[SOLVED] Many blank pages with/and no errors?

[MishieMoo]

Okay so this is my first time at making a user login system.  I've never done anything this complicated before.  I found three tutorials and tried and tried and couldn't get any of them to work right.  So now I'm asking for help.  I've been working on this code for about 5 hours now.  It's a bit messy...but I'm new at this!

 

The Problems Unfortunately, there's two big ones

1. The registration script returns a blank page, no code no nothing, when submitted with the appropriate fields filled in.  If the email is in use, it reproduces the registration page with no error (which it's supposed to) and if the username is already registered (I created one account via PhpMyAdmin) it returns a mysql error about the mysql_num_rows() function (on line 23 which is the username check of checkreg.php), which otherwise works (aka if it's a different username the error doesn't show up).

 

2. The login script doesn't display any errors, yet defaults back to the login.php page.  The account I made in phpmyadmin works; I was able to log in once, but when I tried to fix another problem it stopped logging in.

 

The codes

*I know I've connected to the database.  I did a test and it worked.*

register.php

<?php 
if ($_SESSION['username'] )
{print "You are already logged in!";} else {
$pagetitle='Register';
include('header.php');
?>
<h1>Register on Xuthonia!</h1>	
<form method="post" action="checkreg.php">
<h5>Username:</h5>
<input type="text" name="username" maxlength="25" />

<h5>Email:</h5>

<input type="text" name="contact" maxlength="70" />

<h5>Confirm Email:</h5>

<input type="text" name="ckemail" maxlength="70" />

        <h5>Nickname:</h5>
        
        <input type="text" name="name" maxlength="70" />
        
<h5>Gender:</h5>

<select name="gender">
			<option>Male</option>
			<option>Female</option>
		</select>

<br /><br />

<input type="submit" name="register" value="Register" />

</form>
<?php
}
include('footer.php'); ?>

 

checkreg.php

<?php 
require('db_config.php');
//get rid of slashes
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$email = mysql_real_escape_string(stripslashes($_POST['contact']));
$ckemail = stripslashes($_POST['ckemail']);
$name = stripslashes($_POST['name']);
//check if the required fields are filled in
if ((!$username) || (!$email) || (!$ckemail) || (!$name)){
		print "You missed a required field!";
		include('register.php');}
elseif ($email != $ckemail){//If the email addresses dont match

		print "Your email addresses don't match"; //Show error message
                        include('register.php');

	} else { //if everything checks out connect to the database!
	//figure out if the username's already being used
                        $checkun = mysql_query("SELECT 'username' FROM users WHERE username='$username'") or die (mysql_error());
                        
                        $checkuser = mysql_fetch_row($checkun) or die (mysql_error());
                        
		$checkname = mysql_num_rows($checkuser) or die (mysql_error());
                        
                        //figure out if the email's being used
                        
		$s_email_check = mysql_query("SELECT 'email' FROM users  WHERE email='$email'") or die (mysql_error()); 

                        $sql_email_check = mysql_fetch_row($s_email_check) or die (mysql_error());
                        
		$email_check = mysql_num_rows($sql_email_check) or die(mysql_error());
                        
                        //print some errors if the username or email is already in use

		if(($email_check == 1) || ($checkname == 1)){
					print "Please fix the following errors: <br />";
                                                
    if($email_check == 1){ 
        print "Your email address has already been used by another member in our database. Please submit a different Email address!"; 
        unset($email); 
    } 
    if($checkname == 1){ 
        print "The username you have selected has already been used by another member 
         in our database. Please choose a different Username!<br />"; 
        unset($username); 
    } 
    include 'register.php'; // Show the form again! 
     exit();  // exit the script so that we do not create this account! 
}
//if everything checks out create the user!
		else

		{function makeRandomPassword() { 
                                                $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
                                                srand((double)microtime()*1000000);  
                                                                        $i = 0; 
                                                                        while ($i <= 7) { 
                                                                        $num = rand() % 33; 
                                                                        $tmp = substr($salt, $num, 1); 
                                                                        $pass = $pass . $tmp; 
                                                                        $i++; 
      } 
                                                return $pass; 
}
//create a random password to be emailed for email conformation

                        $random_password = makeRandomPassword(); 
                        $db_password = md5($random_password); 
                        // Enter info into the Database.
                        $sql = mysql_query("INSERT INTO 'users' ('username', 'password', 'email', 'name', 'gender', 'signup_date') 
                                VALUES('$username', '$db_password','$email', '$name', '$gender', now())") or die (mysql_error()); 
                        if(!$sql){ 
                            echo 'There has been an error creating your account. Please contact the webmaster.'; 
                        } else { 
                            $userid = mysql_insert_id(); 
                            // Let's mail the user! 
                            $subject = "Your Membership at Xuthonia!"; 
                            $message = "Dear $name, 
                            Thank you for registering at our website, http://xuthonia.peach-sinner.org! 
                            You are two steps away from logging in and accessing our exclusive members area. 
                            To activate your membership, please click here: http://xuthonia.peach-sinner.org/activate.php?id=$userid&code=$db_password 
                            Once you activate your memebership, you will be able to login 
                            with the following information: 
                            Username: $username 
                            Password: $random_password 
                            Thanks! 
                                                    The Webmaster 
                            This is an automated response, please do not reply!";  
                            $sendemail = mail($email, $subject, $message,  
                                "From: the Webmaster<mishie@peach-sinner.org>\n 
                                X-Mailer: PHP/" . phpversion()); 
                            if(!$sendemail) { print 'There was an error setting up your account.';
                                                }
                        else {print'Your membership information has been mailed to your email address! 
                            Please check it and follow the directions!'; }
} 

		}


}

?>

 

login.php

<?php 
$pagetitle = 'Login';
include('header.php');
?>
   <h1>Please log in below:</h1> 
<p><form action="log.php" method="post">Username: <input type="text" name="username" size="20"><br /> 
Password: <input type="password" name="password" size="20"><br /><input type="submit" value="Login" /></form></p>
<?php include('footer.php'); ?>

 

log.php

<?php session_start();

require ("db_config.php"); //Gets the connect file

//lets make things safe
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));

        //check to see if the username is in the database
        	$sql_user_check = "SELECT * FROM users WHERE username='$username'"; 
                
                $check = mysql_query($sql_user_check) or die(mysql_error());

                $find = mysql_num_rows($check) or die (mysql_error());
                 
                if ($find == 0) { 
                        $error = "User $username not found.";
                        

} else {
    //if everything's good, connect to the database and get the user's info
    $sql_pass_get = mysql_query("SELECT * FROM users WHERE username='$username'") or die(mysql_error()); 
    $user_info = mysql_fetch_array($sql_pass_get) or die(mysql_error()); 
    $encryptpass = $user_info['encryptpass']; 

if ($encryptpass != $password) { 
        $error = "Invalid password.  Try again."; 
    }  else {
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['name'] = $user_info['name']; 
        $_SESSION['email']  = $user_info['email']; 
        $_SESSION['rank']  = $user_info['rank'];

	}
}
        
        //if it doesn't work, print an error and the login page
if (!$_SESSION['username']) { 
    if ($error) { 
        echo $error; 
        include("login.php");
    } 
} else {
    //if everything goes great then welcome the user!
    echo "Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings."; 
} 
?>

Header.php and footer.php are basic html files.  Nothing special.

 

Now the db_config.php file already has the error_reporting(E_ALL); function, and you can tell I've tried to see where this isn't working with all of the die() functions EVERYWHERE.  I'm just clueless now because I'm not getting any errors if I do things normally!  Granted it's nice to know it won't let you use an email twice xD  That's about the only thing that seems to halfway work.

 

I know it's late, but if someone could give me the slightest input on this I'd be greatful.  I'm just completely stumped right now. 

 

Any tip is appreciated =)

[btherl]

You've described the problems, but what is the behaviour you want? Instead of the problem behaviour.

 

One problem I notice - mysql_num_rows() operates on the mysql result, not on the result of mysql_fetch_row().  So you should do like this:

 

$checkun = mysql_query("SELECT 'username' FROM users WHERE username='$username'") or die (mysql_error());
$checkuser = mysql_fetch_row($checkun) or die (mysql_error());
$checkname = mysql_num_rows($checkun) or die (mysql_error());

[MishieMoo]

I thought that was kind of obvious.  I want the login script to log the user in, and as of right now just display a welcome script, and the registration script to create the user and send out a validation email, with a temporary password.  I also want both scripts to do a check to make sure that there is a user for the login script, and that there isn't for the registration script...

 

And changing that does basically nothing.  It just eliminates the mysql error when a used username is entered into the registration script.  Now the only way I can get something but a blank page to show up is to enter in the email I've already used, which returns me to the registration page.

[btherl]

Sorry, I misread your post.  I think I get it now.  The 2 problems are

 

1. Correctly completed registration script shows blank page

2. Correct login at login.php displays login.php again

 

Ok, to deal with blank pages you must make sure display_errors is on.  If it is, and you still get blank page, then you can find the error by adding print statements to indicate how far the script gets before dying.  In situations where display_errors is on but blank pages result, the problem is usually a logic error, and that can be found using print statements in places where you think the script should be running, and noticing that they don't run.

 

For login.php, firstly you repeat the same query twice.  No need to do that.  But that's not the problem.

 

I would also add some diagnostic print messages there, so you can see which code is really being executed.  Given that you were able to login once only, the problem may be due to left-over session data.  You can clear that using a web developer extension, such as Microsoft's IE developer toolbar, or the firefox web developer toolbar.

 

It's likely that some of your problems are due to misleading indentation.  You should make sure that the indentation of your code matches its meaning, otherwise it's very hard to interpret the logic.

[MishieMoo]

Well I don't know how to execute display_error...I don't even know what that is.  I'm very new to php.

 

And I don't know how to do the indentation either...I do what seems relevant to me and my logic is clearly different.  Is there some sort of unwritten standard for that?

 

And I've tried doing the print checks...and still nothing.  The only thing that worked was the connection to the database one.

 

Thanks so much.

[btherl]

There's a few standards.. here's some of the common ones

 

if (something) {
    while (something) {
        do something
    }
}

 

Everything inside a condition or a loop is at a new level of indent.  Another common style is this:

 

if (something)
{
    while (something)
    {
        do something
    }
}

 

Both styles make it clear where a loop and condition starts and ends.

 

display_errors can be set with this code at the very top of your script

 

ini_set('display_errors', 1);

 

If the print checks do nothing, then that code is not running.  Simple   So you need to ask yourself, why is that code not running when I think it should be?  It's likely one of the things you are testing is not what you thought it would be.

[MishieMoo]

Okay...that does nothing with the registration script.  I'll play around with it more.

 

And from playing around, I found out that the problem lies somewhere after the usercheck..aka after $find = mysql_num_rows($check) or die (mysql_error()); something goes wrong.  So there's something wrong with the password check...I think.

 

...okay so this post has been sitting in my browser for over an hour.  So now I've figured out, through more testing, that I'm not getting any information from my database in the checkreg.php file. And I have no idea why...

 

Everything's good until the first mysql_query.

[MishieMoo]

Darn modify timeout...

 

I played around with it more...that error thing is quite helpful!

 

I can login now!

 

Only problem with the log.php script now is that if there's no $error, it prints a Notice.  But if there's no $error that's good!  What do I do about that?

 

That and the sessions aren't registering.  I try to go to the settings page and I get a "you aren't logged in " error.  But I need to recheck that code I think...

[btherl]

Notice: Undefined variable?  You can fix that with

 

$error = '';

 

at the top of your script.  Then to check it later

 

if (!empty($error)) {
  print $error;
}

 

If you keep using the same technique, printing out stuff, then I am sure you will find at least the location of the problem.  Once you find the location and still cannot solve the bug, post here with the details.

[MishieMoo]

Thankies much!  That solves more problems than you know!  And the login is working right now, as well as the main settings page +  ::gives cookies::

 

Okay now I've been testing the registration script, and with the print checks, it goes until the mysql_num_rows() function then doesn't print anything else.  Again, no errors even with the ini_set function.

$checkun = mysql_query("SELECT username FROM users WHERE username='$username'") or die (mysql_error());
                                
                                if($checkun) {print 'Username found!';}
                            
                            $checkname = mysql_num_rows($checkun) or die (mysql_error());
                         
                                if($checkname == 0) {print 'Username can be used!';}

Okay now I'm stumped.  There's no error with the mysql_num_rows() function, but it doesn't seem to be working at all.  I get the Username found! prompt, but not the Username can be used! prompt, or any thereafter.

 

Is there something I'm missing?

[MishieMoo]

...Sadly a bump.  I need to fix this.

 

No matter what I do now, the first mysql_num_rows () function will not work!

[revraz]

$checkun = mysql_query("SELECT username FROM users WHERE username='$username'") or die (mysql_error());
$checkname = mysql_num_rows($checkun) or die (mysql_error());
                               
if($checkname > 0) {print 'Username found!';}
                            
else {print 'Username can be used!';}

[MishieMoo]

I still get nothing.  Neither of those show up.  No errors.  No nothing.  That's the problem. There's something up with the mysql_num_rows() and everything is the right name.  I've checked it over a million times...

[revraz]

echo $username

echo $checkname

 

see what they contain

[btherl]

Here is how I would approach the problem:

 

$checkun = mysql_query("SELECT username FROM users WHERE username='$username'") or die (mysql_error());
                                
                                if($checkun) {print 'Username found!';}
print "<br>mysql_num_rows(checkun) = " . mysql_num_rows($checkun);
                            $checkname = mysql_num_rows($checkun) or die (mysql_error());
print "<br>After mysql_num_rows()";
                                if($checkname == 0) {print 'Username can be used!';}

 

OK, that does 2 things - the first print shows you the value of mysql_num_rows().  And the second print confirms that the script DOES really stop EXACTLY after mysql_num_rows(), and not somewhere a bit further down.  I'm confident that those two together will find the problem.

[MishieMoo]

Okay so the first print shows, but the second one doesn't.  I get:

 

mysql_num_rows(checkun) = 0

 

Which is a good thing, at least.  The username found! thing prints too.  But what exactly does this mean?  So it really does stop after the mysql_num_rows().  Now what o.O

[btherl]

What it means is that the query found 0 rows.  In other words, the username did not match.

 

The next thing I would do is print out your query.  You can do it like this:

 

$sql = "SELECT username FROM users WHERE username='$username'";
print "<br>Executing query: $sql";
$checkun = mysql_query($sql) or die (mysql_error());

[MishieMoo]

It's not SUPPOSED to output anything.  It's a check to make sure that the username isn't already taken, for the registration script.  I don't want two users with the same username.  I've seen that this is only the way to do it...

 

Unless there's another way to do it?

 

(aka the membership tutorial on here says to use this and it apparently works)

[btherl]

So you want to do nothing if the username is NOT found, but do something if the username IS found?

 

Then you need to do this:

 

if (mysql_num_rows($checkun) > 0) {
  print "Username already taken";
}

 

That's all.  You can't use "or die" with mysql_num_rows(), because mysql_num_rows() can return 0, and 0 will cause the "or die" to trigger.

[MishieMoo]

I figured out another way to do that and it works now using objects.  Thanks for that though! (It all makes sense now....I might use that instead of the solution that I found because it's more succinct)

 

But I'm having trouble now inserting it all into the table:

 

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'password', 'email', 'name', 'gender', 'signup_date

 

Corresponding code:

 $sql = mysql_query("INSERT INTO users ('username', 'password', 'email', 'name', 'gender', 'signup_date') 
                               VALUES('$username', '$db_password','$email', '$name', '$gender', now())") or die (mysql_error()); 

[btherl]

Ooh, I almost missed it.  You need to remove the single quotes around the column names.  But you should keep them around the values.  So

 

$sql = mysql_query("INSERT INTO users (username, password, email, name, gender, signup_date) 
                                VALUES('$username', '$db_password','$email', '$name', '$gender', now())") or die (mysql_error()); 

[revraz]

Which is exactly what I did on the first page of posts.

 

So you want to do nothing if the username is NOT found, but do something if the username IS found?

 

Then you need to do this:

 

if (mysql_num_rows($checkun) > 0) {
  print "Username already taken";
}

 

That's all.  You can't use "or die" with mysql_num_rows(), because mysql_num_rows() can return 0, and 0 will cause the "or die" to trigger.

[MishieMoo]

Sorry revraz that code you gave me didn't work, though.  It is slightly different.

 

And it works now!  Thanks to both of you!! ::does a little dance::