Register and Login Tutorial problems

robbrazier · Post by **robbrazier** » Sat Jun 23, 2012 5:26 pm

First off, I am wrapping the login/register/user management code with twitter bootstrap, if that makes any difference. I am not sure what is wrong really, but the register and login pages won't show

Here are all of the files used:

Before the login and register pages wouldn't show, users were not added to the database, and you were unable to log in, is that because I am using localhost instead of 127.0.0.1?

init.inc.php

<?php

session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'coolrob1_grange', '*hidden*');
mysql_select_db('coolrob1_grange');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

user.inc.php

<?php

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//checks if the given username and password combination is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}' AND 'password' = '{$pass}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//adds a user to the database
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('{$user}', '{$pass}')");
}
?>

login.php

<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if (empty($errors) && valid_credentials($_POST['username'], $_POST['password']) == false){
		$errors[] = 'Username / Password incorrect';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
    <div class="container">
    	<h1>Login</h1>
    	<br/>
    	<div>
    		<?php
    		
    		if (empty($errors) === false){
	    		?>
	    		<ul>
	    		<?php
	    		foreach ($errors as $error{
		    		echo "<li>{$error}</li>";
	    		)
	    		?>
	    		</ul>
	    		<?php
    		}else{
	    		echo 'Need an Account? <a href="register.php">Register here</a>';
    		}
	    	
	    	?>
    	</div>
    	
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<input type="submit" value="Login" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include 'core/footer.php'; ?>

logout.php

<?php 

session_start();

$_SESSION = array();

session_destroy();

header('Location: user.php');

?>

register.php

<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['[password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Passwords must match';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username is already taken';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
   <div>
   	<?php
   
	   	if (empty(errors) === false){
		   	?>
		   <ul>
		   	<?php
		   	
		   	foreach ($errors as $error){
		   		echo "<li>{$error}</li>"	
		   	}
		   	?>
		   </ul>
		   <?php
	   	}
   
   	?>
   </div>
   
    <div class="container">
    <h1>Register</h1>
    <br/>
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<label for="repeat_password">Repeat Password:</label>
 		   		<input type="password" name="repeat_password" id="repeat_password" />
    		</p>

    		<p>	<input type="submit" value="Register" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include 'core/footer.php'; ?>

The live site is at http://grange.robbrazier.com (just lorem ipsum so far

)
I put all of the pages in the nav bar for ease of access temporarily

Post by **jacek** » Sat Jun 23, 2012 7:08 pm

Looks pretty much fine at first glance, the only thing I noticed was that this

if (empty(errors) === false){

should be this

if (empty($errors) === false){

robbrazier wrote: is that because I am using localhost instead of 127.0.0.1?

No they usually mean the exact same thing. If you added

die(mysql_error());

after the INSERT it would probably tell you what the problem was though.

robbrazier wrote: but the register and login pages won't show

That's odd

What do you mean by show ? What happens instead ?

robbrazier · Post by **robbrazier** » Sat Jun 23, 2012 8:06 pm

jacek wrote:That's odd What do you mean by show ? What happens instead ?

I just see a white screen with safari, and chrome says

The website encountered an error while retrieving http://grange.robbrazier.com/login.php. It may be down for maintenance or configured incorrectly.

so there's not really much space for seeing a mysql error. I've replaced

 if (empty($errors) === false){

though, but no avail as of yet

EDIT: I just checked the error log, and it's saying got various parse errors:

PHP Parse error: syntax error, unexpected ')', expecting T_PAAMAYIM_NEKUDOTAYIM in /home2/***/public_html/robbrazier.com/grange/register.php on line 38

PHP Parse error: syntax error, unexpected T_ECHO in /home2/***/public_html/robbrazier.com/grange/login.php on line 40.php on line 40

PHP Parse error: syntax error, unexpected '}', expecting ',' or ';' in /home2/***/public_html/robbrazier.com/grange/register.php on line 45

but those errors stopped being logged 7 hours ago, so i'm not sure what's wrong now

EDIT 2: Now the index.php is redirecting to login.php

Post by **jacek** » Sun Jun 24, 2012 1:26 pm

Well a white screen usually means that there are errors being hidden, which you seem to have found in the error log. They don't seem to match up with the code though so the best thing to do would be to make sure your error_reporting setting is set to E_ALL and display_errors is set to On. That will make sure that any errors show on the screen.

The code must have changed since your first post, so can you post the updated code and any errors that appear ?

Post by **Temor** » Sun Jun 24, 2012 2:07 pm

You have a typo on line 5 in register.php

 $_POST['[password'],

robbrazier · Post by **robbrazier** » Sun Jun 24, 2012 4:13 pm

Here's the updated code:
init.inc.php

<?php

session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'coolrob1_grange', '*hidden*');
mysql_select_db('coolrob1_grange');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

user.inc.php

<?php

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//checks if the given username and password combination is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}' AND 'password' = '{$pass}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//adds a user to the database
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('{$user}', '{$pass}')");
}
?>

login.php

<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if (empty($errors) && valid_credentials($_POST['username'], $_POST['password']) == false){
		$errors[] = 'Username / Password incorrect';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
    <div class="container">
    	<h1>Login</h1>
    	<br/>
    	<div>
    		<?php
    		
    		if (empty($errors) === false){
	    		?>
	    		<ul>
	    		<?php
	    		foreach ($errors as $error{
		    		echo "<li>{$error}</li>";
	    		)
	    		?>
	    		</ul>
	    		<?php
    		}else{
	    		echo 'Need an Account? <a href="register.php">Register here</a>';
    		}
	    	
	    	?>
    	</div>
    	
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<input type="submit" value="Login" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include 'core/footer.php'; ?>

logout.php

<?php 

session_start();

$_SESSION = array();

session_destroy();

header('Location: user.php');

?>

register.php

<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Passwords must match';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username is already taken';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
   <div>
   	<?php
   
	   	if (empty($errors) === false){
		   	?>
		   <ul>
		   	<?php
		   	
		   	foreach ($errors as $error){
		   		echo "<li>{$error}</li>";
		   	?>
		   </ul>
		   <?php
	   	}
   
   	?>
   </div>
   
    <div class="container">
    <h1>Register</h1>
    <br/>
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<label for="repeat_password">Repeat Password:</label>
 		   		<input type="password" name="repeat_password" id="repeat_password" />
    		</p>

    		<p>	<input type="submit" value="Register" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include('core/footer.php'); ?>

(with corrected typo, thanks Temor)

user.php

<?php include('core/init.inc.php'); ?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
    <div class="container">
    
    <p>
    	You are logged in as <?php echo $_SESSION['username']; ?>
    </p>
    
    <p>
    	<a href="logout.php">Logout</a>
    </p>
         
    </div>

<?php include 'core/footer.php'; ?>

I set display_errors to On, and it's saying

login.php wrote:Parse error: syntax error, unexpected T_ECHO in /home2/coolrob1/public_html/robbrazier.com/grange/login.php on line 40

which is echoing the error:

echo "<li>{$error}</li>";

also, there is another error:

register.php wrote:Parse error: syntax error, unexpected $end in /home2/coolrob1/public_html/robbrazier.com/grange/register.php on line 74

This may be something todo with the footer include, however that is all html, so i'm not sure how that would show an unexpected $end?

footer.php

    </div><!--/.fluid-container-->

    <!-- Le javascript
    ================================================== -->
    <!-- Placed at the end of the document so the pages load faster -->
    <script src="assets/js/jquery.js"></script>
    <script src="assets/js/bootstrap-transition.js"></script>
    <script src="assets/js/bootstrap-alert.js"></script>
    <script src="assets/js/bootstrap-modal.js"></script>
    <script src="assets/js/bootstrap-dropdown.js"></script>
    <script src="assets/js/bootstrap-scrollspy.js"></script>
    <script src="assets/js/bootstrap-tab.js"></script>
    <script src="assets/js/bootstrap-tooltip.js"></script>
    <script src="assets/js/bootstrap-popover.js"></script>
    <script src="assets/js/bootstrap-button.js"></script>
    <script src="assets/js/bootstrap-collapse.js"></script>
    <script src="assets/js/bootstrap-carousel.js"></script>
    <script src="assets/js/bootstrap-typeahead.js"></script>

  </body>
</html>

(I'm turning off display_errors now)

Post by **jacek** » Mon Jun 25, 2012 12:23 am

robbrazier wrote:so i'm not sure how that would show an unexpected $end?

Unexpected $end is an awkward one, $end is actually the end of file. It usually means you have opened a block with { and never closed it with a } It will be in the register.php file too.

robbrazier wrote:(I'm turning off display_errors now)

Don't do that, it will make debugging problems impossible !

Post by **Temor** » Mon Jun 25, 2012 6:20 am

There is a parentheses missing on line 39 login.php
And your problem in register.php is with the loop on line 43.

robbrazier · Post by **robbrazier** » Tue Jun 26, 2012 8:59 pm

The weird thing about the unexpected $end is that no matter what I do, it always says there is the unexpected $end on the last line of login.php and register.php
Also, what's wrong with the foreach loop? I checked php.net and they don't have curly brackets around the variable, so I tried removing the brackets, so it's

echo "<li> $error </li>";

instead of

echo "<li>{$error}</li>";

Post by **Temor** » Tue Jun 26, 2012 10:11 pm

you're never closing the foreach loop in register.php. it has an opening curly bracket ( { } ) but no closing one.

BetterPHP

Register and Login Tutorial problems

Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems

Re: Register and Login Tutorial problems