Hi stryks,
The problem i was having where I was getting an error message in do_login is now solved. The problem was that my registration script was inserting the user password after encrypting it, but when i tried logging in i was given an error message because the password was retrieved in the encrypted form from mysql and compared with the login password which was not encrypted and hence the error message on comparison between the encrypted and decrypted password. I guess i am right because when i remove the encryption stuff and store the passwords in mysql as plain text i donot get any error and everything is fine.
The things that are not solved are 1) The one page registration you had suggested earlier and 2) The passwords stored as plain text, where as i want them to be stored in an encrypted format and later have a method to decrypt it.
Also, i have included a function where the user is emailed his forgotten password. But the function is not working
This is register.php
Code: Select all
<?php
include "header1.php";
?>
<div id="content">
<div id="left" style="left: 0px; top: 0px">
<ul>
<li>Email address :</li>
<li>Preferred username :</li>
<li>Password :</li>
<li>Confirm password :</li>
</ul>
</div>
<div id="right">
<p style="left: -1px; top: 0px"><font size="4.5px">REGISTER</font></p>
<form action="do_register.php" name="register_form">
<input type="text" size="20" name="email"><br><br>
<input type="text" size="20" name="username"> (6 to 16 chars)<br><br>
<input type="password" size="20" name="password"> (6 to 16 chars)<br><br>
<input type="password" size="20" name="password2"><br><br>
<input type="submit" name="Submit" value="submit">
<input type="reset" name="Reset" value="reset">
</form>
</div>
</div>
This is do_register.php
Code: Select all
<?php
include "header1.php";
?>
<div id="content">
<?php
//include function files for this application
require("PDMS_fns.php");
// start session which may be needed later
// start it now because it must go before headers
session_start();
if (!valid_email($email))
{
print("<script type = 'text/javascript'>alert('Not a valid email address');</script>");
exit();
}
// check username length
if(( strlen($username) < 6 ) || (strlen($username) > 16))
{
print("<script language = 'javascript'>alert('Username must be between 6 to 16 characters');</script>");
exit();
}
// passwords not same
if($password != $password2)
{
print("<script language = 'javascript'>alert('Passwords donot match');</script>");
exit();
}
// check password length is ok
// ok if username truncates, but passwords will get munged if they are too long.
if (strlen($password) < 6 || strlen($password) > 16)
{
print("<script language = 'javascript'>alert('Password must be between 6 to 16 characters');</script>");
exit();
}
// attempt to register after all validation is done
function register($username, $email, $password)
// register new person with db
// return true or error message
{
// connect to database
$conn = db_connect();
if(!$conn)
{
print("<script language = 'javascript'>alert('Could not connect to database server- retry');</script>");
exit();
}
// check if username is unique
$result = mysql_query("select * from users where username='$username'");
if(!$result)
{
print("<script language = 'javascript'>alert('Could not execute query');</script>");
exit();
}
if(mysql_num_rows($result)>0)
{
print("<script language = 'javascript'>alert('You are already registered');</script>");
exit();
}
// if ok put in db
$result = mysql_query("insert into users values('', '$username', '$password', '$email')");
if(!$result)
{
print("<script language = 'javascript'>alert('Could not register-try again');</script>"); // see pg-337 from pdf tutorial for password() function above
exit();
}
return true;
}
$reg_result = register($username, $email, $password);
if($reg_result == "true")
{
// register session variable
$valid_user = $username;
session_register("valid_user");
// provide link to members page
echo "<p><br><br><center>You have been registered as $valid_user -go to <a href='login.php'>login</a> page to start</center></p>";
}
else
{
// otherwise, provide link back, tell them to try again
echo "<p><br><br><center>Regiatration failed- <a href='register.php'>Retry</a></center></p>";
exit();
}
?>
</div>
<?php
include "footer.php";
?>
This is user_auth_fns
Code: Select all
<?php
// this function checks a user's details against the database
function login($username, $password)
// check username and password with database
// if yes, return true else return false
{
$conn = db_connect();
if(!$conn)
return 0;
// check if username is unique
$result = mysql_query("select * from users where username ='$username' && password = '$password'");
if(!$result)
return 0;
if(mysql_num_rows($result)>0)
return 1;
else
return 0;
}
// the below function will be needed to verify if a user has a session already running
function check_valid_user()
{
// see if somebody is logged in and notify them if not
global $valid_user;
if(session_is_registered("valid_user"))
{
echo "<br><br><center>Logged in as $valid_user, go to your <a href='home.php'>home</a> page</center><br>";
}
else
{
// they are not logged in
echo "<br><br><center>You are not logged in- <a href='login.php'>Retry</a></center><br>";
exit;
}
}
function change_password($username, $old_password, $new_password)
// change password for username/old_password to new_password
// return true or false
{
// if old password is right, change password to new_password and return true else return false
if(login($username, $old_password))
{
if(!($conn = db_connect()))
return false;
$result = mysql_query("update users set password = '$new_password' where username = '$username'");
if(!$result)
return false; // not changed
else
return true; //changed successfully
}
else return false; // old password was strong
}
function change_username($username, $old_username, $new_username)
// change username for username/old_username to new_username
// return true or false
{
// if old username is right, change username to new_username and return true else return false
if(login($username, $old_password))
{
if(!($conn = db_connect()))
return false;
$result = mysql_query("update users set username = '$new_username' where username = '$username'");
if(!$result)
return false; // not changed
else
return true; //changed successfully
}
else return false; // old username was strong
}
function get_password($username)
{
if(!($conn = db_connect()))
return false; // not retrived
else
{
$new_password = mysql_query("select password from users where username = '$username'");
return $new_password; // successfully retrieved
}
}
function notify_password($username, $password)
{
$conn=db_connect();
if(!$conn)
return 0;
$result = mysql_query("select email from users where username='$username'");
if(!$result)
return 0; // not changed
else if (mysql_num_rows($result)==0)
return 0; // user not in db
else
{
$email = mysql_result($result, 0, "email");
$from = "From: support@PDMS \r\n";
$mesg = "Your PDMS password is $password \r\n";
if (mail($email, "PHPBookmark login information", $mesg, $from))
return 1;
else
return 0;
}
}
?>
Thi is forgot_form.php
Code: Select all
<?php
include "header1.php";
?>
<div id="content">
<div id="left" style="left: 0px; top: -5px"><br>
<ul>
<li>Enter your username : </li>
</ul>
</div>
<div id="right">
<p style="left: -1px; top: 0px"><font size="4.5px">Recover password</font></p>
<form method="post" action="forgot_password.php">
<input type="text" name="username"><br><br>
<input type="submit" name="get_password" value="Get password">
</form>
</div>
</div>
<?php
include "footer.php";
?>
This is forgot_password.php
Code: Select all
<?php
include "header1.php";
?>
<div id="content">
<?php
require("PDMS_fns.php");
if($password = get_password($username))
{
if(notify_password($username, $password))
echo "<br><br><center>Your password has been mailed to you.</center><br>";
else
echo "<br><br><center>Your password could not be mailed to you-try pressing refresh</center><br>";
}
else
echo "<br><br><center>Your password could not be retrieved-<a href='forgot_form.php'>retry</a></center><br>";
?>
</div>
<?php
include "footer.php";
?>
This is PDMS_fns.php
Code: Select all
<?php
// we can include this file in all other files, so that every file will contain all our functions
require("db_connect.php");
require("valid_fns.php");
require("user_auth_fns.php");
?>
This is db_connect.php
Code: Select all
<?php
function db_connect()
{
$result = mysql_pconnect("localhost","root","");
if(!$result)
return 0;
if(!mysql_select_db("PDMS"))
return 0;
return $result;
}
?>