Jump to content

Need Help with my login/register script

chobo2

By chobo2
in PHP Coding Help

Recommended Posts

chobo2 Newbie

chobo2

Posted
Posted

Hi

 

I been doing 2 tutorals(login and form regestration) and been trying to merge me them together and get them to work but it is not 100% workign I hope you guys can help me out.

 

II can create a new user account and it gets inserted into my database however when I try to login using that password it just dies. Like it does not fail since no message comes up and says login has failed(because that should be the default action if it failed).

 

Like when you get to this page it is just blank I even tried to put a echo ouside of all the if statements and everything and that would not even show up.

 

Here is all my code I have.

 

This makes the sign up form and is called form.php(they had it as a html file but I changed to php)

<!-- Begin HTML file form.html -->
<form action="../signup.php" method="post"> 
Username Desired (minimum length=6): <input type="text" name="username" size="10"><br> 
Password Desired (minimum length=6): <input type="password" name="password" size="10"> 
<input type="submit" value="submit" name="submit"> 
</form>
<!-- End HTML file form.html -->

 

The next page is where it gets put into the database I have taken out my password and username and address but left the database name(it is called test)

 

<?php 
//Begin PHP file signup.php

//Retrieve the data the form passed us. All form data passed to PHP
//will be in the super global array, $_REQUEST. This is automatically 
//set for you by PHP (depending on version) You can also use
//$_POST or $_GET autoglobals, but for the sake of learning use the one
//below
$user = $_REQUEST['username'];//get username from form
$pass = $_REQUEST['password'];//get password from form

//Now strip away an potentially harmful code:
$user=strip_tags($user);
$pass=strip_tags($pass);

//To foil any possible attempts at SQL injection, do the following function
//$variable=str_replace("what to look for","what to replace it with",$what_variable_to_use);

//Now use the replace function on our variables
$user=str_replace(" ","",$user);//remove spaces from username
$pass=str_replace(" ","",$pass);//remove spaces from password
$user=str_replace("%20","",$user);//remove escaped spaces from username
$pass=str_replace("%20","",$pass);//remove escaped spaces from password



//And finally, add slashes to escape things like quotes and apostrophes
//because they can be used to hijack SQL statements!
//use the function, addslashes(), pretty self explanatory
$user=addslashes($user);//remove spaces from username
$pass=addslashes($pass);//remove spaces from password


//Now, after all that replacing, see if the password or username less than the required length
//Note that it is good to require a minimum pass/user length to provide greater security
$min_len = 6;

if(strlen($user) < $min_len || strlen($pass) < $min_len)
{
die("User/password was not long enough!");//Kick us out of PHP
}

//First, we need to connect to the server
//the format is $connection = mysql_connect("address","username","password");
$conn = mysql_connect("ADDRESS","USERNAME","PASSWORD");

//now choose the database to use
mysql_select_db("test");

//encrypt the users password so it cannot be retrieved by anyone!
$pass=md5($pass);

//the function md5 creates a unique 32 character string, 
//no matter what the length of the data you encrypt!

//Save the request in SQL syntax to a string
$request = "INSERT INTO users values(0,'".$user."','".$pass."')";

//Pass the request to the mysql connection,
//and the data is returned in a blob and
//saved in $results
$results = mysql_query($request,$conn);

if($results)
{
echo "User account created";
}
else
{
echo "There was an error. The user account was not created.";
}
header( 'refresh: 3; url=/login.html');

 

This is the login.php page(again they had as .html) and this is where they should type in there password and username.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
  <tr>
    <form name="form1" method="post" action="../authenticate.php">
      <td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
          <tr>
            <td colspan="3"><strong>Member Login</strong></td>
          </tr>
          <tr>
            <td width="78">Username</td>
            <td width="6">:</td>
            <td width="294"><input name="myusername" type="text" id="myusername"></td>
          </tr>
          <tr>
            <td>Password</td>
            <td>:</td>
            <td><input name="mypassword" type="text" id="mypassword"></td>
          </tr>
          <tr>
            <td> </td>
            <td> </td>
            <td><input type="submit" name="Submit" value="Login"></td>
          </tr>
        </table></td>
    </form>
  </tr>
</table>
<body>
</body>
</html>

 

the next code is where it checks to see if it find the username and password in the database.

 

I took up my address,user name and password but I left my db name(it is called test)

 

 

<?php 
//Begin PHP file authenticate.php

//Retrieve the data the form passed us. All form data passed to PHP
//will be in the super global array, $_REQUEST. This is automatically 
//set for you by PHP (depending on version) You can also use
//$_POST or $_GET autoglobals, but for the sake of learning use the one
//below
$user = $_REQUEST['username'];//get username from form
$pass = $_REQUEST['password'];//get password from form

//Now strip away an potentially harmful code:
$user=strip_tags($user);
$pass=strip_tags($pass);

//To foil any possible attempts at SQL injection, do the following function
//$variable=str_replace("what to look for","what to replace it with",$what_variable_to_use);

//Now use the replace function on our variables
$user=str_replace(" ","",$user);//remove spaces from username
$pass=str_replace(" ","",$pass);//remove spaces from password
$user=str_replace("%20","",$user);//remove escaped spaces from username
$pass=str_replace("%20","",$pass);//remove escaped spaces from password



//And finally, add slashes to escape things like quotes and apostrophes
//because they can be used to hijack SQL statements!
//use the function, addslashes(), pretty self explanatory
$user=addslashes($user);//remove spaces from username
$pass=addslashes($pass);//remove spaces from password

//First, we need to connect to the server
//the format is $connection = mysql_connect("address","username","password");
$conn = mysql_connect("ADDRESS","USER NAME","PASSWORD HERE");

//now choose the database to use
mysql_select_db("test");

//Remember how we encrypted the password in step 1? Well we do
//the same thing here. We stored the encrypted password
//so it couldn't be stolen, but to check what was entered as
//the password, we encrypt it, then check it against the 
//encrypted password in the database. This is pretty standard.
//almost EVERY site is going to use a 32 character md5 hash or
//an 8 character cipher with a 2 character salt. Don't worry
//about what that means 
$pass=md5($pass);

//the function md5 creates a unique 32 character string, 
//no matter what the length of the data you encrypt!

//Search for a password  AND username match, then return a value
//of true if we get any results
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";

//Pass the request to the mysql connection,
//and the data is returned in a blob and
//saved in $results
$results = mysql_query($request,$conn);


//if mysql returns any number of rows great than 0, we know we had a match,
//right? Right.
if(mysql_num_rows($results))//function returns true if any matches are found
{
$_SESSION['user'] = $user;
$_SESSION['auth'] = true;
 header( 'refresh: 3; url=/login_sucess.php');
}
else
{
    
$_SESSION['auth'] = false;
header( 'refresh: 3; url=/login_failed.php');
}


//End PHP file authenticate.php
?>

 

The next too is just the page it goes to if it fails or is sucessful.

 

<?php
// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
header( 'refresh: 3; url=/main_Logout.php');
?>

<html>
<head>
<title>Login Sucessful</title>
<body>
<p><h1>Login Successful<h1></p>
<p><h4>You will be re-directed in 3 seconds...</h4></p>
</body>
</head>
</html>

 

 

<?php
// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
header( 'refresh: 3; url=/login.php');
?>

<html>
<head>
<title>Unsucessful Login</title>
<body>
<p><h1>Wrong UserName/Passwordl<h1></p>
<p><h4>You will be re-directed in 3 seconds...</h4></p>
</body>
</head>
</html>

 

Hope someone can help me thanks

Link to comment
https://forums.phpfreaks.com/topic/45484-need-help-with-my-loginregister-script/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.