Jump to content

User Registration Code


Kezonz

Recommended Posts

This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password:

 

DB.php

 

<?php
session_start();
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE_USER");
function user_login ($username, $password)
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows<=0 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['sername'] = $username;
}
}
?>

Register.php

 

<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

{
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);


//Get MD5 hash of password
$password = md5($_POST['password']);

//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");
if(mysql_num_rows($sql) > 0)
{
die ("Username taken.");
}


mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.";

}
?>
<form action="register.php" method="post">
Username: <input name="username" type="text" /><br>
Password: <input type="password" name="password" /><br>
Email: <input name="email" type="text" /><br>
<input type="submit" value="Submit" />
</form>

Login.php

 

<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']))
{
user_login($_POST['username'], $_POST['password']);
}
?>
<form action="login.php" method="post">
Username: <input name="username" type="text" /><br>
Password: <input type="password" name="password" /><br>
<button type="submit">Submit</button><br>
</form>

 

Could Anyone Help Please?

Link to comment
https://forums.phpfreaks.com/topic/214258-user-registration-code/
Share on other sites

You have to make the same changes in the user_login() function in db.php. I would also change this line in the login function as well.

if ($rows<=0 )

to this

if( $rows != 1 )

 

This is because the result you are expecting from the database is exactly one record. Anything else means no record was returned, thus the username/password is wrong or nonexistent; or more than one record was returned, making the query result ambiguous and therefor invalid.

I Get this Error:

 

Parse error: syntax error, unexpected '(', expecting ')' in /home/kezonz/public_html/test/db.php on line 5

 

Heres My Currently DB.php

 

<?php
session_start();
mysql_connect("localhost", "kezonz_1", "Kieron1993");
mysql_select_db("kezonz_users");
function user_login ($sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1");
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows!=1 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['sername'] = $username;
}
}
?>

 

Sorry Guys im Sort of trying to get to know PHP Still new with it

This should be better. Don't know yet if it will work, but it doesn't have any parse errors, at least.

 

<?php
session_start();
mysql_connect("localhost", "kezonz_1", "Kieron1993");
mysql_select_db("kezonz_users");
function user_login ($username, $password ) {
   //take the username and prevent SQL injections
   $username = mysql_real_escape_string($username);
   //begin the query
   $query = "SELECT * FROM `usersystem` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
   $sql = mysql_query($query);
   //check to see how many rows were returned
   $rows = mysql_num_rows($sql);
   if ($rows!=1 ) {
      echo "Incorrect username/password";
   } else {
      //have them logged in
      $_SESSION['sername'] = $username;
   }
}
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.