Tenaciousmug

Well, I already have a login/registration system. So I just don't know how to input it into the database to the person who is logged in. I'm working on creating a virtual petsite. And they can only play this game 20 times a day, but I also don't know how to code that limit.. If it's simple, please let me know! But if they roll a six, they will win 500 RP each time. And it will update the database of the RP that is assigned to their account. I don't know if I'm making sense or not... But the fields for the Member database are: username, createDate, password, firstName, email, rp Oh it's fine severndigital, thanks for the reply. (: I love seeing all the ways of coding so I can expand my knowledge.

Wow, I have no clue what I'm doing.. I'm trying to make a random game and if you roll a 6, you will win 500 rp and I'm trying to insert the 500 rp into the user who is logged in ($_SESSION['username'). But I... just don't know where to begin. Here is my crappy coding that I just.. am stumped on: <p><?php $dice = rand(1,6); if($dice == 1){ echo "You rolled a <br><b>1</b>"; }if($dice == 2){ echo "You rolled a <br><b>2</b>"; }if($dice == 3){ echo "You rolled a <br><b>3</b>"; }if($dice == 4){ echo "You rolled a <br><b>4</b>"; }if($dice == 5){ echo "You rolled a <br><b>5</b>"; }if($dice == 6){ echo "You rolled a <br><b>6</b>"; } $winner = "500"; if($dice == 6); { include("haha.php"); $cxn = mysqli_connect($dbhost,$dbuser,$dbpassword,$dbdatabase); $sql = "INSERT INTO Member (rp) VALUES ('$winner')"; mysqli_query($cxn,$sql); } ?>

EDIT:::: Okay, nevermind, I figured it out. The password to my connection was set as $password. Then I also had that variable for the users name input of their password. Okay thank you for your help. Now I see what is the problem since I undid the md5 to see what the password was really entering. It's entering the password to my PHPAdmin for every single username joining... Does anyone have any idea how to fix this? Here is my code: <?php session_start(); switch (@$_POST['Button']) { case "Log in": include("haha.php"); $cxn = mysqli_connect($host,$user,$password,$database); $username = $cxn->real_escape_string($_POST['username']); $sql = "SELECT `username` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: username"); $num = mysqli_num_rows($result); if($num > 0) //username was found { $password = $cxn->real_escape_string($_POST['password']); $sql = "SELECT `username` FROM `Member` WHERE `username`='$username' AND `password`='$password'"; $result2 = mysqli_query($cxn,$sql) or die("Query died: password"); $num = mysqli_num_rows($result2); if($num > 0) //password matches { $_SESSION['auth']="yes"; $_SESSION['username'] = $username; $sql = "INSERT INTO Login (username,loginTime) VALUES ('$username',NOW())"; $result = mysqli_query($cxn,$sql) or die("Query died: insert"); header("Location: testing.php"); } else { $message_1="The username, '$username' exists. However you have not entered the correct password! Please try again."; $username=strip_tags(trim($username)); include("login_form2.php"); } } else // username was not found { $message_1 = "The username you entered does not exist! Please try again."; include("login_form2.php"); } break; case "Register": /* Check for blanks */ foreach($_POST as $field => $value) { if(empty($value)) { $blanks[] = $field; } else { $good_data[$field] = strip_tags(trim($value)); } } if(isset($blanks)) { $message_2 = "The following fields are blank. Please enter the required information: "; foreach($blanks as $value) { $message_2 .="$value, "; } extract($good_data); include("login_form2.php"); exit(); } /* validate data */ foreach($_POST as $field => $value) { if(!empty($value)) { if(preg_match("/name/i",$field) and !preg_match("/user/i",$field) and !preg_match("/log/i",$field)) { if(!preg_match("/^[A-Za-z' -]{1,15}$/",$value)) { $errors[] = "$value is not a valid name. "; } } if(preg_match("/email/i",$field)) { if(!preg_match("/^.+@.+\\..+$/",$value)) { $errors[]="$value is not a valid email address."; } } } // end if not empty } foreach($_POST as $field => $value) { $$field = strip_tags(trim($value)); } if(@is_array($errors)) { $message_2 = ""; foreach($errors as $value) { $message_2 .= $value." Please try again"; } include("login_form2.php"); exit(); } //end if errors are found /* check to see if username already exists */ include("haha.php"); $cxn = mysqli_connect($host,$user,$password,$database) or die("Couldn't connect to server"); $username = $cxn->real_escape_string($username); $sql = "SELECT `username` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: username."); $num = mysqli_num_rows($result); if($num > 0) { $message_2 = "$username already exists. Select another username."; include("login_form2.php"); exit(); } // end if username already exists else // add new member to database { $sql = "INSERT INTO Member (username,createDate,password,firstName,email) VALUES ('$username',NOW(),'$password','$firstName','$email')"; mysqli_query($cxn,$sql); $_SESSION['auth']="yes"; $_SESSION['username'] = $username; header("Location: testing.php"); } break; default: include("login_form2.php"); } ?>

This is my whole code for the login/registration. The username, Dyl, exists in the database and it says that, but it says I am entering the wrong password when I'm entering the one I created the account with. Does anyone see any problems that could interfere with this? <?php session_start(); switch (@$_POST['Button']) { case "Log in": include("haha.php"); $cxn = mysqli_connect($host,$user,$password,$database); $fusername = $cxn->real_escape_string($_POST['fusername']); $sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername'"; $result = mysqli_query($cxn,$sql) or die("Query died: fusername"); $num = mysqli_num_rows($result); if($num > 0) //username was found { $fpassword = $cxn->real_escape_string($_POST['fpassword']); $sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername' AND `password`=md5('$fpassword')"; $result2 = mysqli_query($cxn,$sql) or die("Query died: fpassword"); $num = mysqli_num_rows($result2); if($num > 0) //password matches { $_SESSION['auth']="yes"; $_SESSION['username'] = $fusername; $sql = "INSERT INTO Login (username,loginTime) VALUES ('$fusername',NOW())"; $result = mysqli_query($cxn,$sql) or die("Query died: insert"); header("Location: testing.php"); } else { $message_1="The username, '$fusername' exists. However you have not entered the correct password! Please try again."; $fusername=strip_tags(trim($fusername)); include("login_form2.php"); } } else // username was not found { $message_1 = "The username you entered does not exist! Please try again."; include("login_form2.php"); } break; case "Register": /* Check for blanks */ foreach($_POST as $field => $value) { if(empty($value)) { $blanks[] = $field; } else { $good_data[$field] = strip_tags(trim($value)); } } if(isset($blanks)) { $message_2 = "The following fields are blank. Please enter the required information: "; foreach($blanks as $value) { $message_2 .="$value, "; } extract($good_data); include("login_form2.php"); exit(); } /* validate data */ foreach($_POST as $field => $value) { if(!empty($value)) { if(preg_match("/name/i",$field) and !preg_match("/user/i",$field) and !preg_match("/log/i",$field)) { if(!preg_match("/^[A-Za-z' -]{1,15}$/",$value)) { $errors[] = "$value is not a valid name. "; } } if(preg_match("/email/i",$field)) { if(!preg_match("/^.+@.+\\..+$/",$value)) { $errors[]="$value is not a valid email address."; } } } // end if not empty } foreach($_POST as $field => $value) { $$field = strip_tags(trim($value)); } if(@is_array($errors)) { $message_2 = ""; foreach($errors as $value) { $message_2 .= $value." Please try again"; } include("login_form2.php"); exit(); } //end if errors are found /* check to see if username already exists */ include("haha.php"); $cxn = mysqli_connect($host,$user,$password,$database) or die("Couldn't connect to server"); $username = $cxn->real_escape_string($username); $sql = "SELECT `username` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: username."); $num = mysqli_num_rows($result); if($num > 0) { $message_2 = "$username already exists. Select another username."; include("login_form2.php"); exit(); } // end if username already exists else // add new member to database { $sql = "INSERT INTO Member (username,createDate,password,firstName,email) VALUES ('$username',NOW(),md5('$password'),'$firstName','$email')"; mysqli_query($cxn,$sql); $_SESSION['auth']="yes"; $_SESSION['username'] = $username; header("Location: testing.php"); } break; default: include("login_form2.php"); } ?>