Kezonz Posted September 24, 2010 Share Posted September 24, 2010 This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password: DB.php <?php session_start(); mysql_connect("localhost", "USERNAME", "PASSWORD"); mysql_select_db("DATABASE_USER"); function user_login ($username, $password) { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows<=0 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Register.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) { //Prevent SQL injections $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); //Get MD5 hash of password $password = md5($_POST['password']); //Check to see if username exists $sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'"); if(mysql_num_rows($sql) > 0) { die ("Username taken."); } mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created."; } ?> <form action="register.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> Email: <input name="email" type="text" /><br> <input type="submit" value="Submit" /> </form> Login.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password'])) { user_login($_POST['username'], $_POST['password']); } ?> <form action="login.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> <button type="submit">Submit</button><br> </form> Could Anyone Help Please? Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/ Share on other sites More sharing options...
ShibSta Posted September 24, 2010 Share Posted September 24, 2010 Your query within' user_login is trying to match two strings instead of the value of your variables. Try: $sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114895 Share on other sites More sharing options...
Kezonz Posted September 24, 2010 Author Share Posted September 24, 2010 Edit: That Works for Not Allowing More than 1 Of the Same Account Being Created However it Still Won't Allow Logins. Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114899 Share on other sites More sharing options...
ShibSta Posted September 24, 2010 Share Posted September 24, 2010 I think you're confused, that code should have been placed in DB.php within the user_login() function. In Register.php, you can use: $sql = mysql_query("SELECT `username` FROM `usersystem` WHERE `username` = '".$username."'"); Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114904 Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 You have to make the same changes in the user_login() function in db.php. I would also change this line in the login function as well. if ($rows<=0 ) to this if( $rows != 1 ) This is because the result you are expecting from the database is exactly one record. Anything else means no record was returned, thus the username/password is wrong or nonexistent; or more than one record was returned, making the query result ambiguous and therefor invalid. Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114905 Share on other sites More sharing options...
Kezonz Posted September 24, 2010 Author Share Posted September 24, 2010 I Get this Error: Parse error: syntax error, unexpected '(', expecting ')' in /home/kezonz/public_html/test/db.php on line 5 Heres My Currently DB.php <?php session_start(); mysql_connect("localhost", "kezonz_1", "Kieron1993"); mysql_select_db("kezonz_users"); function user_login ($sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows!=1 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Sorry Guys im Sort of trying to get to know PHP Still new with it Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114908 Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 This should be better. Don't know yet if it will work, but it doesn't have any parse errors, at least. <?php session_start(); mysql_connect("localhost", "kezonz_1", "Kieron1993"); mysql_select_db("kezonz_users"); function user_login ($username, $password ) { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $query = "SELECT * FROM `usersystem` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1"; $sql = mysql_query($query); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows!=1 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114910 Share on other sites More sharing options...
Kezonz Posted September 24, 2010 Author Share Posted September 24, 2010 Well Everything is Now Working Fine but theres still a problem with the Login, If you attempt to login it says Incorrect Information. Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1114913 Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 Did you remove any duplicate database entries that may have gotten created? Link to comment https://forums.phpfreaks.com/topic/214258-user-registration-code/#findComment-1115160 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.