Login/register tutorial

[Zagzag112]

hello ,i've been practicing php for 2 weeks now and i'm having a problem with my php in the register login tutorial! and I can't sleep because it bugs me ! so please help.I can't find what's wrong.

When I put the user_exists function in the register.php file and make the error , it doesnt tell me user already exists or when i use the add_user function its not working like my php is not connecting to my database.


user.inc.php

<?php 
// checks if given username exists
function user_exists($user){
    $user=mysql_real_escape_string($user);
    
   $total= mysql_query("SELECT COUNT ('user_id') FROM 'users' WHERE 'user_name'='{$user}'");
   return(mysql_result($total,0)== '1')? true: false;
    
    
    
    
}
//checks if given username and combination is valid
function valid_combination($user,$pass){
    $user=mysql_real_escape_string($user);
     $pass=md5($pass);
  $total=mysql_query("SELECT COUNT ('user_id') FROM 'users' WHERE 'user_name' = '{$user}' AND 'user_password' = '{$pass}'");
    return(mysql_result($total,0)== '1')? true: false;
    
}
//adds user to database
function add_user ($user,$pass){
 $user=mysql_real_escape_string(htmlentities($user));
 $pass=md5($pass);
 mysql_query("INSERT INTO 'users' ('user_name' , 'user_password') VALUES ( '{$user}', '{$pass}')" );
}
?>

register.php

<?php 
include('init.inc.php');
$errors=array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeate_password'])){
    if(empty($_POST['user_name']))
   $errors[]='username cannot be empty </br>';
    
    if(empty($_POST['password']) || empty($_POST['repeate_password'])){
        $errors[]='password cannot be empty';
        
    }
}
    if($_POST['password'] !== $_POST['repeate_password']){
        $errors[]='passwords do not match';
        
    }   
   
if(user_exists($_POST['username'])){
     $errors[]='username already exists';
    
    

if(empty($errors)){
    add_user($_POST['username'], $_POST['password']);
    $_SESSION['username']=htmlentities($_POST['username']);
    header('Location: protected.php');
    die();
    }
    
   }

?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<meta name="author" content="alihamie" />

	<title>Untitled 6</title>
</head>

<body>
<p>
<div>
<?php
if (empty($errors)=== false){
    
    
    
}
?>
<ul>
<?php
foreach($errors as $error){
    echo "<li>{$error}</li>";
    
}
?>
</ul>
<?php

?>
</div>


</p>
<form action="" method="post">
<p>  
<label for="username"> username:</label>
<input  type="text" name="username" id="username"/>
</p>
<p>
<label for="Password">Password:</label>
<input  type="password" name="password" id="password"/>
</p>
<p>
<label for="repeate_password">Repeate password:</label>
<input type="password" name="repeate_password" id="repeate password" />
</p>
<p>
<input type="submit" value="Register"/>
</p>

</body>
</html>

init.inc.php

<?php

session_start();
$exceptions=array('register','login');
$page=substr(end(explode('/',$_SERVER['SCRIPT_NAME'])),0,-4);

if(in_array($page,$exceptions)=== false){
   if(isset($_SESSION['username'])=== false){
    header('location:login.php');
    die();
  }
}
mysql_connect('$server','$usernamee','$password');
mysql_select_db('user_system');

include('user.inc.php');
?>

[jacek]

The quotes around your column and table names should be backticks, so

SELECT COUNT ('user_id') FROM 'users' WHERE 'user_name'='{$user}'

should be

SELECT COUNT (`user_id`) FROM `users` WHERE `user_name` = '{$user}'

[Zagzag112]

Hey thanks a lot really ,but i'm still having the same problem after i corrected it ...

function user_exists($user){
    $user=mysql_real_escape_string($user);
    
   $total= mysql_query(" SELECT COUNT (`user_id`) FROM `users` WHERE `user_name` = '{$user}'
");
   return(mysql_result($total,0)== '1')? true: false;
    
    
    
    
}
//checks if given username and combination is valid
function valid_combination($user,$pass){
    $user=mysql_real_escape_string($user);
     $pass=cha1($pass);
  $total=mysql_query("SELECT COUNT (`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
    return(mysql_result($total,0)== '1')? true: false;
    
}
//adds user to database
function add_user ($user,$pass){
 $user=mysql_real_escape_string(htmlentities($user));
 $pass=md5($pass);
 mysql_query("INSERT INTO `users` (`user_name` , `user_password`) VALUES ( '{$user}', '{$pass}')" );

[jacek]

You might need to remove the space after COUNT, since it's a function.

If you add

echo mysql_error();

after you call the function it should show up exactly what the problem is.

[Zagzag112]

IT WORKED! I I know we should be calm on these forums and stuff but i thing I LOVE U! haha thanks a lot
i still have a problem with my add_user function which i cant find out

In user.inc.php

function add_user ($user,$pass){
 $user=mysql_real_escape_string(htmlentities($user));
 $pass=md5($pass);
 mysql_query("INSERT INTO `users` (`user_name` , `user_password`) VALUES( '{$user}', '{$pass}')" );
echo mysql_error();
}

in register.php

if(empty($errors)){
    add_user($_POST['username'], $_POST['password']);
    
    $_SESSION['username']=htmlentities($_POST['username']);
    header('Location: protected.php');
    die();
    }
    
   }

[Temor]

you spelled sha1 wrong.
and you're inserting an md5 encrypted password in the database when you're adding the user, and then you're checking to see if a sha1 encryption matches in the valid combination function.

you should also remove the space between add_user and ($user,$pass)

[Zagzag112]

I did what u told me and still its not working

function add_user($user,$pass){
 $user=mysql_real_escape_string(htmlentities($user));
 $pass=sha1($pass);
 mysql_query("INSERT INTO `users`(`user_name` , `user_password`) VALUES( '{$user}','{$pass}')" );
echo mysql_error();


}

[jacek]

$pass=cha1($pass);

Should have given a fatal error, maybe make sure that your server has error_reporting turned on ?

[Zagzag112]

and i do that by switching display_error= off in the php.ini ?
i have it off since i followed ur tutorial on it but i still dont get errors ! this add_user function is frustrating me i mean I re-did all the php 3 times and still stuck with the same problem
am gonna post all the files i have again

protectced.php

<?php include('init.inc.php');      ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<meta name="author" content="alihamie" />

	<title>Untitled 3</title>
</head>

<body>
<p>
 YOU ARE LOGGED IN AS <?php ?>
</p>
</body>
</html>

init.inc.php

<?php

session_start();
$exceptions=array('register','login');
$page=substr(end(explode('/',$_SERVER['SCRIPT_NAME'])),0,-4);

if(in_array($page,$exceptions)=== false){
   if(isset($_SESSION['username'])=== false){
    header('location:login.php');
    die();
  }
}
$connection=mysql_connect('$server','$username','$passwoord');
mysql_select_db('user_system');

$path=dirname(_FILE_);
include("$path/user.inc.php");
?>

register.php

<?php 
include('init.inc.php');
$errors=array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeate_password'])){
    if(empty($_POST['username']))
   $errors[]='username cannot be empty </br>';
    
    if(empty($_POST['password']) || empty($_POST['repeate_password'])){
        $errors[]='password cannot be empty';
        
    }
}
    if($_POST['password'] !== $_POST['repeate_password']){
        $errors[]='passwords do not match';
        
    }   
   
if(user_exists($_POST['username'])){
     $errors[]='username already exists';
    
    

if(empty($errors)){
    add_user($_POST['username'], $_POST['password']);
    
  $_SESSION['username']=htmlentities($_POST['username']);
    header('Location: protected.php');
    die();
    }
    
   }

?>




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<meta name="author" content="alihamie" />

	<title>Untitled 6</title>
</head>

<body>
<p>
<div>
<?php
if (empty($errors)=== false){
    
    
    
}
?>
<ul>
<?php
foreach($errors as $error){
    echo "<li>{$error}</li>";
    
}
?>
</ul>
<?php

?>
</div>


</p>
<form action="" method="post">
<p>  
<label for="username"> username:</label>
<input  type="text" name="username" id="username"/>
</p>
<p>
<label for="Password">Password:</label>
<input  type="password" name="password" id="password"/>
</p>
<p>
<label for="repeate_password">Repeate password:</label>
<input type="password" name="repeate_password" id="repeate password" />
</p>
<p>
<input type="submit" value="Register"/>
</p>

</body>
</html>

logout.php
[syntax=php]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<meta name="author" content="alihamie" />

	<title>Untitled 5</title>
</head>

<body>



</body>
</html>

login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<meta name="author" content="alihamie" />

	<title>Untitled 4</title>
</head>

<body>

<p>need account? <a href="register.php"> Register HERE </a>       </p>
<form action="" method="post"> 
<p>
<label for="username">username:</label> 
<input type="text"  name="email" id="email"/>
</p>
<p>
<label for="Password">Password:</label>
<input type="text" name="password" id="password" />
</p>
<input type="submit" name="login" value="Login" />





</body>
</html>

user.inc.php

<?php 




function user_exists($user){
  
    $user=mysql_real_escape_string($user);
    
   $total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'
");    echo mysql_error();

   return(mysql_result($total,0)== '1')? true: false;
    
    
    
    
}
//checks if given username and combination is valid
function valid_combination($user,$pass){
    $user=mysql_real_escape_string($user);
     $pass=cha1($pass);
  $total=mysql_query("SELECT COUNT (`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
    return(mysql_result($total,0)== '1')? true: false;
    
}
//adds user to database
function add_user($user,$pass){
 $user=mysql_real_escape_string(htmlentities($user));
 $pass=sha1($pass);
 mysql_query("INSERT INTO `users`(`user_name` , `user_password`) VALUES( '{$user}','{$pass}')" );
echo mysql_error();


}







?>

[Temor]

you still have a typo at line 22 in user.inc.php

cha1 should be sha1

you should also remove the space after COUNT in the $total query.


to turn error reporting on, go into your php.ini and set error_reporting = E_ALL

Let us know what happens after that.

[Zagzag112]

I corrected the typo and the space and set the error_reporting was E_ALL and am still getting no errors and the function is still not working! i dont know what else to do does using localhost affect anything or having all the .php in htdocs?

[jacek]

I re-did all the php 3 times and still stuck with the same problem

This is the wrong way to try and fix the problem, even if you got it working you would not know why. And that is the experience that you need to learn.

There is most likely some error being hidden still, if you are working on a local server,

In your php.ini file set error_reporting to E_ALL and and display_errors to On, you will need to restart your sever before it has any effect too.

Try that, and see if you get any errors.

[Zagzag112]

I think i did something and heres what i got , i got this when i pressed run using php designer

Notice: Undefined index: SCRIPT_NAME in C:\xampp\htdocs\init.inc.php on line 5 Call Stack: 0.0014 334944 1. {main}() C:\xampp\htdocs\register.php:0 0.0018 343456 2. include('C:\xampp\htdocs\init.inc.php') C:\xampp\htdocs\register.php:3

and then i used an online server and it says this
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /hermes/bosweb/web069/b691/nf.compraporpanama/public_html/contactaloya.com/register.php:2) in /hermes/bosweb/web069/b691/nf.compraporpanama/public_html/contactaloya.com/init.inc.php on line 3

[jacek]

Right, ignore the first one for now let's look at

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /hermes/bosweb/web069/b691/nf.compraporpanama/public_html/contactaloya.com/register.php:2) in /hermes/bosweb/web069/b691/nf.compraporpanama/public_html/contactaloya.com/init.inc.php on line 3

The problem is that the session_start() function needs to send headers to set the session cookie. Headers can only be sent before output form the script has begun. Which is what the error says.

It tells you that the session tried to start in init.inc.php on line 3 and the output that caused it to fail was in register.php on line 2

So my guess, you have a blank line before the init.inc.php file is included in your register.php file ?

[Zagzag112]

there was a space yes so now i'm not getting any error but still its not inserting the registration into the database

[Temor]

in init.inc.php you're misspelling the __FILE__ constant.
It should have two underscores ( __ ) on each side, like this:

$path = dirname(__FILE__);

[Zagzag112]

I had so many mistakes i'm ashamed of myself! and yeah i corrected that and still the registration is not going to the database..
maybe i'll try to find another way to do it.

[Tino]

It looks like you might be messing up with the curly braces on register.php. This could potentially lead to some logic errors rather than, for example, syntax errors.

As a rule of thumb, always use two curly braces rather than none, even if there's only a single line after an if statement. So use two curly braces everywhere, and perhaps that will fix up your problem.

[jacek]

It looks like you might be messing up with the curly braces on register.php. This could potentially lead to some logic errors rather than, for example, syntax errors.

Good spot !

Properly indented it looks like this

if (isset($_POST['username'], $_POST['password'], $_POST['repeate_password'])){
	if(empty($_POST['username']))
		$errors[]='username cannot be empty </br>';
	
	if(empty($_POST['password']) || empty($_POST['repeate_password'])){
		$errors[]='password cannot be empty';
	}
}

if($_POST['password'] !== $_POST['repeate_password']){
	$errors[]='passwords do not match';
}  

if(user_exists($_POST['username'])){
	$errors[]='username already exists';

	if(empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		$_SESSION['username']=htmlentities($_POST['username']);
		header('Location: protected.php');
		die();
	}
}