Jump to content

PHP Membership System problem

Fruddy

By Fruddy
in PHP Coding Help

Recommended Posts

  • Replies 56
  • Created
  • Last Reply
onlyican Advanced Member

onlyican

Posted
Posted
change
[code=php:0]
$user_sql = "SELECT COUNT (*) AS user_match FROM 'users' WHERE 'username' ='$username'";
$email_sql = "SELECT COUNT (*) AS email_match FROM 'users' WHERE 'email_address' ='$email'";
[/code]
to
[code=php:0]
$user_sql = "SELECT COUNT (*) AS user_match FROM users WHERE username ='".$username."'";
$email_sql = "SELECT COUNT (*) AS email_match FROM users WHERE email_address ='".$email."'";
[/code]

Table names and field names do not have single quotes, you can use ticks (above Tab, left of 1)
Tick = `
Quote = '

tomfmason Advanced Member

tomfmason

Posted
Posted
it was more then that. I have the script working now. From now on I am going to test everthing that I post(prior to posting)

[b]The join.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Join Us</title>
</head>

<body>
<?php
if (($message == "info") || ($message == "email_check") || ($message == "username_check")) {
    if ($message == "info") {
        echo "You did not submit the following information";
    if ($error == "username") {
        echo "Username is a required field";
    }
    if ($error == "first_name") {
        echo "First Name is a required field";
    }
    if ($error == "last_name") {
        echo "Last name is a required field";
    }
    if ($error == "email_address") {
        echo "Your email address is a required field";
    }
    }
    if ($message == "email_match") {
    echo "You are already a member.";
}
if ($message == "username_match") {
    echo "Your username is already being used by another member. Please try again.";
    }
}
?>
<form method="post" action="register.php">
  <table width="100%" border="0" cellpadding="4" cellspacing="0">
    <tr>
      <td width="24%" align="left" valign="top">Fornavn</td>
      <td width="76%"><input name="first_name" type="text" id="first_name2"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Efternavne</td>
      <td><input name="last_name" type="text" id="last_name"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Email</td>
      <td><input name="email_address" type="text" id="email_address"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Brugernavn</td>
      <td><input name="username" type="text" id="username"></td>
    </tr>
      <td align="left" valign="top"> </td>
      <td><input type="submit" name="Submit" value="opret bruger!"></td>
    </tr>
  </table>
</form> 
</body>
</html>
[/code]


[b] The register.php[/b]

[code]<?php
include("db.php");//your database connection file
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!first_name) || (!$last_name) || (!email_address)) {
    $message = "info";
if (!username) {
    $error = "username";
}
if (!first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!email_address) {
    $error = "email_address";
}
include("join.php");
exit;
}

$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit;
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());

if(!$sql){
    echo 'Det er kommet en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    You are now registered at our website, http://www.my-project.dk!
   
    To activate your membership, please login here: http://www.mywebsite.com/distributors_section/login_form.html
   
    Once you activate your membership, you will be able to login with the following information:
    Username: $username
    Password: $random_password
    Please keep this username and password in a location that is easily accessible by you.
   
    Thanks!
    #Fruddy my-project.dk
   
    This is an automated response, please do not reply!";
   
    mail($email_address, $subject, $message, "From: MyWebSite<[email protected]>\nX-Mailer: PHP/" . phpversion());
echo "$randompwd";
}
?>[/code]

[b]The Login.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<body>
<?php
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
    echo "You did not enter your username or password. Please try again.";
}
if ($message == "userinfo") {
    echo "Your username and password do not match. Please try again";
}
}
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
      <tr>
        <td width="20%">Brugernavn</td>
        <td width="80%"><input name="username" type="text" id="username"></td>
      </tr>
      <tr>
        <td>Kodeord</td>
        <td><input name="password" type="password" id="password"></td>
      </tr>
      <tr>
        <td> </td>
        <td><input type="submit" name="Submit" value="Submit"></td>
      </td>
    </table>
  </div>
</form> 
</body>
</html>
[/code]

[b]The checkuser.php[/b]
[code]<?php
session_start();
include ('db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

if ((!$username) || (!$password)) {
    $message = "login_info";
    include("login.php");
exit();
}



$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    $_SESSION['username']= "$username";
    include("somepage.php");
} else {
    $message = "userinfo";
include("login.php");
exit();
}
?>[/code]
ignace Advanced Member

ignace

Posted
Posted
[quote author=tomfmason link=topic=102837.msg409000#msg409000 date=1154623958]
it was more then that. I have the script working now. From now on I am going to test everthing that I post(prior to posting)

*EDIT by ignace on august 06 2006 11:58:15*

[b]The join.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Join Us</title>
</head>

<body>
<?php
if (($message == "info") || ($message == "email_check") || ($message == "username_check")) {
    if ($message == "info") {
        echo "You did not submit the following information.<br />";
    if ($error == "username") {
        echo "Username is a required field.<br />";
    }
    if ($error == "first_name") {
        echo "First Name is a required field.<br />";
    }
    if ($error == "last_name") {
        echo "Last name is a required field.<br />";
    }
    if ($error == "email_address") {
        echo "Your email address is a required field.<br />";
    }
    }
    if ($message == "email_match") {
    echo "You are already a member.<br />";
}
if ($message == "username_match") {
    echo "Your username is already being used by another member. Please try again.<br />";
    }
}
?>
<form method="post" action="register.php">
  <table width="100%" border="0" cellpadding="4" cellspacing="0">
    <tr>
      <td width="24%" align="left" valign="top">Fornavn</td>
      <td width="76%"><input name="first_name" type="text" id="first_name2"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Efternavne</td>
      <td><input name="last_name" type="text" id="last_name"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Email</td>
      <td><input name="email_address" type="text" id="email_address"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Brugernavn</td>
      <td><input name="username" type="text" id="username"></td>
    </tr>
      <td align="left" valign="top"> </td>
      <td><input type="submit" name="Submit" value="opret bruger!"></td>
    </tr>
  </table>
</form> 
</body>
</html>
[/code]


[b] The register.php[/b]

[code]<?php
include_once("db.php");//your database connection file
array_pop($_POST);
if (get_magic_quotes_gpc()) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));// In my experience mysql_real_escape_string always returned error's
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!$first_name) || (!$last_name) || (!$email_address)) {
    $message = "info";
if (!$username) {
    $error = "username";
}
if (!$first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!$email_address) {
    $error = "email_address";
}
include("join.php");
exit(1);// Proper manor of exiting
}

$user_sql = "SELECT COUNT(*) AS `user_match` FROM `users` WHERE `username`='$username'";
$email_sql = "SELECT COUNT(*) AS `email_match` FROM `users` WHERE `email_address`='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit(1);
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO `users` (`first_name`, `last_name`, `email_address`, `username`, `password`, `signup_date`)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', NOW())") or die (mysql_error());

if(!$sql){
    echo 'Det er kommet en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    You are now registered at our website, http://www.my-project.dk!
   
    To activate your membership, please login here: http://www.mywebsite.com/distributors_section/login_form.html
   
    Once you activate your membership, you will be able to login with the following information:
    Username: $username
    Password: $random_password
    Please keep this username and password in a location that is easily accessible by you.
   
    Thanks!
    #Fruddy my-project.dk
   
    This is an automated response, please do not reply!";
   
    if (mail($email_address, $subject, $message, "From: MyWebSite<[email protected]>\nX-Mailer: PHP/" . phpversion())) {
//echo "$randompwd";
        echo "You are now successfully registered at our website, an additional e-mail has been dispatched to your e-mail address, you should receive this e-mail within the next 24 hours. Thank you!";
    } else {
        // Mailing failed.
    }
}
?>[/code]

[b]The Login.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<body>
<?php
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
    echo "You did not enter your username or password. Please try again.<br />";
}
if ($message == "userinfo") {
    echo "Your username and password do not match. Please try again.<br />";
}
}
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
      <tr>
        <td width="20%">Brugernavn</td>
        <td width="80%"><input name="username" type="text" id="username"></td>
      </tr>
      <tr>
        <td>Kodeord</td>
        <td><input name="password" type="password" id="password"></td>
      </tr>
      <tr>
        <td> </td>
        <td><input type="submit" name="Submit" value="Submit"></td>
      </td>
    </table>
  </div>
</form> 
</body>
</html>
[/code]

[b]The checkuser.php[/b]
[code]<?php
session_start();
include ('db.php');
array_pop($_POST);
if (get_magic_quotes_gpc()) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

if ((!$username) || (!$password)) {
    $message = "login_info";
    include("login.php");
exit(1);
}



$sql= sprintf("SELECT COUNT(*) AS `login_match` FROM `users` WHERE `username`='%s' AND `password`='%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    $_SESSION['username']= "$username";
    include("somepage.php");
} else {
    $message = "userinfo";
include("login.php");
exit(1);
}
?>[/code]
[/quote]
tomfmason Advanced Member

tomfmason

Posted
Posted
Ok so there were some minor issues with the scripts. Manly the exit();. You are right about the [b]proper[/b] way to exit. [code=php:0]exit(1);//exit with errors[/code] . The reason that the register script did not have an error message for the mail portion, is that I copied that part from his orginal script.

Now as far as [code=php:0]mysql_real_escape_string[/code] I use it in an attempt to avoid database insertion. I have never had any issues with it. I know that there are a few other ways to prevent insertion but I personaly like mysql_real_escape_string.





Tom
Fruddy Newbie

Fruddy

Posted
  • Author
Posted
So hows my register.php going to look like?

[code]<?php
include("database.php")
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!first_name) || (!$last_name) || (!email_address)) {
    $message = "info";
if (!username) {
    $error = "username";
}
if (!first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!email_address) {
    $error = "email_address";
}
include("join.php");
exit;
}

$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit;
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());

if(!$sql){
    echo 'Det er opstÃ¥et en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    Du er nu registeret som en bruger pÃ¥, http://www.my-project.dk!
   
    Du kan logge ind med følgende oplysninger
    Username: $username
    Password: $random_password
   
   
    Tak!
    #Fruddy my-project.dk
   
    Dette er en automatisk respons, du skal ikke skrive tilbage.";
   
    mail($email_address, $subject, $message, "From: MyWebSite<[email protected]>\nX-Mailer: PHP/" . phpversion());
echo "$randompwd";
}
?>[/code]
tomfmason Advanced Member

tomfmason

Posted
Posted
here you go.

[code]<?php
include("database.php");
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!$first_name) || (!$last_name) || (!$email_address)) {
    $message = "info";
if (!$username) {
    $error = "username";
}
if (!$first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!$email_address) {
    $error = "email_address";
}
include("join.php");
exit;
}

$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit;
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());

if(!$sql){
    echo 'Det er opstÃ¥et en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    Du er nu registeret som en bruger pÃ¥, http://www.my-project.dk!
   
    Du kan logge ind med følgende oplysninger
    Username: $username
    Password: $random_password
   
   
    Tak!
    #Fruddy my-project.dk
   
    Dette er en automatisk respons, du skal ikke skrive tilbage.";
   
    mail($email_address, $subject, $message, "From: MyWebSite<[email protected]>\nX-Mailer: PHP/" . phpversion());
}
?>[/code]
Fruddy Newbie

Fruddy

Posted
  • Author
Posted
well, i got a problem:

[code] <?php

if ( empty( $username ) ) {
include("http://www.my-project.dk/login.php");
} else {
echo "Du er logget ind som<br><b>username</b>";

}
?>[/code]

It keeps showing the logn page, also if im logged in.


And hows my cookie going to look like? So it stores my username and pass?
tomfmason Advanced Member

tomfmason

Posted
Posted
I think what you are wanting is something like this.

[code=php:0]
if (!$_SESSION['username']) {
  echo "You must login to view this page";
  include("login.php");
  exit(1);
}[/code]


You will need to set the session variables after a successful login.

Good Luck,
Tom
tomfmason Advanced Member

tomfmason

Posted
Posted
First you need to set the session variable username in the login script. Like this

[code=php:0]
if ($login_match == 1) {
    $_SESSION['username'] = $username;
    include("whatever.php");
}else{
//what ever was here before
[/code]

Now to protect the page do this

[code=php:0]
if (!$_SESSION['username']) {
   echo "You must login to view this page";
   include("login.php");
   exit(1);
}
echo "You are logged in as <b>" . $_SESSION['username'] . " </b>";
[/code]

   
Fruddy Newbie

Fruddy

Posted
  • Author
Posted
hmm its still doesnt how my name when im logged in:

<?php
if ($login_match == 1) {
    $_SESSION['username'] = $username;
    echo "du er logget ind som " ;
echo $username;
}else{
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
    echo "Du har ikke skrevet dit brugernavn eller kodeord";
}
if ($message == "userinfo") {
    echo "dit brugernavn og kodeord matcher ikke sammen";
}
}
}
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table border="0" align="center">
      <tr>
        <td class="t11_grey">Brugernavn:</td></tr><tr>
        <td><input name="username" type="text" id="username"></td>
      </tr><br>
      <tr>
        <td class="t11_grey"><br>Kodeord</td></tr><tr>
        <td><input name="password" type="password" id="password"></td>
      </tr>
    <tr>
        <td><input type="submit" name="Submit" value="Submit"> <a href="http://www.my-project.dk/register.php"> <u>opret bruger</u></a></td>
      </td>
    </table>
  </div>
</form> 
tomfmason Advanced Member

tomfmason

Posted
Posted
Here make a a php file named test and try this

[code]
<?php
session_start();
$username = "Fruddy";
$_SESSION['username'] = $username;

echo 'hello ' . $_SESSION['username'] . ' your sessions are working just fine.';
?>[/code]

Try this and then post your login script here if it echos your name here.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.