Page 1 of 1

Login Script

Posted: Sun Jan 02, 2011 11:25 pm
by VeritasSegus
Hello everyone,

I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help.

Code: Select all

<html>
<body>
<b> Member Login </b> <br />
<form name="input" action="checklogin.php" method="post">
Username : <input type="text" name="myusername" id="username"> <br />
Password : <input type="password" name="mypassword" id="password"> <br />
<input type="checkbox" name="remember" value="checkbox"> Remember me <br />
<input type="submit" value="Login">
Not a member? <a href="./register.php">Register!</a>
</form>
</body>
</html>

Code: Select all

<?php
$host="localhost";
$usr="root";
$pwd="";
$db="MemberDB";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die("Unable to connect");
mysql_select_db($db) or die("Unable to select database");

$myusr = $_POST['myusername'];
$mypswd = md5($_POST['mypassword']);

$myusername = stripslashes(strip_tags($myusr));
$mypassword = stripslashes(strip_tags($mypswd));
$myusername = mysql_real_escape_string($myusr);
$mypassword = mysql_real_escape_string($mypswd);

$sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if ($count==1) {
session_register("myusername");
session_register("mypassword");
header("location:menu.php");
}
else {
echo "Incorrect Username or Password";
}
?>

Code: Select all

<?php
$host="localhost";
$usr="root";
$pwd="";
$db="MemberDB";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die("Unable to connect");
mysql_select_db($db) or die("Unable to select database");

if (isset($_POST['register'])) 
{ 

$query = "INSERT INTO members ('username', 'password', 'email') 
VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')";
			
mysql_query($db,$query) or die();
mysql_close();

echo "You have successfully registered!";
}
else{
?>
<html>
<body>
<b> Register</b> <br />
<form name="register" action="./register.php" method="post">
Username : <input type="text" name="username" id="username"> <br />
Password : <input type="password" name="password" id="password1"> <br />
Confirm Password : <input type="password" name="password2" id="password2"> <br />
Email: <input type="text" name="email" id="email"> <br />
<input type="submit" value="register">
</form>
</body>
</html>
<?php
}
?>

Re: Login Script

Posted: Mon Jan 03, 2011 2:13 am
by Sinkrad
I think the problem is with:

register.php:

Code: Select all

mysql_query($db,$query)


mysql_query takes 2 arguments, but only the first one is required.
The first one is always: the query, for the second argument you can place the connection,
but it will automatically take the last used connection.

register.php
Try:

Code: Select all

mysql_query($query)


You have already selected the db and made a conenction, so you don't have to specify it again.

Code: Select all

mysql_connect($host, $usr, $pwd) or die("Unable to connect");
mysql_select_db($db) or die("Unable to select database");


I hope this solves your problem

Re: Login Script

Posted: Mon Jan 03, 2011 10:20 am
by social_experiment
As another poster points out, remove the $db argument from mysql_query(). Also, $db in this instance is the name of the databse and if you were to pass a second argument it has to be a link identifier.

Are you calling the registration form on itself?

It is also generally a good idea to see if your query meets certain conditions:

Code: Select all

<?php
$sql = mysql_query($query);
if ($sql) {
 echo "You have successfully registered";
}
else {
 // Registration failed
}
?>

Re: Login Script

Posted: Mon Jan 03, 2011 11:30 am
by VeritasSegus
Thank you for the help. However, the code still does not work after removing the $db from the query function. The form does call on register.php (self) with the if (isset) else function I am using. I know that this is probably not the best/most efficient way, but I would like to get something functional and then play around with it to edit it/improve on it (e.g. verify that both passwords match, that username is not already taken, etc.). I appreciate the input!

Edit:
I found an error in the the way I had defined my query and receive this error:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''username', 'password', 'email') VALUES('Test', 'md5(Test)', 'Test@test.com')' at line 1"

The Test values are those that I entered into fields for register.php. I have checked this line against several tutorials and don't see where the error lies

Re: Login Script

Posted: Mon Jan 03, 2011 12:47 pm
by VeritasSegus
I found the error: the ' ' around the table values needed to be removed. Also, to correctly to turn pw into md5 hash I needed to include md5() function on a separate line. Here is the corrected code:

Code: Select all

$md5pwd = md5("$_POST[password]");
$query = "INSERT INTO members (username, password, email) 
VALUES('$_POST[username]', '$md5pwd', '$_POST[email]')";
Thank you everyone for the help