Problems with my signup and login script.

[murderslastcrow]

Alright, I'm trying to create a new site with customizable games and the such with a point system, etc., and I know how to add points and insert new users and things, but the problem is that my login and signup scripts both have problems.

 

You can see them by trying to sign up or login here: mlcARCADE website.

 

Here's a copy of the scripts straight from file. I won't include the scripts on the other pages, since they've worked with no problem so far. The only problems I've found with executing any scripts are with adduser.php and checkpass.php. NOTE BEFORE YOU READ! mysql.php is the file that signs onto the database.

 

checkpass.php contents:

 

"<?php

        session_start();

        include "mysql.php";

        $_POST['loginusername'] = addslashes($_POST['loginusername']); // protects against SQL injection

        $_POST['loginpassword'] = addslashes($_POST['loginpassword']); // same ^^

        $password = md5($_POST['loginpassword']); // encrypt the password

        $userrow = mysql_query("SELECT * FROM `mlcARCuserstats` "

. "WHERE `username` = '" . $_POST['loginusername'] . "'"

. " AND `password` = '" . $password . "';",$mysql);

        if(mysql_num_rows($userrow) != "1"){

                // no rows found, wrong password or username

                echo "<font color='red'><b>Wrong username or password!</b></font>";

        } else {

                // 1 row found exactly, we have the user!

                $_SESSION['user'] = $_POST['loginusername'];

                echo "Successfully logged in!";

        }

?>"

 

Error message associated : "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/murders/public_html/checkpass.php on line 10"

 

adduser.php contents:

 

"<?php

        session_start();

        include "mysql.php";

        $username = addslashes($_POST['signupusername']); // protects against SQL injection

        $_POST['signuppassword'] = addslashes($_POST['signuppassword']); // same ^^

        $_POST['signuppassword1'] = addslashes($_POST['signuppassword1']); // same ^^

$_POST['signupemail'] = addslashes($_POST['signupemail']); // same ^^

        $checkUsername = mysql_query("SELECT `username` FROM `mlcARCuserstats` "

. "WHERE `username` = '" . $_POST['signupusername'] . "'",$mysql);

        if(mysql_num_rows($checkUsername) == "1"){

                header("Location: mlcARCsignupfail.html");

                exit;

        }

        If(strlen($_POST['signupusername'] > 32)){

                header("Location: mlcARCsignupfail.html");

                exit;

        if($_POST['signuppassword'] != $_POST['signuppassword1']){

                header("Location: mlcARCsignupfail.html");

                exit;

        }

        $password = md5($_POST['signuppassword']);

$email = ($_POST['signupemail']);

        mysql_query("INSERT INTO `mlcARCuserstats` (`username`,`password`,`email`) "

. "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql);

        $_SESSION['user'] = $username;

        header("Location: mlcARCsignupwin.html");

exit;

?>"

 

Error message associated : "Parse error: syntax error, unexpected $end in /home/murders/public_html/adduser.php on line 28"

 

Can anyone tell me what I've done wrong with these scripts so that I can correct the problem and continue development without worrying if the login system will work, later?

[revraz]

First error, there is a problem with your query so no Resource is set to do a fetch on.

 

Second error, you didnt close a bracket somewhere ) }

[marklarah]

also try unquoting $_SESSION['user']

[revraz]

When you do a operator on a number, don't quote it

 

if(mysql_num_rows($userrow) != "1")

 

should be

 

if(mysql_num_rows($userrow) != 1)

[chronister]

also try unquoting $_SESSION['user']

 

I don't see anywhere the poster has a misquoted $_SESSION['user'];

 

The 'user' part HAS to be quoted like that as it is a string that is being used for the key.

 

murderslastcrow - don't change the $_SESSION part... but the other 2 things need to be fixed.

 

I would do this part of the code

$checkUsername = mysql_query("SELECT `username` FROM `mlcARCuserstats` "
. "WHERE `username` = '" . $_POST['signupusername'] . "'",$mysql);

 

like this

 

<?php
  $signupusername = $_POST['signupusername'];
  $query="SELECT username FROM mlcARCuserstats WHERE username = '$signupusername'";
  $checkUsername = mysql_query($query) or die(mysql_error());
?>

 

 

Nate

[murderslastcrow]

K, here's the revised scripts and their problems. I'm including mysql.php, since it might have something to do with it.

 

First, here's the layout of my database.

 

database: murders_ArcadePlus

table: mlcARCuserstats

User assigned to the database: murders_mlcARC

Password: **** (for privacy purposes)

 

mysql.php

 

"<?php

        $mysql = mysql_connect("localhost","murders_mlcARC","****"); // connect to the mysql database

        mysql_select_db("murders_ArcadePlus",$mysql); // select the database

?>"

 

checkpass.php

 

"<?php

        session_start();

        include "mysql.php";

        $_POST['loginusername'] = addslashes($_POST['loginusername']); // protects against SQL injection

        $_POST['loginpassword'] = addslashes($_POST['loginpassword']); // same ^^

        $password = md5($_POST['loginpassword']); // encrypt the password

        $userrow = mysql_query("SELECT * FROM `mlcARCuserstats` "

. "WHERE `username` = '" . $_POST['loginusername'] . "'"

. " AND `password` = '" . $password . "';",$mysql);

$finalrow = mysql_fetch_array($userrow) or die(mysql_error());

        if(mysql_num_rows($finalrow) != 1){

                // no rows found, wrong password or username

                echo "<font color='red'><b>Wrong username or password!</b></font>";

        } else {

                // 1 row found exactly, we have the user!

                $_SESSION['user'] = $_POST['loginusername'];

                echo "Successfully logged in!";

        }

?>"

 

Error Message: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/murders/public_html/checkpass.php on line 10

No database selected

 

adduser.php

 

"<?php

        session_start();

        include "mysql.php";

        $username = addslashes($_POST['signupusername']); // protects against SQL injection

        $_POST['signuppassword'] = addslashes($_POST['signuppassword']); // same ^^

        $_POST['signuppassword1'] = addslashes($_POST['signuppassword1']); // same ^^

$_POST['signupemail'] = addslashes($_POST['signupemail']); // same ^^

  $signupusername = $_POST['signupusername'];

  $query="SELECT username FROM mlcARCuserstats WHERE username = '$signupusername'";

  $checkUsername = mysql_query($query) or die(mysql_error());

        if(mysql_num_rows($checkUsername) == 1){

                header("Location: mlcARCsignupfail.html");

                exit;

        }

        If(strlen($_POST['signupusername'] > 32)){

                header("Location: mlcARCsignupfail.html");

                exit;}

        if($_POST['signuppassword'] != $_POST['signuppassword1']){

                header("Location: mlcARCsignupfail.html");

                exit;

        }

        $password = md5($_POST['signuppassword']);

$email = ($_POST['signupemail']);

        mysql_query("INSERT INTO `mlcARCuserstats` (`username`,`password`,`email`) "

. "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql);

        $_SESSION['user'] = $username;

        header("Location: mlcARCsignupwin.html");

exit;

?>"

 

Error Message: No database selected

[revraz]

Error is in your connection code, verify the db name, server name, user, pw for it.

[marklarah]

actually guys, I fixed it. I didn't have the session variable at the top of the page >_>

[revraz]

Mark as Solved

[marklarah]

where is that?

[revraz]

Right next to REPLY

[marklarah]

Whoops wrong topic

[marklarah]

not my topic.

[revraz]

Either you have two accounts here or your are not the original poster.

 

Whoops wrong topic

[murderslastcrow]

Uh yeah, I haven't fixed it. O.o I don't know how that happened. Don't mark as solved. XD

 

So, I don't want to sound stupid, but how would I revise the connection code to verify the database? I've researched online and I can't see where the problem is. And still, there seems to be a problem reading the resource with the checkpass.php code.

 

Sorry if I'm being obnoxious, but I really need to fix this up, soon, so I can get on with the project. Any more suggestions? Thank you so much for your help so far.

[murderslastcrow]

If it helps, I'd be willing to pay someone to help me get whatever's wrong with my scripts taken care of. I just need it to work.

[revraz]

You need to verify that is the correct mysql server name, id, password and database name.  You are not making a connection so it won't return any results.

[murderslastcrow]

Well, I posted the heirarchy of the database, and it matched up with what I typed in. What could I be missing? o.o I'll look over it again. Sorry that I'm taking so long with this one, guys. I've learned a lot about php in my life, but apparently not enough. I don't want to have to hire a professional when I already have all the tools I need.