simple5imon Posted May 11, 2007 Share Posted May 11, 2007 Hello people! Im really wanting to learn to write my own scripts, so i bought some books on how to. The book im studying at the moment is 'PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide, 2nd Edition' - http://www.peachpit.com/bookstore/product.asp?isbn=0321336577&redir=1&rl=1 - ive copied out the Membership script which seems pretty good! I had problems after problems when i completed this script, so i double checked it today and found a few minor mistakes which i thought was causing my problems, i was wrong. So now im hoping that you people would lend a hand which i appreciate! Also, the change_password does not work, but i think this is because of the login not working correctly. Here are all the files. I have got as far as i can with this now, you will notice some code lines have been disabled, this is how ive been sorting the problems ( // ). I appreciate anyones help! and please dont reply talking like a pro, coz im not! FOLDER//includes - config.inc.php <?php $live = FALSE; $email = 'simple5imon@hotmail.com'; // Create the error handler. function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) { global $live, $email; // Build the error message. $message = "An error occurred in script '$e_file' on line $e_line: \n<br />$e_message\n<br />"; // Add the date and time. $message .= "Date/Time: " . date('n-j-Y H:i:s') . "\n<br />"; // Append $e_vars to the $message. $message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n<br />"; if ($live) { // Don't show the specific error. error_log ($message, 1, $email); // Send email. // Only print an error message if the error isn't a notice. if ($e_number != E_NOTICE) { echo '<div id="Error">A system error occurred. We apologize for the inconvenience.</div><br />'; } } else { // Development (print the error). echo '<div id="Error">' . $message . '</div><br />'; } } set_error_handler ('my_error_handler'); ?> FOLDER//includes - header.html <?php ob_start(); //session_start(); if (!isset($page_title)) { $page_title = 'User Registration System'; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.01 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset-iso-8859-1" /> <title><?php echo $page_title;?></title> <style type="text/css" media="screen">@import "./includes/layout.css";</style> </head> <body> <div id="Header">User Registration</div> <div id="Content"></div> <!-- end of header--> FOLDER//includes - footer.html <!-- end of heder --> </div> <div id="Menu"> <a href="index.php">Home</a><br /> <?php # footer if (isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) { echo '<a href="logout.php">Logout</a><br /> <a href="change_password.php">Change Password</a><br /> '; } else { echo '<a href="register.php">Register</a><br /> <a href="login.php">Login</a><br /> <a href="forgot_password.php">Forgot Password</a><br /> '; } ?> </div> </body> </html> <?php //ob_end_flush(); ?> MAIN DIR//activate.php <?php require_once ('includes/config.inc.php'); $page_title = 'Activate Your Account'; include ('includes/header.html'); if (isset($_GET['x'])) { $x = (int) $_GET['x']; } else { $x = 0; } if (isset($_GET['y'])) { $y = $_GET['y']; } else { $y = 0; } if ( ($x > 0) && (strlen($y) == 32)) { require_once ('mysql_connect.php'); $query = "UPDATE users SET active=NULL WHERE (user_id=$x AND active='" . escape_data($y) . "') LIMIT 1"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_affected_rows() == 1) { echo "<h3>Your account is now active! You may log in!</h3>"; } else { echo '<p><font color="red" size="+1">your account could not be activated. please re-check the link or contact the system admin.</font></p>'; } mysql_close(); } else { $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); } $url .= '/index.php'; ob_end_clean(); header("Location: $url"); exit(); } include ('includes/footer.html'); ?> MAIN DIR//change_password.php <?php require_once ('includes/config.inc.php'); $page_title = 'Change Your Password'; //include ('includes/header.html'); if (!isset($_SESSION['first_name'])) { $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); } $url .= '/index.php'; //ob_end_clean(); //header("Location; $url"); exit(); } else { if (isset($_POST['submitted'])) { require_once ('mysql_connect.php'); if (eregi ('^[[:alnum:]]{4,20}$', stripslashes(trim($_POST['password1'])))) { if ($_POST['password1'] == $_POST['password2']) { $p = escape_data($_POST['password1']); } else { $p = FALSE; echo '<p>your password did not match the confirmed password!</p>'; } } else { $p = FALSE; echo '<p>please enter a valid password!</p>'; } if ($p) { $query = "UPDATE users SET pass=SHA('$p') WHERE user_id={$_SESSION['user_id']}"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_affected_rows() == 1) { echo '<h3>your password has been changed.</h3>'; mysql_close(); include ('includes/footer.html'); exit(); } else { echo '<p> your password could not be changed due to a system error. we apologize for any inconvenience.</p>'; } } else { echo '<p>please try again.</p>'; } mysql_close(); } ?> <h1>Change Your Password</h1> <form action="change_password.php" method="post"> <fieldset> <p><b>New Password:</b> <input type="password" name"password1" size="20" maxlength="20" /> <small>Use only letters and numbers. Must be between 4 and 20 characters long.</small></p> <p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Change My Password" /></div> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php } include ('includes/footer.html'); ?> MAIN DIR//forgot_password.php <?php require_once ('includes/config.inc.php'); $page_title = 'Forgot Your Password'; include ('includes/header.html'); if (isset($_POST['submitted'])) { require_once ('mysql_connect.php'); if (empty($_POST['email'])) { $uid = FALSE; echo '<p> you forgot to enter your email address!</p>'; } else { $query = "SELECT user_id FROM users WHERE email='". escape_data($_POST['email']) . "'"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_num_rows($result) == 1) { list($uid) = mysql_fetch_array ($result, MYSQL_NUM); } else { echo '<p>the submitted email address does not match those in the database</p>'; $uid = FALSE; } } if ($uid) { $p = substr ( md5(uniqid(rand(),1)), 3, 10); $query = "UPDATE users SET pass=SHA('$p') WHERE user_id=$uid"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_affected_rows() == 1) { $body = "Your password to log into SITENAME has been temporarily changed to '$p'. Please log in using this password. You may change your password to something more familiar."; mail ($_POST['email'], 'Your temporary password.', $body, 'From: simple5imon@hotmail.com'); echo '<h3> Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking the "Change Password" link.</h3>'; mysql_close(); include ('includes/footer.html'); exit(); } else { echo '<p><font color="red" size="+1">your password could not be changed due to a system error. we apologize for any inconvenience.</font></p>'; } } else { echo '<p><font color="red" size="+1">please try again.</font></p>'; } mysql_close(); } ?> <h1>Reset Your Password</h1> <p>Enter your email address below and your password will be reset.</p> <form action="forgot_password.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Reset My Password" /></div> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php include ('includes/footer.html'); ?> MAIN DIR//index.php <?php require_once ('includes/config.inc.php'); $page_title = 'php and mysql'; include ('includes/header.html'); echo '<h1>Welcome'; if (isset($_SESSION['first_name'])) { echo ", {$_SESSION['first_name'] }!"; } echo '</h1>'; ?> <p><br> spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam</P > <?php include ('includes/footer.html'); ?> MAIN DIR//login.php <?php require_once ('includes/config.inc.php'); $page_title = 'Login'; //include ('includes/header.html'); if (isset($_POST['submitted'])) { require_once ('mysql_connect.php'); if (isset($_POST['submitted'])) { require_once ('mysql_connect.php'); if (!empty($_POST['email'])) $e = escape_data($_POST['email']); } else { echo '<p><font color="red" size="+1">you forgot to enter your email address!</font></p>'; $e = FALSE; } if (!empty($_POST['pass'])) { $p = escape_data($_POST['pass']); } else { $p = FALSE; echo '<p><font color="red" size="+1">you forgot to enter your password!</font></p>'; } if ($e && $p) { $query = "SELECT user_id, first_name FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (@mysql_num_rows($result) == 1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); mysql_close(); $_SESSION['first_name'] = $row[1]; $_SESSION['user_id'] = $row[0]; $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); } $url .= '/index.php'; //ob_end_clean(); //header("Location: $url"); //exit(); } else { echo '<p><font color="red" size="+1">Either the email address and pasword entered do not match those on file or you have not yet actived your account!</font></p>'; } } else { echo '<p><font color="red" size="+1">Please try again!</font></p>'; } //mysql_close(); } ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <?php include ('includes/footer.html'); ?> MAIN DIR//logout.php <?php require_once ('includes/config.inc.php'); $page_title = 'Logout'; include ('includes/header.html'); if (!isset($_SESSION['first_name'])) { $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); } $url .= '/index.php'; ob_end_clean(); //header("Location: $url"); //exit; } else { $_SESSION = array(); session_destroy(); setcookie (session_name(), '',time()-300, '/', '', 0); } echo "<h3>You are now logged out.</h3>"; include ('includes/footer.html'); ?> MAIN DIR//mysql_connect.php <?php DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_USER', 'these_are_filled_in_correctly'; DEFINE ('DB_NAME', 'these_are_filled_in_correctly'; DEFINE ('DB_PASSWORD', 'these_are_filled_in_correctly'; if ($dbc = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD)) { if (!mysql_select_db (DB_NAME)) { trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error()); include ('includes/footer.html'); exit(); } } else { trigger_error("could not connect to MySQL!\n<br />MySQL Error: " . mysql_error()); include ('includes/footer.html'); exit(); } function escape_data ($data) { if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } if (function_exists('mysql_real_escape_string')) { global $dbc; $data = mysql_real_escape_string (trim($data), $dbc); } else { $data = mysql_escape_string (trim($data)); } return $data; } ?> MAIN DIR//register.php <?php # script 13.6 - register.php. //this is the registration part of the site. //include the configuration file for error management. require_once ('includes/config.inc.php'); //set title and include html header. $page_title = 'Register'; include ('includes/header.html'); //handle the form. if (isset($_POST['submitted'])) { //connect to the database. require_once('mysql_connect.php'); //checking for first name. if (eregi ('^[[:alpha:]\.\' \-]{2,15}$', stripslashes(trim($_POST['first_name'])))) { $fn = escape_data($_POST['first_name']); } else { $fn = FALSE; echo '<p><font color="red" size="+1">PLEASE ENTER YOUR FIRST NAME!</font></p>'; } //check for last name. if (eregi ('^[[:alpha:]\.\' \-]{2,30}$', stripslashes(trim($_POST['last_name'])))) { $ln = escape_data($_POST['last_name']); } else { $ln = FALSE; echo '<p><font color="red" size="+1">PLEASE ENTER YOUR LAST NAME!</font></p>'; } //check email address if (eregi ('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['email'])))) { $e = escape_data($_POST['email']); } else { $e = FALSE; echo '<p><font color="red" size="+1">PLEASE ENTER A VALID EMAIL ADDRESS</font></p>'; } //check password if (eregi ('^[[:alnum:]]{4,20}$', stripslashes(trim($_POST['password1'])))) { if ($_POST['password1'] == $_POST['password2']) { $p = escape_data($_POST['password1']); } else { $p = FALSE; echo '<p><font color="red" size="+1">YOUR PASSWORD DID NOT MATCH THE CONFIRMED PASSWORD</font></p>'; } } else { $p = FALSE; echo '<p><font color="red" size="+1">PLEASE ENTER A VALID PASSWORD</font></p>'; } if ($fn && $ln && $e && $p) { $query = "SELECT user_id FROM users WHERE email='$e'"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_num_rows($result) == 0) { $a = md5(uniqid(rand(), true)); $query = "INSERT INTO users(email, pass, first_name, last_name, active, registration_date) VALUES ('$e', SHA('$p'), '$fn', '$ln', '$a', NOW() )"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_affected_rows() == 1) { $body = "Thank you! Click the link to activate your account! link:\n\n"; $body .= "http://www.stsclan.com/activate.php?x=" . mysql_insert_id() . "&y=$a"; mail($_POST['email'], 'Registration Confirmation', $body); echo 'Thank you for registering! A confirmation email has been sent to your email address. Please click on the link to activate your account!'; include ('includes/footer.html'); exit(); } else { echo '<p><font color="red" size="+1">could not be register due to a system error.</font></p>'; } } else { echo '<p><font color="red" size="+1">That email address is already registered in the database. Forgot password?</font></p>'; } } else { echo '<p><font color="red" size="+1">Please try again.</font></p>'; } mysql_close(); } ?> <h1>Register</h1> <form action="register.php" method="post"> <fieldset> <p><b>First Name:</b> <input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p> <p><b>Last Name:</b> <input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p> <p><b>Email Address:</b> <input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p> <p><b>Password:</b> <input type="password" name="password1" size "20" maxlength="20" /> <small>Use only letters and numbers. Must be between 4 and 20 characters long.</small></p> <p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Register" /></div> <input type="hidden" name="submitted" value="TRUE" /> </form> Quote Link to comment https://forums.phpfreaks.com/topic/50875-not-logging-in-correctly-but-does-login/ Share on other sites More sharing options...
john010117 Posted May 11, 2007 Share Posted May 11, 2007 Is there any error messages? If so, post the error message, and ONLY the file it's referring to. Quote Link to comment https://forums.phpfreaks.com/topic/50875-not-logging-in-correctly-but-does-login/#findComment-250219 Share on other sites More sharing options...
simple5imon Posted May 11, 2007 Author Share Posted May 11, 2007 Hey John. There is no error messages, if there is then there shown on the browser. After login (not properly), the page is blank and the url is www.stsclan.com/login.php, on success of login, it should go to the index.php page saying 'Welcome simple5imon' instead of just 'Welcome' & also show the hidden links. Quote Link to comment https://forums.phpfreaks.com/topic/50875-not-logging-in-correctly-but-does-login/#findComment-250662 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.