login/reg form not working
Posted: Thu Jun 18, 2009 2:26 am
http://www.gamemakerforums.com/main.php
is it cause i'm using images as submit buttons?
Code:
is it cause i'm using images as submit buttons?
Code:
Code: Select all
<?php
session_start();
include "template.php";
include "mysql.php";
$template = &New Template;
if(isset($_SESSION['userid']))
{
header("Location: index.php");
exit;
}
//set templates
$template->set_filenames(array('body' => "templates/default/main.tpl"));
if(isset($_POST['Reg']))
{
//vars
$ip = $_SERVER['REMOTE_ADDR'];
$user = mysql_real_escape_string($_POST['textUser']);
$pass = mysql_real_escape_string($_POST['textPass']);
$email = mysql_real_escape_string($_POST['textEmail']);
$ref = mysql_real_escape_string($_GET['ref']);
$time = time();
//check if username in use
$result = mysql_query("SELECT userid FROM users WHERE username='$user'");
if (mysql_num_rows($result) == 1)
{
//set error message
$err = 'Username in use<br>';
}
//check if email in use
$result = mysql_query("SELECT userid FROM users WHERE email='$email'");
if (mysql_num_rows($result) == 1)
{
//set error message
$err .= 'Email in use<br>';
}
//check if ip address is allready used
$result = mysql_query("SELECT userid FROM users WHERE lastip='$ip'");
if (mysql_num_rows($result) == 1)
{
//set error message
$err .= 'IP address allready in use<br>';
}
//check if there was an error
if (strlen($err) > 0 )
{
//set template var
$template->assign_var("MESSAGE" , $err);
}
else //reg details OK.
{
/*
//if a referral
if(isset($_GET['ref']))
{
//check if referal username exists
$result = mysql_query("SELECT userid FROM users WHERE username='$ref'") or die(mysql_error());
if (mysql_num_rows($result) == 1)
{
//get user
$user = mysql_fetch_object($result);
//check reward
$result = mysql_query("SELECT conf_value FROM settings WHERE conf_name='Referral'") or die(mysql_error());
$setting = mysql_fetch_object($result);
//give reward to referal
mysql_query("UPDATE users SET money=money+$setting->conf_value WHERE userid='$user->userid'") or die(mysql_error());
}
}
*/
//insert new user query
mysql_query("INSERT INTO users (username, userpass, lastip, signedup, email) VALUES ('$user','$pass','$ip','$time','$email')") or die(mysql_error());
//run query
$result = mysql_query("SELECT userid FROM users WHERE username='$user'") or die(mysql_error());
//fetch user information
$user = mysql_fetch_object($result);
//set session
$_SESSION['userid'] = $user->userid;
//redirect user
header("Location: index.php");
}
}
if(isset($_POST['Login']))
{
//vars
$user = mysql_real_escape_string($_POST['textUser']);
$pass = mysql_real_escape_string($_POST['textPass']);
//run query
$result = mysql_query("SELECT userid FROM users WHERE username='$user' AND userpass='$pass'") or die(mysql_error());
//if username and password match
if (mysql_num_rows($result) == 1)
{
//fetch user information
$user = mysql_fetch_object($result);
//set session
$_SESSION['userid'] = $user->userid;
//redirect user
header("Location: index.php");
}
else
{
//set var
$template->assign_var("MESSAGE" , 'Incorrect username and password combination');
}
}
//parse templates
$template->pparse('body');
?>