Page 1 of 1

Login script written php for mysql database problem

Posted: Thu Nov 02, 2006 9:58 am
by drah
Hello my apologies if i post this in wrong category. I was given a script to help someone put a login/register script on their website and ran into a snag. When a user enters their info into username,password fields it doesnt seem to add the record to the database table but does not give an error either i am fairly new to mysql but i am trying this on my debian system using php5 and mysql 5 i believe from what i can tell just username and password fields are required to add the user and i made those tables in mysql. Here is the code if anyone can guide me in the right direction it be much apreciated.

Code: Select all

<?php 
if(isset($_POST['Submit'])){
//NEED TO CHECK IF FIELDS ARE FILLED IN
if( empty($_POST['name']) && (empty($_POST['email']))){
header("Location:Messages.php?msg=3"); 
exit();
}
if( empty($_POST['pw1']) && (empty($_POST['pw2']))){
header( "Location:Messages.php?msg=4" ); 
exit();
}
$name=$_POST['name'];
$email=$_POST['email'];

$pw1=$_POST['pw1'];
$pw2=$_POST['pw2'];

if("$pw1" !== "$pw2"  ){
header( "Location:Messages.php?msg=5" ); 
exit();
}
$ip = $_SERVER['REMOTE_ADDR'];

//connect to the db server , check if uname exist
include('config.php');
$query=("Select * from user where uname='$name'");
$result= mysql_query($query); 
$num=mysql_num_rows($result);
if ($num > 0) {//Username already exist
header( "Location:Messages.php?msg=6" ); 
exit();
}else{
//if username does not exist insert user details
$query=( "INSERT INTO user (uname, pw,email,date_joined,ip,level) VALUES ('$name',password('$pw1'),'$email',NOW(),'$ip','Normal')");
if (@mysql_query ($query)) {
header("location:login.php?reg=1");
exit;
}
}
mysql_close();
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/Auth.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>Registration</title>
<!-- InstanceEndEditable -->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!-- InstanceBeginEditable name="head" -->
<!-- InstanceEndEditable -->
<link href="styleLog.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%"  border="0" cellspacing="7" cellpadding="0">
  <tr class="temptitle">
    <td><!-- InstanceBeginEditable name="EditRegion4" -->New User Registration <!-- InstanceEndEditable --></td>
  </tr>
  <tr>
    <td><!-- InstanceBeginEditable name="EditRegion3" -->
	<form name="form1" action="register.php" method="post">
	<table width="657" border="0">
  <tr>
    <td width="122"><div align="left">Name</div></td>
    <td width="525"><input name="name" type="text" size="40"></td>
  </tr>
  <tr>
    <td><div align="left">Email</div></td>
    <td><input name="email" type="text" size="40"></td>
  </tr>
  <tr>
    <td><div align="left">Password</div></td>
    <td><input name="pw1" type="password" size="40"></td>
  </tr>
  <tr>
    <td ><div align="left">Confirm Password </div></td>
    <td><input name="pw2" type="password" size="40"></td>
  </tr>
  <tr>
    <td></td>
    <td> <input name="Submit" type="submit"></td>
  </tr>
</table>
  </form>
  <!-- InstanceEndEditable --></td>
  </tr>
  <tr>
    <td><div align="center">Copyright 2005 </div></td>
  </tr>
</table>
</body>
<!-- InstanceEnd --></html>
Thanks
Drah

Posted: Sat Nov 11, 2006 5:30 pm
by califdon
I'm surprised that nobody has answered you (maybe as PM??).

That script doesn't contain the database connection statements:

Code: Select all

//connect to the db server , check if uname exist
include('config.php');
$query=("Select * from user where uname='$name'");
$result= mysql_query($query);
$num=mysql_num_rows($result);
Perhaps 'config.php' contains the commands to connect to the server and connect to the database, but without seeing what is in config.php, I can't tell. It should look something like this:

Code: Select all

mysql_connect("[host]","[dbuser]","[password]");
mysql_select_db("[dbname]");
If you haven't yet solved the problem, post your 'config.php' script.

Posted: Sat Nov 11, 2006 6:16 pm
by aaronhall
Already connected at:

Code: Select all

//connect to the db server , check if uname exist
include('config.php');
Take the @ off of mysql_query and add this to the end:

Code: Select all

mysql_query($query) or die(mysql_error())
What is password('$pw1') in your INSERT query supposed to do?

edit: I retract my last question if it's not too late

Posted: Sat Nov 11, 2006 6:22 pm
by John Cartwright

Code: Select all

//NEED TO CHECK IF FIELDS ARE FILLED IN
if(empty($_POST['name']) && (empty($_POST['email']))){
   header("Location:Messages.php?msg=3");
   exit();
}
if(empty($_POST['pw1']) && (empty($_POST['pw2']))){
   header( "Location:Messages.php?msg=4" );
   exit();
}
Firstly lets break this down, IF $_POST['name'] IS EMPTY AND $_POST['email'] IS EMPTY, so both of them have to be empty. What if only one of them is empty. Change the && to || (or operator)

Next, try outputting $query to see what it withholds, aswell as add mysql_error() calls to the queries if they fail (as mentioned previously)