I am creating a login/registration system using php/mysql.
you are prompted to login, but you do not have an account, so you are sent to a registration form, creating a user and pass, the data is then inserted into a mysql database (no email registration), you are then prompted to login once again, well enter the user/pass, it should redirect you to a page where you are then logged in, but i am having errors there. here is all of my code, check it out, sorry if i explained the problem poorly, i am pretty new to PHP
login form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Log-in</title>
</head>
<body>
<form name="login" method="post" action="login.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="220" align="center">
<tr>
<td width="71"><span style="font-size:10pt;">Username:</span></td>
<td width="139"><input type="text" name="username"></td>
</tr>
<tr>
<td width="71"><span style="font-size:10pt;">Password:</span></td>
<td width="139"><input type="password" name="password"></td>
</tr>
<tr>
<td width="71"> </td>
<td width="139">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="registerform.php" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td>
</tr>
</table>
</form>
</body>
</html>
login processor: I believe the error is contained in this package of code.
<?php
$dbhost = "localhost";
$dbname = "andy";
$dbuser = "root";
$dbpass = "admin";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
if (isset($username)) {
echo "this var is set.";
}
$query = "select * from users where username=’$username’ and password=’$password’";
$result = mysql_query($query);
if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
include "loginform.php";
} else {
$_SESSION['username'] = "$username";
include “index.php”;
show_userbox();
}
?>
Registration Form:
<form name="login" method="post" action="registration.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="282" align="center">
<tr>
<td width="116"><span style="font-size:10pt;">Username:</span></td>
<td width="156"><input type="text" name="username"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Password:</span></td>
<td width="156"><input type="password" name="password"></td>
</tr>
<tr>
<td width="116"> </td>
<td width="156">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"> </td>
</tr>
</table>
</form>
registration processor
<?PHP
//Database Information
$dbhost = "localhost";
$dbname = "andy";
$dbuser = "root";
$dbpass = "admin";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$username = $_POST['username'];
$password = md5($_POST['password']);
// lets check to see if the username already exists
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'registerform.php';
exit();
}
// lf no errors present with the username
// use a query to insert the data into the database.
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You have successfully Registered $username. ";
echo "result=$result<br>";
?>