Login Problem

[Ashoar]

I have come across a problem that i cannot manage too get my head around.

I have made a registration script, and it all works fine. After a user has registered on it they get redirected to a login page that says "Thank you, (Username) you have registered you may now Login."

It also works and send the user a welcome message too their email.

 

My problem is the Login part. I have it set up so that a user logs in, and if they input the correct Username and Password they should be re-directed to the members page. The only problem is even if they input the correct username and password it always gets redirected to the login page becuase the session never starts.

And also, i have made sure the MYSQL tables name are the same in the php script and it still doesnt work.

 

So i was hoping i could get some help with it. Take a look at my code and tell me what you can see is wrong, or show me how to fix it.

 

 

Registration Script

<?php 

<?
include ("hostinfo.php");
?>


@$conn = mysql_connect ($dbhost, $dbuser, $dbpass);
@$conn = mysql_select_db ($dbname);
if(!$conn){
    die( "Sorry! There seems to be a problem connecting to our database. Please give us a few minutes to remedy the problem. Thank you.");
}

function errors($error){
if (!empty($error))
{
$i = 0;
while ($i < count($error)){
echo "<p><span class=\"warning\">".$error[$i]."</span></p>\n";
$i ++;}
}
} 

if (isset($_POST['submit'])) 
{

$username = trim($_POST['username']);
if (strlen($username) < 2) {
$error[] = 'username Must be between 2 and 20 characters.';
}
if (strlen($username) > 20) {
$error[] = 'username Must be between 2 and 20 characters.';
}

if (!get_magic_quotes_gpc()) {
$_POST[] = addslashes($_POST['username']);
}

$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

if ($check2 != 0) {
$error[] = 'Sorry, the username <b>'.$_POST['username'].'</b> is already in use.';
}

$password = trim($_POST['password']);
if (strlen($password) < 5) {
$error[] = 'password Must be between 5 and 20 characters.';
}
if (strlen($password) > 20) {
$error[] = 'password Must be between 5 and 20 characters.';
}

$password2 = trim($_POST['password2']);
if (strlen($password2) < 5) {
$error[] = 'confirm password Must be between 5 and 20 characters.';
}
if (strlen($password2) > 20) {
$error[] = 'confirm password Must be between 5 and 20 characters.';
}

if ($_POST['password'] != $_POST['password2']) {
$error[] = 'Your passwords did not match.';
}

$email = $_POST['email'];
$pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
if (!preg_match($pattern, trim($email))) {
$error[] = 'Please enter a valid email address';
} 

if (!get_magic_quotes_gpc()) {
$_POST[] = addslashes($_POST['email']);
}

$emailcheck = $_POST['email'];
$emailcheck1 = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'") 
or die(mysql_error());
$emailcheck2 = mysql_num_rows($emailcheck1);

if ($emailcheck2 != 0) {
$error[]
= 'Sorry, the email address <b>'.$_POST['email'].'</b> is
already in use, Please choose another email address.';
}

if (!$error ) {

$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email']; 


if(!get_magic_quotes_gpc())
{
$username = addslashes($username);
$password = addslashes($password);
$email = addslashes($email);
}


$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);


$username = strip_tags($username);
$password = strip_tags($password);
$email = strip_tags($email);


$username = ucwords(strtolower($username));
$email = strtolower($email);


$insert1 = "INSERT INTO users (username, password, email)
VALUES ('$username', md5('$password'), '$email')";
$result1 = mysql_query($insert1) or die('Error : ' . mysql_error());


$to = "$email";
$subject = "Registration Information";
$body
= "Welcome email goes here";
$additionalheaders = "From: <[email protected]>\r\n";
$additionalheaders .= "Replt-To: [email protected]";
if(mail($to, $subject, $body, $additionalheaders)){}


$to = "[email protected]";
$subject = "New member";
$body
= "Welcome email goes here";
$additionalheaders = "From: <[email protected]>\r\n";
$additionalheaders .= "Reply-To: [email protected]";
if(mail($to, $subject, $body, $additionalheaders)){}

echo "<h2>Member Registration</h2>";
echo "<p>Thank you, <b>$username</b> you have registered you may now Login.</p>";


} 

}  



errors($error);
?>

<?
include "header.php";
?>
<form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<table border="0" class="table_lines" cellspacing="0" cellpadding="6">
<legend>Member Registration</legend>

<p>
<label>Username:</label>
<input name="username" type="text" maxlength="20" <?php if(isset($error)) {echo "value='$username'";} ?> />
</p>
<p>
<label>Password:</label>
<input name="password" type="password" maxlength="20" />
</p>
<p>
<label>Confirm Password:</label>
<input name="password2" type="password" maxlength="20" />
</p>
<p><label>Email:</label>
<input name="email" type="text" maxlength="255" <?php if(isset($error)) {echo "value='$email'";} ?> />
</p>
<p>
<input type="submit" name="submit" value="Register"> 
</p>
</form>
</tbody>
</table>


<?
include ("footer.php");
?>

 

-----------

 

 

Login Script

<?PHP

<?
include ("hostinfo.php");
?>

mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");   
  
mysql_select_db("$dbname")or die("cannot select DB");   
     
  
$username=$_POST['username'];   
  
$password=$_POST['password'];   
  
$sql="SELECT * FROM $tbl WHERE username='$username' and password='$password'";   
  
$result=mysql_query($sql);   
    
  
$count=mysql_num_rows($result);   
     
  
if($count==1){   
     
session_start();   
$_SESSION["logged"] = 1;   
header("location:userspage.php");   
}   
else {   
$_SESSION["logged"] = 0;   
header("location:index.php");   
  
}   
  
?>  

 

<form method="post" action="login.php">   
  
<br />Username: <input type="text" id="username" name="username">   
  
<br />Password: <input type="password" id="password" name="password">   
  
<br /><input type="submit" name="Login" value="Login"> </form>  

 

 

Thanks

[metrostars]

Try:

 

<?php

include ("hostinfo.php"); //removed the code starters and enders

mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");   
  
mysql_select_db("$dbname")or die("cannot select DB");   
     
  
$username=$_POST['username'];   
  
$password=$_POST['password'];   
  
$sql="SELECT * FROM $tbl WHERE username='$username' and password='$password'";   
  
$result=mysql_query($sql);   
    
  
$count=mysql_num_rows($sql);   //changed this line
     
  
if($count==1){   
     
session_start();   
$_SESSION["logged"] = 1;   
header("location:userspage.php");   
}   
else {   
$_SESSION["logged"] = 0;   
header("location:index.php");   
  
}   
  
?> 

[.josh]

He had it right the first time. You use mysql_num_rows on the result source, not the query string.

 

re: "Even if info is correct, they still get redirected back to login page"

 

Do you have session_start() before trying to logged in check on userpage.php? If so, please post the part of your userpage.php that checks whether someone is logged in or not. 

[kratsg]

Both scripts have the following near the top:

 

<?php
//...
<?
include ("hostinfo.php");
?>
//...
?>

 

The problem is you cannot nest php tags, get rid of the ones around the include, see how your code works.

 

<?php

include ("hostinfo.php");

?>

[Ashoar]

Yeah sorry i know i cannot nest the PHP tags, that was one of my problems, then i realied i had too take the php tags of. Sorry these were copied from my draft folder, not the final stuff, so those were not fixed. It doesnt work even if those are taken out. Having those in just brings a PHP error up.

 

Crayon.

At the top of all pages that only Logined users can view i have:

 

 

session_start();
if(!session_is_registered(username)){
header("location:userspage.php");
}

 

Thanks

[.josh]

well according to the script you posted there is no username session var.  You used $_SESSION['logged'] so shouldn't you be checking for that?

[Ashoar]

Oh i get it.

Sorry i was told "session_is_registered" was a PHP function used to check if a session if registered. Guess i was told wrong.

Thankyou for the help

[.josh]

Well you can make use of that function under certain circumstances, but the point I was making was that you were checking for "username" not "logged". 

[revraz]

Check out the PHP manual in regards to session_start.

 

Oh i get it.

Sorry i was told "session_is_registered" was a PHP function used to check if a session if registered. Guess i was told wrong.

Thankyou for the help