Jump to content

PHP Membership System problem


Fruddy

Recommended Posts

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

change
[code=php:0]
$user_sql = "SELECT COUNT (*) AS user_match FROM 'users' WHERE 'username' ='$username'";
$email_sql = "SELECT COUNT (*) AS email_match FROM 'users' WHERE 'email_address' ='$email'";
[/code]
to
[code=php:0]
$user_sql = "SELECT COUNT (*) AS user_match FROM users WHERE username ='".$username."'";
$email_sql = "SELECT COUNT (*) AS email_match FROM users WHERE email_address ='".$email."'";
[/code]

Table names and field names do not have single quotes, you can use ticks (above Tab, left of 1)
Tick = `
Quote = '

Link to comment
Share on other sites

it was more then that. I have the script working now. From now on I am going to test everthing that I post(prior to posting)

[b]The join.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Join Us</title>
</head>

<body>
<?php
if (($message == "info") || ($message == "email_check") || ($message == "username_check")) {
    if ($message == "info") {
        echo "You did not submit the following information";
    if ($error == "username") {
        echo "Username is a required field";
    }
    if ($error == "first_name") {
        echo "First Name is a required field";
    }
    if ($error == "last_name") {
        echo "Last name is a required field";
    }
    if ($error == "email_address") {
        echo "Your email address is a required field";
    }
    }
    if ($message == "email_match") {
    echo "You are already a member.";
}
if ($message == "username_match") {
    echo "Your username is already being used by another member. Please try again.";
    }
}
?>
<form method="post" action="register.php">
  <table width="100%" border="0" cellpadding="4" cellspacing="0">
    <tr>
      <td width="24%" align="left" valign="top">Fornavn</td>
      <td width="76%"><input name="first_name" type="text" id="first_name2"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Efternavne</td>
      <td><input name="last_name" type="text" id="last_name"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Email</td>
      <td><input name="email_address" type="text" id="email_address"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Brugernavn</td>
      <td><input name="username" type="text" id="username"></td>
    </tr>
      <td align="left" valign="top"> </td>
      <td><input type="submit" name="Submit" value="opret bruger!"></td>
    </tr>
  </table>
</form> 
</body>
</html>
[/code]


[b] The register.php[/b]

[code]<?php
include("db.php");//your database connection file
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!first_name) || (!$last_name) || (!email_address)) {
    $message = "info";
if (!username) {
    $error = "username";
}
if (!first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!email_address) {
    $error = "email_address";
}
include("join.php");
exit;
}

$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit;
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());

if(!$sql){
    echo 'Det er kommet en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    You are now registered at our website, http://www.my-project.dk!
   
    To activate your membership, please login here: http://www.mywebsite.com/distributors_section/login_form.html
   
    Once you activate your membership, you will be able to login with the following information:
    Username: $username
    Password: $random_password
    Please keep this username and password in a location that is easily accessible by you.
   
    Thanks!
    #Fruddy my-project.dk
   
    This is an automated response, please do not reply!";
   
    mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
echo "$randompwd";
}
?>[/code]

[b]The Login.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<body>
<?php
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
    echo "You did not enter your username or password. Please try again.";
}
if ($message == "userinfo") {
    echo "Your username and password do not match. Please try again";
}
}
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
      <tr>
        <td width="20%">Brugernavn</td>
        <td width="80%"><input name="username" type="text" id="username"></td>
      </tr>
      <tr>
        <td>Kodeord</td>
        <td><input name="password" type="password" id="password"></td>
      </tr>
      <tr>
        <td> </td>
        <td><input type="submit" name="Submit" value="Submit"></td>
      </td>
    </table>
  </div>
</form> 
</body>
</html>
[/code]

[b]The checkuser.php[/b]
[code]<?php
session_start();
include ('db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

if ((!$username) || (!$password)) {
    $message = "login_info";
    include("login.php");
exit();
}



$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    $_SESSION['username']= "$username";
    include("somepage.php");
} else {
    $message = "userinfo";
include("login.php");
exit();
}
?>[/code]
Link to comment
Share on other sites

[quote author=tomfmason link=topic=102837.msg409000#msg409000 date=1154623958]
it was more then that. I have the script working now. From now on I am going to test everthing that I post(prior to posting)

*EDIT by ignace on august 06 2006 11:58:15*

[b]The join.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Join Us</title>
</head>

<body>
<?php
if (($message == "info") || ($message == "email_check") || ($message == "username_check")) {
    if ($message == "info") {
        echo "You did not submit the following information.<br />";
    if ($error == "username") {
        echo "Username is a required field.<br />";
    }
    if ($error == "first_name") {
        echo "First Name is a required field.<br />";
    }
    if ($error == "last_name") {
        echo "Last name is a required field.<br />";
    }
    if ($error == "email_address") {
        echo "Your email address is a required field.<br />";
    }
    }
    if ($message == "email_match") {
    echo "You are already a member.<br />";
}
if ($message == "username_match") {
    echo "Your username is already being used by another member. Please try again.<br />";
    }
}
?>
<form method="post" action="register.php">
  <table width="100%" border="0" cellpadding="4" cellspacing="0">
    <tr>
      <td width="24%" align="left" valign="top">Fornavn</td>
      <td width="76%"><input name="first_name" type="text" id="first_name2"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Efternavne</td>
      <td><input name="last_name" type="text" id="last_name"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Email</td>
      <td><input name="email_address" type="text" id="email_address"></td>
    </tr>
    <tr>
      <td align="left" valign="top">Brugernavn</td>
      <td><input name="username" type="text" id="username"></td>
    </tr>
      <td align="left" valign="top"> </td>
      <td><input type="submit" name="Submit" value="opret bruger!"></td>
    </tr>
  </table>
</form> 
</body>
</html>
[/code]


[b] The register.php[/b]

[code]<?php
include_once("db.php");//your database connection file
array_pop($_POST);
if (get_magic_quotes_gpc()) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));// In my experience mysql_real_escape_string always returned error's
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!$first_name) || (!$last_name) || (!$email_address)) {
    $message = "info";
if (!$username) {
    $error = "username";
}
if (!$first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!$email_address) {
    $error = "email_address";
}
include("join.php");
exit(1);// Proper manor of exiting
}

$user_sql = "SELECT COUNT(*) AS `user_match` FROM `users` WHERE `username`='$username'";
$email_sql = "SELECT COUNT(*) AS `email_match` FROM `users` WHERE `email_address`='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit(1);
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO `users` (`first_name`, `last_name`, `email_address`, `username`, `password`, `signup_date`)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', NOW())") or die (mysql_error());

if(!$sql){
    echo 'Det er kommet en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    You are now registered at our website, http://www.my-project.dk!
   
    To activate your membership, please login here: http://www.mywebsite.com/distributors_section/login_form.html
   
    Once you activate your membership, you will be able to login with the following information:
    Username: $username
    Password: $random_password
    Please keep this username and password in a location that is easily accessible by you.
   
    Thanks!
    #Fruddy my-project.dk
   
    This is an automated response, please do not reply!";
   
    if (mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion())) {
//echo "$randompwd";
        echo "You are now successfully registered at our website, an additional e-mail has been dispatched to your e-mail address, you should receive this e-mail within the next 24 hours. Thank you!";
    } else {
        // Mailing failed.
    }
}
?>[/code]

[b]The Login.php[/b]
[code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login Form</title>
</head>

<body>
<?php
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
    echo "You did not enter your username or password. Please try again.<br />";
}
if ($message == "userinfo") {
    echo "Your username and password do not match. Please try again.<br />";
}
}
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
      <tr>
        <td width="20%">Brugernavn</td>
        <td width="80%"><input name="username" type="text" id="username"></td>
      </tr>
      <tr>
        <td>Kodeord</td>
        <td><input name="password" type="password" id="password"></td>
      </tr>
      <tr>
        <td> </td>
        <td><input type="submit" name="Submit" value="Submit"></td>
      </td>
    </table>
  </div>
</form> 
</body>
</html>
[/code]

[b]The checkuser.php[/b]
[code]<?php
session_start();
include ('db.php');
array_pop($_POST);
if (get_magic_quotes_gpc()) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

if ((!$username) || (!$password)) {
    $message = "login_info";
    include("login.php");
exit(1);
}



$sql= sprintf("SELECT COUNT(*) AS `login_match` FROM `users` WHERE `username`='%s' AND `password`='%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    $_SESSION['username']= "$username";
    include("somepage.php");
} else {
    $message = "userinfo";
include("login.php");
exit(1);
}
?>[/code]
[/quote]
Link to comment
Share on other sites

Ok so there were some minor issues with the scripts. Manly the exit();. You are right about the [b]proper[/b] way to exit. [code=php:0]exit(1);//exit with errors[/code] . The reason that the register script did not have an error message for the mail portion, is that I copied that part from his orginal script.

Now as far as [code=php:0]mysql_real_escape_string[/code] I use it in an attempt to avoid database insertion. I have never had any issues with it. I know that there are a few other ways to prevent insertion but I personaly like mysql_real_escape_string.





Tom
Link to comment
Share on other sites

So hows my register.php going to look like?

[code]<?php
include("database.php")
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!first_name) || (!$last_name) || (!email_address)) {
    $message = "info";
if (!username) {
    $error = "username";
}
if (!first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!email_address) {
    $error = "email_address";
}
include("join.php");
exit;
}

$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit;
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());

if(!$sql){
    echo 'Det er opstÃ¥et en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    Du er nu registeret som en bruger pÃ¥, http://www.my-project.dk!
   
    Du kan logge ind med følgende oplysninger
    Username: $username
    Password: $random_password
   
   
    Tak!
    #Fruddy my-project.dk
   
    Dette er en automatisk respons, du skal ikke skrive tilbage.";
   
    mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
echo "$randompwd";
}
?>[/code]
Link to comment
Share on other sites

here you go.

[code]<?php
include("database.php");
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username = mysql_real_escape_string(trim($_POST['username']));
$first_name = mysql_real_escape_string(trim($_POST['first_name']));
$last_name = mysql_real_escape_string(trim($_POST['last_name']));
$email = mysql_real_escape_string(trim($_POST['email_address']));    

if ((!$username) || (!$first_name) || (!$last_name) || (!$email_address)) {
    $message = "info";
if (!$username) {
    $error = "username";
}
if (!$first_name) {
    $error = "first_name";
}
if (!$last_name) {
    $error = "last_name";
}
if (!$email_address) {
    $error = "email_address";
}
include("join.php");
exit;
}

$user_sql = "SELECT COUNT(*) AS user_match FROM `users` WHERE `username` ='$username'";
$email_sql = "SELECT COUNT(*) AS email_match FROM `users` WHERE `email_address` ='$email'";

$res= mysql_query($user_sql) or die(mysql_error());
$result= mysql_query($email_sql) or die(mysql_error());

$user_match= mysql_result($res, 0, 'user_match');
$email_match= mysql_result($result, 0, 'email_match');

if (($user_match > 0) || ($email_match > 0)) {
    if ($username > 0 ) {
    $message = "username_match";
unset($username);
}
if ($email_match > 0) {
    $message = "email_match";
unset($email);
}
include("join.php");
exit;
}

function makepassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

$randompwd =  makepassword();
$mdpwd = md5($randompwd);

$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, username, password, signup_date)
        VALUES('$first_name', '$last_name', '$email_address', '$username', '$mdpwd', now())") or die (mysql_error());

if(!$sql){
    echo 'Det er opstÃ¥et en fejl. Kontakt webmasteren';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!
    $subject = "Your Distributor Membership at www.my-project.dk";
    $message = "Dear $first_name $last_name,
    Du er nu registeret som en bruger pÃ¥, http://www.my-project.dk!
   
    Du kan logge ind med følgende oplysninger
    Username: $username
    Password: $random_password
   
   
    Tak!
    #Fruddy my-project.dk
   
    Dette er en automatisk respons, du skal ikke skrive tilbage.";
   
    mail($email_address, $subject, $message, "From: MyWebSite<email@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
}
?>[/code]
Link to comment
Share on other sites

well, i got a problem:

[code] <?php

if ( empty( $username ) ) {
include("http://www.my-project.dk/login.php");
} else {
echo "Du er logget ind som<br><b>username</b>";

}
?>[/code]

It keeps showing the logn page, also if im logged in.


And hows my cookie going to look like? So it stores my username and pass?
Link to comment
Share on other sites

I think what you are wanting is something like this.

[code=php:0]
if (!$_SESSION['username']) {
  echo "You must login to view this page";
  include("login.php");
  exit(1);
}[/code]


You will need to set the session variables after a successful login.

Good Luck,
Tom
Link to comment
Share on other sites

First you need to set the session variable username in the login script. Like this

[code=php:0]
if ($login_match == 1) {
    $_SESSION['username'] = $username;
    include("whatever.php");
}else{
//what ever was here before
[/code]

Now to protect the page do this

[code=php:0]
if (!$_SESSION['username']) {
   echo "You must login to view this page";
   include("login.php");
   exit(1);
}
echo "You are logged in as <b>" . $_SESSION['username'] . " </b>";
[/code]

   
Link to comment
Share on other sites

hmm its still doesnt how my name when im logged in:

<?php
if ($login_match == 1) {
    $_SESSION['username'] = $username;
    echo "du er logget ind som " ;
echo $username;
}else{
if (($message == "login_info") || ($message == "userinfo")) {
    if ($message == "login_info") {
    echo "Du har ikke skrevet dit brugernavn eller kodeord";
}
if ($message == "userinfo") {
    echo "dit brugernavn og kodeord matcher ikke sammen";
}
}
}
?>
<form action="checkuser.php" method="post" name="form1">
  <div align="justify">
    <table border="0" align="center">
      <tr>
        <td class="t11_grey">Brugernavn:</td></tr><tr>
        <td><input name="username" type="text" id="username"></td>
      </tr><br>
      <tr>
        <td class="t11_grey"><br>Kodeord</td></tr><tr>
        <td><input name="password" type="password" id="password"></td>
      </tr>
    <tr>
        <td><input type="submit" name="Submit" value="Submit"> <a href="http://www.my-project.dk/register.php"> <u>opret bruger</u></a></td>
      </td>
    </table>
  </div>
</form> 
Link to comment
Share on other sites

Here make a a php file named test and try this

[code]
<?php
session_start();
$username = "Fruddy";
$_SESSION['username'] = $username;

echo 'hello ' . $_SESSION['username'] . ' your sessions are working just fine.';
?>[/code]

Try this and then post your login script here if it echos your name here.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.