Php register and login

[drama22]

i Create every thing in the script but the problem when i test the register page nothing happend here is my code

Register.php

<?php
include('core/init.inc.php');
$errors = array();
if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){

if (empty($_POST['username'])){
$errors[] = 'The user name cannot be empty.';
}
if(empty($_POST['password']) || empty($_POST['repeat_pasword'])){
$errors[] = 'password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'password not the same.';
}
if (user_exists($_POST['username'])){
$errors[] = 'This user name already registered.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlspecialchars($_POST['username']);
header('Location: protected.php');
}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>
<div>
<?php
if (empty($erros)===false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
<form action="" method="post">
<p>
<label for="username">username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlspecialchars($_POST['username']);?>"/>
</p>
<p>
<label for="username">password:</label>
<input type="text" name="password" id="password" value=""/>
</p>
<p>
<label for="username">Retype Password:</label>
<input type="text" name="repeat_password" id="repeat_password" value=""/>
</p>
<p>
<input type="submit" value="register"/>
</p>

</form>

</body>

</html>

___________________________________________________

user.inc.php

<?php
// Checks if given username exists in the table
function user_exists($user){
$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT(user_id) FROM table_users WHERE username = '{$user}'");

return(mysql_result($total, 0) == '1') ? true : false;

}
// checks if the givin username and password is valid
function valid_credebtails($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT (user_id) FROM table_users WHERE username = '{$user}' AND password = '{$pass}'");
return(mysql_result($total, 0) =='1') ? true : false;

}
// adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);

mysql_query("INSERT INTO table_users (username, password) VALUES ('{$user}', '{$pass}')");
}
?>

_____________________________________________

init.inc.php

<?php
session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/',$_SERVER['SCRIPT_NAME'])), 0, -4);

if(in_array($page, $exceptions)===false){
if(isset($_SESSION['username'])===false){
header('Location: login.php');
die();
}
}
mysql_connect('localhost', 'root', '1');
mysql_select_db('table_system');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
?>

[jacek]

You misspelled errors on this line

if (empty($erros)===false){

That might be causing what ever the error is to be hidden ?

[Temor]

that error would probably be

password cannot be empty.

if(empty($_POST['password']) || empty($_POST['repeat_pasword'])){

You missed an S in repeat_password.

[drama22]

thank you for replay, well i remove that line ?

[drama22]

that error would probably be

password cannot be empty.

if(empty($_POST['password']) || empty($_POST['repeat_pasword'])){

You missed an S in repeat_password.

aww thanks you got me

[drama22]

but i still get the same problem nothing happend in page even it didnt show any errors just submit and i get the same page

[drama22]

You misspelled errors on this line

if (empty($erros)===false){

That might be causing what ever the error is to be hidden ?

I remove that line

<?php
if (empty($erros) === false){
?>

and the problem is fixed ,, bit this will effect on security or somthing ?

[Temor]

that is a very crucial piece of code that you need. If you don't have that, you won't show any errors that occur. Just fix the typo. It's spelled errors, not erros.

[drama22]

that is a very crucial piece of code that you need. If you don't have that, you won't show any errors that occur. Just fix the typo. It's spelled errors, not erros.

Thxxxxxxxxxxxxxxxxx you got my errors Broo , but now one more problem i get this error in login.php

and this is the user.inc.php content

<?php
// Checks if given username exists in the table
function user_exists($user){
$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `tbl_users` WHERE `username` = '{$user}'");

return(mysql_result($total, 0) == '1') ? true : false;

}
// checks if the givin username and password is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT (user_id) FROM `tbl_users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);

mysql_query("INSERT INTO `tbl_users` (`username`, `password`) VALUES ('{$user}', '{$pass}')");

}
?>

_________________________________

login.php

<?php

include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'username / password incorrect';
}
if (empty($errors)){
$_SESSION['username'] = htmlspecialchars($_POST['username']);

header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>
<p>
need account ? <a href="register.php">Register Here </a>
</p>
<form action="" method="post">
<p>
<label>username : </label>
<input type="text" name="username" id="username"/>
</p>
<p>
<label>password : </label>
<input type="password" name="password" id="password"/>
</p>

<input type="submit" value="Login" />

</form>

</body>

</html>

i fix the problem but i always get wrong username or pass when i login

[Temor]

If you add

echo mysql_error();

under the query that is failing, it usually tells you what's wrong.

$total = mysql_query("SELECT COUNT (user_id) FROM `tbl_users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
echo mysql_error();
return (mysql_result($total, 0) == '1') ? true : false;

In this case, it has something to do with this part:

SELECT COUNT (user_id) FROM 

[drama22]

If you add

echo mysql_error();

under the query that is failing, it usually tells you what's wrong.

$total = mysql_query("SELECT COUNT (user_id) FROM `tbl_users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
echo mysql_error();
return (mysql_result($total, 0) == '1') ? true : false;

In this case, it has something to do with this part:

SELECT COUNT (user_id) FROM 

yes bro the problem was there is space between COUNT (user_id) should be COUNT(user_id) but my problem now i cant login i get always wrong username / password

Problem Fixed Thanks Bro

[Temor]

Glad you fixed it