username not in database

Robbedoesie · Post by **Robbedoesie** » Wed Mar 21, 2012 8:55 pm

Hello,
i follow the register and login tutorial. Now i am testing the register site and everything works except that the username is not appear in the database. I can't find out why. The valid_credentials and the login.php page seems to be alright.
Here is the code;
user.inc.php

<?php
//bestaat de gebruikersnaam in de database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}'");
	return (mysql_result($total, 0) == '1') ? true : false;
}
//is de gebruikersnaam en paswoord combinatie correct
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}
function is_active($user){
	$user = mysql_real_escpe_string($user);
	
	$sql = "SELECT
			COUNT(`user_activations`. `user_id`)
			FROM `users`
			INNER JOIN `user_activations`
			ON `users`, `user_id` = `user_activations`,`user_id`
			WHERE `users`,`user_name` = '{$user}'";
			
	$result = mysql_query($sql);
	return (mysql_result($result, 0) == '0') ? true : false;
}
function activate_account($aid){
		$aid = mysql_real_escape_string($aid);
		
		mysql_query("DELETE FROM `user_activations` WHERE `activations_code` = '{$aid}'");
		
}
//paswoord vergeten 
function random_string($length){
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)));
	
	shuffle($charset);
	$password = array_slice($charset, 0, $length);
	return implode('', $password);
}
//voegt een gebruiker toe aan de database
function add_user($user, $email, $pass){
	$user  = mysql_real_escape_string(htmlentities($user));
	$email = mysql_real_escape_string($email);
	$pass  = sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL
	Hallo,
	dank voor het registreren, voordat je gaat inloggen is het nodig dat je je account gaat activeren.
	omdat de doen kan je gewoon op deze link klikken, http://www.robcnossen.nl/activate.php?aid={$aid}
EMAIL;
mail($email, 'je nieuwe account in robbcnossen.nl', $body, 'From: robcnossen@quicknet.nl');	
	
	mysql_query("INSERT INTO `user_system` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	$user_id = mysql_insert_id();
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activations_code`) VALUES ({$user_id}, '{$aid}')");
}

?>

login.php

<?php 
include('init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'De gebruikersnaam mag niet leeg wezen.';
	}
	if (empty($_POST['password'])){
		$errors[] = 'Het paswoord mag niet leeg zijn.';
	}
	if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
		$errors[] = 'Gebruikersnaam/paswoord zijn niet goed ingevuld.';
	}
	if (empty($errors) &&is_active($_POST['username']) === false){
		$errors[] = 'Deze account is niet geactiveerd.';
	}
	if (empty($errors)){
		if(isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
			setcookie('username', $_POST['username'], time() + 684800);
			setcookie('password', sha1($_POST['password']), time() + 684800);
		}
		$_SESSION['username'] = htmlentities($_POST['username']);
	header('location:beschermd.php');
	die();
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
<?php 
if (empty($errors) === false){
	?>
    <ul>
    <?php
		foreach ($errors as $error){
			echo"<li>{$error}</li>";
		}
	?>
   </ul>
   <?php
}else{
	echo 'Wil je je inschrijven? <a href="register.php">Schrijf je hier in</a>';
}
?>

</p>
<form action="" method="post">
	<p>
	<label for="username">Gebruikersnaam:</label>
    <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>" />
    </p>
    <p>
	<label for="password">Paswoord:</label>
    <input type="password" name="password" id="password" />
    </p>
    	<p>
        <label for="set_cookie">Onthoud mij:</label>
        <input type="checkbox" name="set_cookie" id="set_cookie" value="1" />
        </p>
    <p>
    <input type="submit" value="Login" />
    </div>
    <a href="forgot_pass.php">Paswoord vergeten? Klik hier.</a>

</body>
</html>

I hope someone can find the mistake. I can't find it.
Thanks,
Robbedoesie

Robbedoesie · Post by **Robbedoesie** » Wed Mar 21, 2012 9:03 pm

Sorry, instead of the lofin page i mean the register page.

<?php 
include('init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'De gebruikersnaam mag niet leeg zijn.';
	}
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
		$errors[] = 'De ingevulde emailadres is niet goed.';
}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'Het paswoord is niet ingevuld.';
	}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'De paswoord vereficatie was niet correct';
	}
	if (user_exists($_POST['username'])){
		$errors[] = 'De gebruikersnaam is al in gebruik';
	}
	if (empty($errors)){
		add_user($POST['username'], $_POST['email'], $_POST['password']);
		
		header('location: beschermd.php');
		die();
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
	<?php 
	if (empty($errors) === false){
	?>
    <ul>
    	<?php 
		foreach ($errors as $error){
			echo "<li>{$error}</li>";
		}
		?>
    </ul>
    <?php	
	}
	?>
	
</div>
  <form action="" method="post">
	<p>
    	<label for="username"> Gebruikersnaam;</label>
        <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>" />
    </p>
    <p>
    	<label for="email"> Email;</label>
        <input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email'])?>" />
    </p>
    <p>
    	<label for="password"> Paswoord;</label>
        <input type="password" name="password" id="password" />
    </p>
    <p>
    	<label for="password">Herhaal paswoord;</label>
        <input type="password" name="repeat_password" id="repeat_password" />
    </p>
    <p>
    	<input type="submit" value="Registreer" />
    </p>
  </form>
</body>
</html>

Post by **Temor** » Wed Mar 21, 2012 9:21 pm

In your valid credentials function you're checking to see if the plain text password matches the sha1 hashed password that you store in your database. You will have to apply the sha1() function to $pass in valid_credentials as well.

Robbedoesie · Post by **Robbedoesie** » Wed Mar 21, 2012 10:14 pm

Thanks for your quick reply.

I chanced the credentials function from

function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

to

function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = shal($pass);
	
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

Is that what you mean? It is not bring the username into the database so maybe i understand you wrong?

Post by **Temor** » Wed Mar 21, 2012 10:28 pm

yes, that's what I meant. I also noticed another error.

 add_user($POST['username'], $_POST['email'], $_POST['password']);

$_POST['username'] is missing an underscore ( _ ).

Robbedoesie · Post by **Robbedoesie** » Wed Mar 21, 2012 11:54 pm

Sharp. I haven't seen that and i looked there a lot. I thought that this would solve it but unfortunately the username refuse to go into the database.

Post by **Temor** » Thu Mar 22, 2012 12:55 am

Is the email and password being inserted?

can you show me your table structure please.

Robbedoesie · Post by **Robbedoesie** » Thu Mar 22, 2012 9:35 pm

the tablename is user_system and the tables are user_id, user_name, user_password and user_email.
The user_id, user_password and the user_email are alright, only the user_name isn't.

Robbedoesie · Post by **Robbedoesie** » Thu Mar 22, 2012 9:51 pm

Sorry, i don't know how but the username is now also inserted. I think that yesterday i maybe forgot to refresh somewhere.
I think that the missing underscore was the mistake. Thanks for helping me

Post by **Temor** » Thu Mar 22, 2012 10:35 pm

No worries. That's what I'm here for!

I'm just happy you fixed it and hope that you may have learned something.

BetterPHP

username not in database

username not in database

Re: username not in database

Re: username not in database

Re: username not in database

Re: username not in database

Re: username not in database

Re: username not in database

Re: username not in database

Re: username not in database

Re: username not in database