I have come across a problem that i cannot manage too get my head around.
I have made a registration script, and it all works fine. After a user has registered on it they get redirected to a login page that says "Thank you, (Username) you have registered you may now Login."
It also works and send the user a welcome message too their email.
My problem is the Login part. I have it set up so that a user logs in, and if they input the correct Username and Password they should be re-directed to the members page. The only problem is even if they input the correct username and password it always gets redirected to the login page becuase the session never starts.
And also, i have made sure the MYSQL tables name are the same in the php script and it still doesnt work.
So i was hoping i could get some help with it. Take a look at my code and tell me what you can see is wrong, or show me how to fix it.
Registration Script
<?php
<?
include ("hostinfo.php");
?>
@$conn = mysql_connect ($dbhost, $dbuser, $dbpass);
@$conn = mysql_select_db ($dbname);
if(!$conn){
die( "Sorry! There seems to be a problem connecting to our database. Please give us a few minutes to remedy the problem. Thank you.");
}
function errors($error){
if (!empty($error))
{
$i = 0;
while ($i < count($error)){
echo "<p><span class=\"warning\">".$error[$i]."</span></p>\n";
$i ++;}
}
}
if (isset($_POST['submit']))
{
$username = trim($_POST['username']);
if (strlen($username) < 2) {
$error[] = 'username Must be between 2 and 20 characters.';
}
if (strlen($username) > 20) {
$error[] = 'username Must be between 2 and 20 characters.';
}
if (!get_magic_quotes_gpc()) {
$_POST[] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 != 0) {
$error[] = 'Sorry, the username <b>'.$_POST['username'].'</b> is already in use.';
}
$password = trim($_POST['password']);
if (strlen($password) < 5) {
$error[] = 'password Must be between 5 and 20 characters.';
}
if (strlen($password) > 20) {
$error[] = 'password Must be between 5 and 20 characters.';
}
$password2 = trim($_POST['password2']);
if (strlen($password2) < 5) {
$error[] = 'confirm password Must be between 5 and 20 characters.';
}
if (strlen($password2) > 20) {
$error[] = 'confirm password Must be between 5 and 20 characters.';
}
if ($_POST['password'] != $_POST['password2']) {
$error[] = 'Your passwords did not match.';
}
$email = $_POST['email'];
$pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
if (!preg_match($pattern, trim($email))) {
$error[] = 'Please enter a valid email address';
}
if (!get_magic_quotes_gpc()) {
$_POST[] = addslashes($_POST['email']);
}
$emailcheck = $_POST['email'];
$emailcheck1 = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'")
or die(mysql_error());
$emailcheck2 = mysql_num_rows($emailcheck1);
if ($emailcheck2 != 0) {
$error[]
= 'Sorry, the email address <b>'.$_POST['email'].'</b> is
already in use, Please choose another email address.';
}
if (!$error ) {
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
if(!get_magic_quotes_gpc())
{
$username = addslashes($username);
$password = addslashes($password);
$email = addslashes($email);
}
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);
$username = strip_tags($username);
$password = strip_tags($password);
$email = strip_tags($email);
$username = ucwords(strtolower($username));
$email = strtolower($email);
$insert1 = "INSERT INTO users (username, password, email)
VALUES ('$username', md5('$password'), '$email')";
$result1 = mysql_query($insert1) or die('Error : ' . mysql_error());
$to = "$email";
$subject = "Registration Information";
$body
= "Welcome email goes here";
$additionalheaders = "From: <
[email protected]>\r\n";
$additionalheaders .= "Replt-To:
[email protected]";
if(mail($to, $subject, $body, $additionalheaders)){}
$to = "
[email protected]";
$subject = "New member";
$body
= "Welcome email goes here";
$additionalheaders = "From: <
[email protected]>\r\n";
$additionalheaders .= "Reply-To:
[email protected]";
if(mail($to, $subject, $body, $additionalheaders)){}
echo "<h2>Member Registration</h2>";
echo "<p>Thank you, <b>$username</b> you have registered you may now Login.</p>";
}
}
errors($error);
?>
<?
include "header.php";
?>
<form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<table border="0" class="table_lines" cellspacing="0" cellpadding="6">
<legend>Member Registration</legend>
<p>
<label>Username:</label>
<input name="username" type="text" maxlength="20" <?php if(isset($error)) {echo "value='$username'";} ?> />
</p>
<p>
<label>Password:</label>
<input name="password" type="password" maxlength="20" />
</p>
<p>
<label>Confirm Password:</label>
<input name="password2" type="password" maxlength="20" />
</p>
<p><label>Email:</label>
<input name="email" type="text" maxlength="255" <?php if(isset($error)) {echo "value='$email'";} ?> />
</p>
<p>
<input type="submit" name="submit" value="Register">
</p>
</form>
</tbody>
</table>
<?
include ("footer.php");
?>
-----------
Login Script
<?PHP
<?
include ("hostinfo.php");
?>
mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM $tbl WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_start();
$_SESSION["logged"] = 1;
header("location:userspage.php");
}
else {
$_SESSION["logged"] = 0;
header("location:index.php");
}
?>
<form method="post" action="login.php">
<br />Username: <input type="text" id="username" name="username">
<br />Password: <input type="password" id="password" name="password">
<br /><input type="submit" name="Login" value="Login"> </form>
Thanks