statement, not insert anything, and not display an error. Do you have a table called users with these fields in it:username, password, regdate, email, website, location, show_email, last_loginOne other way to make sure it is working is to give it purposefully bad data and make sure it gives an error message. So try changing to password to something you know is wrong, or the database name to something you know is wrong and make sure it does give you an error at that point. If you give it wrong info, and still don't get an error, then an error is probably happening that you're not seeing.

Link to comment
Share on other sites

i got a friend that can help me now but when i added the error code it gose to a blank page ill have my friend help me now he runs an online game make with php so he can help me with the script problumes but thx for the help so far

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...