Jump to content

Register/Login


Bounty

Recommended Posts

Hello everyone,i was trying to make a register/login pages on my own and well i got stuck..and my good friend google couldn't help me :S

 

So well i came to ask proffesionals :)

 

Okay here is it:

First thing i don't get is about email activation that i wanted to use on my register page...

I got do_reg.php file that looks like this:

<?php

include 'connection.php';

//grab data from form
$name = $_POST['username'];
$pass = $_POST['password'];
$pass_conf = $_POST['pass_conf'];
$email = $_POST['email'];
$ip = $_POST['ip'];

//if else
if($name == false || $pass == false || $pass_conf == false || $email == false){
echo "Please fill in all the required fields.";
};
if($pass != $pass_conf){ 
   echo "Blah..Passwords do not match."; 
}else{
//generate random code
$code = rand(11111111,99999999);
//send email
$subject = "Activate your account";
$headers = "From: admin@mysite.com";
$body = "Hello $name,\n\nYou registered and need to activate your account. Click the link below or paste it into the URL bar of your browser\n\n http://localhot/login/activate.php?code=$code\n\nThanks!";
if (!mail($email,$subject,$body,$headers))
	echo "Error,what a shame!";
	else {
	$sql = mysql_query("INSERT INTO users (username,password,email,code,active,ip)
				VALUES('$name','$pass','$email','$code',0,'$ip')") or die(mysql_error());
	$result = mysql_query($sql);
	echo "Thank you for registering! But your account is not still active :'( Please check your email ($email) for activation code! ";
	}
};
?>

I went through thousands of erros and still couldn't make it work,i am using xampp localhost server for now and maybe that is the reason it wont work even if i tried to activate SMTP and that stuff in php.ini conf file (as my friend google told me)..

So this is one of the errors:

Warning: mail() [function.mail]: SMTP server response: 550 relaying denied in C:\xampp\htdocs\login\do_reg.php on line 25

Error,what a shame!

 

Now the next thing i couldn't understand is where is the error inside this script... (do_login.php)

<?php

include 'connection.php';

$session_username = $_SESSION['username'];

if($_POST['login']) 
{
	//get form data
	$username = $_POST['username'];
	$password = $_POST['password'];
	}
if(!$username||!$password)
		echo "Username and password missing!";
else {
	//login
	$login = mysql_query("SELECT * FROM users WHERE username='$username'");
	}
	if (mysql_query($login)==0)
		echo "No souch user!";
	else 
	{
	while ($login_row = mysql_fetch_assoc($login)) 
	{
	$password_db = $login_row['password'];
	$password = md5($password);

if ($password!=$password_db)
	echo "Incorect password!";
else 
{
//check if active
$active = $login_row['active'];
$email = $login_row['email'];

if ($active==0)
	echo "You haven't activated your account, please check your email ($email) for activation!";
else 
{
	$_SESSION['username']=$username; //assign session
	header("Location: index.php");//refresh
}
}
}
   }
?>

 

Thank you for your spent time and help..:)

Link to comment
Share on other sites

Warning: mail() [function.mail]: SMTP server response: 550 relaying denied in C:\xampp\htdocs\login\do_reg.php on line 25

Error,what a shame!

 

This means you are either not using the right SMTP server, or you are not providing the right credentials to it.  Ask the administrator of the hosting site (or your ISP if hosting at home) what the right SMTP server is.

 

For the login script, do you get an error message?

Link to comment
Share on other sites

Well i'm using xampp localhost server shouldn't i be administrator? :P

I found a way to activate SMTP on google but it won't stop error :S

 

As for do_login.php i forgot to copy you the error..

Notice: Undefined variable: _SESSION in C:\xampp\htdocs\login\do_login.php on line 5

 

Warning: mysql_query() expects parameter 1 to be string, resource given in C:\xampp\htdocs\login\do_login.php on line 19

No souch user!

Link to comment
Share on other sites

dont know about the SMTP thing but as for the login page.

 

You are getting the undefined variable message because you havent included session_start() at the top of the page.

 

The second message is due to this:

 

if (mysql_query($login)==0)

 

try using:

 

if (mysql_num_rows($login)==0)

Link to comment
Share on other sites

Edited do_reg.php and uploaded to test byethost :P

Still keeps ignoring mail function and jumps to error :"Error,what a shame!" :/

<?php

include 'connection.php';

//grab data from form
$name = $_POST['username'];
$pass = $_POST['password'];
$pass_conf = $_POST['pass_conf'];
$email = $_POST['email'];
$ip = $_POST['ip'];

//if else
if($name == false || $pass == false || $pass_conf == false || $email == false){
echo "Please fill in all the required fields.";
};
if($pass != $pass_conf){ 
   echo "Blah..Passwords do not match."; 
}else{
//generate random code
$code = rand(11111111,99999999);
//send email
$subject = "Activate your account";
$headers = "From: admin@hyperlink.com";
$body = "Hello $name,\n\nYou registered and need to activate your account. Click the link below or paste it into the URL bar of your browser\n\n http://localhot/login/activate.php?code=$code\n\nThanks!";
if (mail($email,$subject,$body,$headers)) {
	$sql = mysql_query("INSERT INTO users (username,password,email,code,active,ip)
				VALUES('$name','$pass','$email','$code',0,'$ip')") or die(mysql_error());
	$result = mysql_query($sql);
	echo "Thank you for registering! But your account is not still active :'( Please check your email ($email) for activation code! ";
	} else {
	echo "Error,what a shame!";
	}
};
?>

Link to comment
Share on other sites

Since you're hosting at home, ask your ISP for the SMTP server settings.  The relevant configuration variables are listed here: http://au2.php.net/manual/en/mail.configuration.php , and you'll need to enter the settings your ISP gave you.

 

I'm not sure if it can use SMTP servers with authentication though .. if you need that you may need to use the Pear Mail package.  But usually an ISP will allow unauthenticated SMTP from their customer ip addresses.

Link to comment
Share on other sites

Okay i got some info about byethost hosting that are not very cheerful,SMTP can be configured just if you are premium user witch obviously I am not...i'm quiting of that part of the script until i get my premium host and domain...

Anyhow...i commented out all scripts that has anything to do with mail function and system works...

Although i still have some questions...

 

My do_login.php script now looks like this:

<?php

include 'connection.php';
//	$session_username = $_SESSION['username'];
if($_POST['login']) 
{
	//get form data
	$username = $_POST['username'];
	$password = $_POST['password'];
	}
if(!$username||!$password)
		echo "Username and password missing!";
else {
	//login
	$login = mysql_query("SELECT * FROM users WHERE username='$username'");
	}
	if (mysql_num_rows($login)==0)
		echo "No such user!";
	else 
	{
	while ($login_row = mysql_fetch_assoc($login)) 
	{
	$password_db = $login_row['password'];
//$password = md5($password);
if ($password!=$password_db)
	echo "Incorect password!";
else 
{
//check if active
$active = $login_row['active'];
$email = $login_row['email'];

if ($active==0)
	echo "You haven't activated your account, please check your email ($email) for activation!";
else 
{
	$_SESSION['username']=$username; //assign session
//	header("Location: index.php");//refresh
	echo "DONE!";
}
}
}
   }
?>

It didn't worked before because this line:

	$password = md5($password);
if ($password!=$password_db)
	echo "Incorect password!";

Real password and md5 coded password didn't match obviously (thats why i commented that line too)..but why?

Shouldn't md5 coding be for security reasons? If so how could i add it to my script,but the match must be true?...

And should i add md5 coding to register page as well?

Link to comment
Share on other sites

Yes, you need to add md5() to your register script.  Otherwise your login script is comparing an md5'd password ($password) to a plain text password ($password_db).

 

The idea is that if someone accesses your database, it will be more difficult for them to recover the password.  If you're serious about this you really should use a salt, otherwise rainbow tables can be used to reverse the md5 for some simple passwords.

Link to comment
Share on other sites

Sorry but i don't rly understand...salt? rainbow tables?

How should i compare plain text password to an md5 one,instead of this:

$password = md5($password);
if ($password!=$password_db)
	echo "Incorect password!";

it failed every time..?

Link to comment
Share on other sites

If your db password is plain text, there's no need to use md5 at all:

 

# $password = md5($password); # Skip this
if ($password != $password_db)

 

Salts and rainbow tables are a topic on their own, I won't try to explain them here.  If you want to find out more about them, you can look for "password salt" in google.  The basic idea is that if you use salts, hackers cannot use a precomputed table of md5 passwords to look up the original password.  Such a table is called a "rainbow table", so you can also look up that in google.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.