...

View Full Version : PHP Register/login help needed



cobe123
02-22-2007, 01:23 AM
Hi all,

I'm trying to implement a registration and login system on my website. I have been trying to follow a tutorial on the web which partially works. I created my database in mysql which works fine. i have a html file that contains the form for the user to register. that form then activates a php form to take the users data and insert it in the database.

My first problem is that if the same username is submitted twice an error is produced by php. the second problem i have is that once the form is submitted by the user the code just outputs some text instead of diverting to another html file that says login unsuccessful. also if a valid record is added i need the php code to call a html file that states the login is successful.

The second problem is that i need my html login file to go to a html page that says login successful if the user entered the correct details. it would also need to go to a different html file that said login unsuccessful if the wrong details were entered.

The last problem is that the session code in the login.php file does not work so I have commented it out.

Here is the code so far:

MySQL

CREATE TABLE users (
id int(10) unsigned NOT NULL auto_increment,
username varchar(15) NOT NULL default '',
password varchar(15) NOT NULL default '',
email varchar(40) NOT NULL default '',
PRIMARY KEY (id)
) TYPE=MyISAM;

index.html

<head>
</head>

<p><a href="login.html">Login</a> <a href="registration.html">Register</a></p>




registration.html




<form name="login" method="post" action="register.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="282" align="center">
<tr>
<td width="116"><span style="font-size:10pt;">Name:</span></td>
<td width="156"><input type="text" name="name" maxlength="100"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Email:</span></td>
<td width="156"><input type="text" name="email" maxlength="100"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Username:</span></td>
<td width="156"><input type="text" name="username"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Password:</span></td>
<td width="156"><input type="password" name="password"></td>
</tr>
<tr>
<td width="116">&nbsp;</td>
<td width="156">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999">&nbsp;</td>
</tr>
</table>
</form>



register.php



<?PHP

//Database Information

$dbhost = "myhost";
$dbname = "mydatabase";
$dbuser = "myusername";
$dbpass = "mypassword";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());


$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);

// lets check to see if the username already exists

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'register.html';
exit();
}

// lf no errors present with the username
// use a query to insert the data into the database.

$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

?>


login.html


<form name="login" method="post" action="login.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="220" align="center">
<tr>
<td width="71"><span style="font-size:10pt;">Username:</span></td>
<td width="139"><input type="text" name="username"></td>
</tr>
<tr>
<td width="71"><span style="font-size:10pt;">Password:</span></td>
<td width="139"><input type="password" name="password"></td>
</tr>
<tr>
<td width="71">&nbsp;</td>
<td width="139">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="registration.html" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td>
</tr>
</table>
</form>




login.php



<?php

//Database Information

$dbhost = "myhost";
$dbname = "mydatabase";
$dbuser = "myusername";
$dbpass = "mypassword";

//Connect to database
$connection = mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$username = $_POST["username"];
$password = md5($_POST["password"]);

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username' and password='$password'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
echo "login successfull";
} else {
echo "login does not exist";
}

#$query = "select * from users where username='$username' and password='$password'";

#$result = mysql_query($query,$connection);
#$num_rows = mysql_num_rows($result);

#if ($num_rows == 0) {
#$error = "Bad Login";
#echo "error";
# include "login.html";

#} else {
# $_SESSION["username"] = "$username";
# include "memberspage.php";
#echo "success";
#}

?>


Sorry for the longwinded explaination and I hope I was clear. I would really appriciate some help on this.

Regards

CFMaBiSmAd
02-22-2007, 01:48 AM
Please go back and edit your post and wrap the code for each file in "PHP" code wrappers. It is extremely difficult to read a mass of code and determine where one file stops and the next one starts when you don't use the PHP code wrappers.

You can do this by selecting/highlighting each section of code and click on the "PHP" icon. This is the white rectangular paper symbol with the "php" on it, located at the right-hand end of the row of icons above the text area where you enter your post.

Edit: One thing that I did notice that is causing one of your problems. The register.php file contains the following line -

include 'register.html';However, the file name you listed for the first piece of code is - registration.html. I suspect that the include statement should match the file name of the first piece of code.

cobe123
02-22-2007, 11:44 AM
I have added the php code wrappers to the code I posted. I would appriciate any further input.

timgolding
02-22-2007, 12:28 PM
For hashing I suggest using sha1() with your php and downloading a javascript sha1 funstion also then hashing the password before the form is submitted.

I also suggest adding a salt string to the hash. If I were you I would implement this first before continuing

Any how I do have some md5 based login systems at home I can find the code for you later?

cobe123
02-22-2007, 12:54 PM
I would appriciate your code as my knowledge of php is not as in depth as yours.

aedrin
02-22-2007, 04:09 PM
One concept to move away from is using each .php file as a single step in a process.

Instead of that, create a .php file that submits to itself. Before displaying anything, check if the user tried to submit. If yes, validate the input. If it validates, use header() to forward to the next page (the succesful login).

If it didn't validate, print the same page with the username already filled in (since you know this now) and also include the message that the username or password was incorrect.




if (isset($_REQUEST['login'])) {
/* ... validate login here ... */
if ($valid) {
header('Location: succesful.php');
} else {
$message = "Invalid username or password.";
}
}




<?php
if (isset($message)) {
echo $message;
}
<form action="login.php">
<input type="text" name="username" value="<?php echo (isset($_REQUEST['username']?$_REQUEST['username']:'');?>" />
<input type="password" name="password" />
<input type="submit" name="login" value="Login" />
</form>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum