Jump to content

Register & Login form problem...

Hazukiy

By Hazukiy
in PHP Coding Help

Recommended Posts

Hazukiy Member

Hazukiy

Posted
Posted

Hi, I'm currently learning PHP so I'm getting some help from people on the forums but I got given a piece of code by one of the members for a login form but not a registration form, so I did what anyone else would and I gave making the registration form ago, so far I came up with the code below, I don't know weather that's the correct way of doing it but it works, it adds those who register to the database, now my only problem is that the login form doesn't work and I'm not 100% why? I'm starting to think it's something to do with the MD5 encryption? But anyway some help and advise would be very much appreciated, thanks :)

 

 

 

     Registration Form:

<?php 
include ("dbConfig.php"); 

if ($_SERVER['REQUEST_METHOD'] == "POST") 
{
	$usernameSQL = mysql_real_escape_string($_POST['username']);
	$emailSQL = mysql_real_escape_string($_POST['email']);
	$passwordSQL = mysql_real_escape_string($_POST['password']);
	$passwordSQL = MD5($password);
	
	$q = "INSERT INTO TABLENAME(name, email, password)VALUES('$usernameSQL', '$emailSQL', '$passwordSQL')";
	$r = mysql_query($q);	
	header('Location: register.php?op=thanks');

}	
	
	
?>

	<form action="?op=reg" method="POST">
	Username:<br><font color="red">*</font><input class="InputForm" type="text" name="username" id="username"><br>
	<br>
	Email:<br><font color="red">*</font><input class="InputForm" type="text" name="email" id="email"><br>
	<br>
	Password:<br><font color="red">*</font><input class="InputForm" type="password" name="password" id="password"><br>
	<br>
	<input type="checkbox" name="tick"><font color="gray" size="3"> I agree to the Terms of Use<br>
	<br>
	<button type="submit" name="submit" class="InputButton" value="Submit">Submit</button>
	</form>

 

     Login Form:

<?php 
session_start();
include "dbConfig.php";

$errorMsg = "";

if ($_GET["op"] == "fail") 
{ 
$errorMsg = "* You need to be logged in to access the members area!";
}

if ($_SERVER['REQUEST_METHOD'] == "POST") 
{ 
   $username = trim($_POST["username"]);
   $password = trim($_POST["password"]);
   
   if (empty($username) || empty($password))
{
$errorMsg = "* You need to provide a username & password.";
}
   else
{
$usernameSQL = mysql_real_escape_string($username);
$passwordSQL = MD5($password);

$q = "SELECT id FROM 'TABLENAME'
 WHERE 'username'='{$usernameSQL}'
   AND 'password'='{$passwordSQL}'
 LIMIT 1";

   $r = mysql_query($q);
if(!$r)
        {
            $errorMsg = "* Wrong username or password.";
        }
        elseif(!mysql_num_rows($r))
        {
            $errorMsg = "* Sorry, couldn't log you in. Wrong login information.";
        }
        else
        {
            $_SESSION["valid_id"] = $obj->id;
            $_SESSION["valid_user"] = $username;
            $_SESSION["valid_time"] = time();
            header("Location: members.php");
        }
}
}
?>

<form action="?op=login" method="POST">
Username:<br>
<input class="InputForm" type="text" name="username" id="username" value="<?php echo htmlentities($usernameSQL); ?>">
<br><br>
Password:<br>
<input class="InputForm" type="password" name="password" id="password">
<br><br>
<button type="submit" name="submit" class="InputButton" value="Login">Submit</button>
<h1 class="FailLoginState"><?php echo $errorMsg; ?></h1>
</form>
Link to comment
https://forums.phpfreaks.com/topic/275632-register-login-form-problem/
Share on other sites
AyKay47 Member

AyKay47

Posted
Posted

Unless you have mysql enabled to allow single quotes as qualifiers, that syntax is incorrect.

Proper MySQL debugging should be implemented:

 

 

$r = mysql_query($q) or die("Error: " . mysql_error() . "<br>Query: " . $q);

 

1. $errorMsg is not output anywhere in the script, nor is script execution discontinued when an error occurs.

 

2. Using an MD5 hash on passwords is simply not enough, as it is simple enough to crack an MD5 hashed value using brute force methods.

    Instead, I recommend using the crypt function with a compatible salt.

Hazukiy Member

Hazukiy

Posted
  • Author
Posted

Unless you have mysql enabled to allow single quotes as qualifiers, that syntax is incorrect.

Proper MySQL debugging should be implemented:

 

 

$r = mysql_query($q) or die("Error: " . mysql_error() . "<br>Query: " . $q);

 

1. $errorMsg is not output anywhere in the script, nor is script execution discontinued when an error occurs.

 

2. Using an MD5 hash on passwords is simply not enough, as it is simple enough to crack an MD5 hashed value using brute force methods.

    Instead, I recommend using the crypt function with a compatible salt.

 

 

Ok so do I put that in the registration form or login form? The registration form works fine now but the login form still does not work? :/ It's as if it's not reading the password or something?

Hazukiy Member

Hazukiy

Posted
  • Author
Posted

Place the MySQL debugging code in the login.php page and display the error(s) received.

 

The MD5 comment applies to the entire application.

 

 

Ok so I did that and it came up with this error:

 

 

 

 

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''TABLENAME' WHERE 'username'='USER' AND 'password'='PASSWORD' at line 1

Query: SELECT id FROM 'TABLENAME' WHERE 'username'='USER' AND 'password'='PASSWORD' LIMIT 1

Hazukiy Member

Hazukiy

Posted
  • Author
Posted

 

elseif(!mysql_num_rows($r))

        {
            $errorMsg = "* Sorry, couldn't log you in. Wrong login information.";
        }

 

 

Ok so all the code's fine now apart from this. It keeps giving the error displayed.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.