User Registration Code

[Kezonz]

This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password:

 

DB.php

 

<?php
session_start();
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE_USER");
function user_login ($username, $password)
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows<=0 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['sername'] = $username;
}
}
?>

Register.php

 

<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

{
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);


//Get MD5 hash of password
$password = md5($_POST['password']);

//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");
if(mysql_num_rows($sql) > 0)
{
die ("Username taken.");
}


mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.";

}
?>
<form action="register.php" method="post">
Username: <input name="username" type="text" /><br>
Password: <input type="password" name="password" /><br>
Email: <input name="email" type="text" /><br>
<input type="submit" value="Submit" />
</form>

Login.php

 

<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']))
{
user_login($_POST['username'], $_POST['password']);
}
?>
<form action="login.php" method="post">
Username: <input name="username" type="text" /><br>
Password: <input type="password" name="password" /><br>
<button type="submit">Submit</button><br>
</form>

 

Could Anyone Help Please?

[ShibSta]

Your query within' user_login is trying to match two strings instead of the value of your variables.

 

Try:

$sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1");

[Kezonz]

Edit:

 

That Works for Not Allowing More than 1 Of the Same Account Being Created However it Still Won't Allow Logins.

[ShibSta]

I think you're confused, that code should have been placed in DB.php within the user_login() function.

 

In Register.php, you can use:

$sql = mysql_query("SELECT `username` FROM `usersystem` WHERE `username` = '".$username."'");

[Pikachu2000]

You have to make the same changes in the user_login() function in db.php. I would also change this line in the login function as well.

if ($rows<=0 )

to this

if( $rows != 1 )

 

This is because the result you are expecting from the database is exactly one record. Anything else means no record was returned, thus the username/password is wrong or nonexistent; or more than one record was returned, making the query result ambiguous and therefor invalid.

[Kezonz]

I Get this Error:

 

Parse error: syntax error, unexpected '(', expecting ')' in /home/kezonz/public_html/test/db.php on line 5

 

Heres My Currently DB.php

 

<?php
session_start();
mysql_connect("localhost", "kezonz_1", "Kieron1993");
mysql_select_db("kezonz_users");
function user_login ($sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1");
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows!=1 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['sername'] = $username;
}
}
?>

 

Sorry Guys im Sort of trying to get to know PHP Still new with it

[Pikachu2000]

This should be better. Don't know yet if it will work, but it doesn't have any parse errors, at least.

 

<?php
session_start();
mysql_connect("localhost", "kezonz_1", "Kieron1993");
mysql_select_db("kezonz_users");
function user_login ($username, $password ) {
   //take the username and prevent SQL injections
   $username = mysql_real_escape_string($username);
   //begin the query
   $query = "SELECT * FROM `usersystem` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
   $sql = mysql_query($query);
   //check to see how many rows were returned
   $rows = mysql_num_rows($sql);
   if ($rows!=1 ) {
      echo "Incorrect username/password";
   } else {
      //have them logged in
      $_SESSION['sername'] = $username;
   }
}
?>

[Kezonz]

Well Everything is Now Working Fine but theres still a problem with the Login, If you attempt to login it says Incorrect Information.

[Pikachu2000]

Did you remove any duplicate database entries that may have gotten created?