php login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dirksmith
Forum Newbie
Posts: 11
Joined: Fri Oct 07, 2005 4:19 pm

php login

Post by dirksmith »

Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


hi


I'm trying to set-up the  register and login example in Chapter 12 (Larry Ullman PHP and MySQL for dynamic websites) - with an extra entry field of 'url'.  The code exactly replicates the chapter 12 source code - with the extra 'url' component.

The database has been set-up correctly and the registration process works fine - with the input data being received and logged in the appropriate rows / columns in the database (see: http://www.red-media-design.com/database.htm).  

However, the login set-up isn't working - and I can't see where the code is going wrong - despite having examined it for the past 24 hours.

I'd be grateful for a 2nd pair of eyes to look at the code below and the database to see where the problem is.

Many thanx

Dirk


The registration page code:

Code: Select all

if (isset($_POST['submit'])) { // Handle the form.

	require_once ('xxxxxxx/mysql_connect.php'); // Connect to the database.
	
	// Check for a first name.
	if (eregi ("^[[].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) {
		$fn = escape_data($_POST['first_name']);
	} else {
		$fn = FALSE;
		echo '<p><font color="red" size="+1">Please enter your first name!</font></p>';
	}
	
	// Check for a last name.
	if (eregi ("^[[].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) {
		$ln = escape_data($_POST['last_name']);
	} else {
		$ln = FALSE;
		echo '<p><font color="red" size="+1">Please enter your last name!</font></p>';
	}
	
	// Check for an email address.
	if (eregi ("^[[]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) {
		$e = escape_data($_POST['email']);
	} else {
		$e = FALSE;
		echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
	}
	
	// Check for a client url address.
	if (eregi ("^[[]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['url'])))) {
		$e = escape_data($_POST['url']);
	} else {
		$e = FALSE;
		echo '<p><font color="red" size="+1">Please enter a client url!</font></p>';
	}

	// Check for a username.
	if (eregi ("^[[]_]{4,20}$", stripslashes(trim($_POST['username'])))) {
		$u = escape_data($_POST['username']);
	} else {
		$u = FALSE;
		echo '<p><font color="red" size="+1">Please enter a valid username!</font></p>';
	}
	
	// Check for a password and match against the confirmed password.
	if (eregi ("^[[]]{4,20}$", stripslashes(trim($_POST['password1'])))) {
		if ($_POST['password1'] == $_POST['password2']) {
			$p = escape_data($_POST['password1']);
		} else {
			$p = FALSE;
			echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';
		}
	} else {
		$p = FALSE;
		echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
	}
	
	if ($fn && $ln && $e && $url && $u && $p) { // If everything's OK.

		// Make sure the username is available.
		$query = "SELECT user_id FROM users WHERE username='$u'";		
		$result = @mysql_query ($query);
		
		if (mysql_num_rows($result) == 0) { // Available.
		
			// Add the user.
			$query = "INSERT INTO users (username, first_name, last_name, email, url, password, registration_date) VALUES ('$u', '$fn', '$ln', '$e', '$url' , PASSWORD('$p'), NOW() )";		
			$result = @mysql_query ($query); // Run the query.

			if ($result) { // If it ran OK.
			
				// Send an email, if desired.
				echo '<h3>Thank you for registering!</h3>';
				exit();				
				
			} else { // If it did not run OK.
				// Send a message to the error log, if desired.
				echo '<p><font color="red" size="+1">You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; 
			}		
			
		} else { // The username is not available.
			echo '<p><font color="red" size="+1">That username is already taken.</font></p>'; 
		}
		
		mysql_close(); // Close the database connection.

	} else { // If one of the data tests failed.
		echo '<p><font color="red" size="+1">Please try again.</font></p>';		
	}

} // End of the main Submit conditional.
?>
	
	<h1>Register</h1>
	<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
	<fieldset>
	
	<p><b>First Name:</b> <input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p>
	
	<p><b>Last Name:</b> <input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p>
	
	<p><b>Email Address:</b> <input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p>
	
	<p><b>Client URL:</b> <input type="text" name="url" size="50" maxlength="40" value="<?php if (isset($_POST['url'])) echo $_POST['url']; ?>" /> </p>
	
	<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p>
	
	<p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters and numbers. Must be between 4 and 20 characters long.</small></p>
	
	<p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>
	</fieldset>
	
	<div align="center"><input type="submit" name="submit" value="Register" /></div>
	
	</form><!-- End of Form -->



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


The login code:

<?php # Script 12.7 - login.php
// This is the login page for the site.

// Include the configuration file for error management and such.
require_once ('xxxxxxxxx/config.inc'); 

// Set the page title and include the HTML header.
$page_title = 'Login';


if (isset($_POST['submit'])) { // Check if the form has been submitted.

	require_once ('xxxxxxx/mysql_connect.php'); // Connect to the database.
	
	if (empty($_POST['username'])) { // Validate the username.
		$u = FALSE;
		echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
	} else {
		$u = escape_data($_POST['username']);
	}
	
	if (empty($_POST['password'])) { // Validate the password.
		$p = FALSE;
		echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
	} else {
		$p = escape_data($_POST['password']);
	}
	
	if ($u && $p) { // If everything's OK.
	
		// Query the database.
		$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";		
		$result = @mysql_query ($query);
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		
		if ($row) { // A match was made.
				
				// Start the session, register the values & redirect.
				$_SESSION['first_name'] = $row[1];
				$_SESSION['user_id'] = $row[0];
				
				ob_end_clean(); // Delete the buffer.
				
				header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "www.red-media-design.com/client_page_test.php");
				exit();
				
		} else { // No match was made.
			echo '<p><font color="red" size="+1">The username and password entered do not match those on file.</font></p>'; 
		}
		
		mysql_close(); // Close the database connection.
		
	} else { // If everything wasn't OK.
		echo '<p><font color="red" size="+1">Please try again.</font></p>';		
	}
	
} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to login.</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p><b>User Name:</b> <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</fieldset></form><!-- End of Form -->
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
chrys
Forum Contributor
Posts: 118
Joined: Tue Oct 04, 2005 9:41 am
Location: West Roxbury, MA (Boston)

Post by chrys »

I'm not too clear on what doesn't work, but if it's accessing session variables... here is the answer:

use session_start() at the beginning of every file that needs to use sessions.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

post on the official forums: http://www.dmcinsights.com/phpmysql/
or just download all the books scripts from that website and try the same script your having trouble with in your web server to see if that one works or not, if it does, open them up side by side and compare.
dirksmith
Forum Newbie
Posts: 11
Joined: Fri Oct 07, 2005 4:19 pm

LOGIN

Post by dirksmith »

thanx - good advice. - i'ved also logged this on the Ullman site.

the issue i'm having is that the database has accepted the username and password ( http://www.red-media-design.com/database.htm) - but is not accepting those entries for the login.

I think the issue maybe the 'firstname' - called by the page session once the user is looged in.

The Ullman book requires that the first_name, last_name and password rows have the 'KEY' identifier.

My phpadmin doesn't have this tag - is 'KEY' the same as 'INDEX'?

thanx

dirk
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

key = index
index = key
:)
Post Reply