BetterPHP

The non-existent community
https://betterphp.co.uk/board/

username not in database

https://betterphp.co.uk/board/viewtopic.php?t=1542

Page 1 of 1

username not in database

Posted: Wed Mar 21, 2012 8:55 pm
by Robbedoesie
Hello,
i follow the register and login tutorial. Now i am testing the register site and everything works except that the username is not appear in the database. I can't find out why. The valid_credentials and the login.php page seems to be alright.
Here is the code;
user.inc.php 
<?php
//bestaat de gebruikersnaam in de database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}'");
	return (mysql_result($total, 0) == '1') ? true : false;
}
//is de gebruikersnaam en paswoord combinatie correct
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}
function is_active($user){
	$user = mysql_real_escpe_string($user);
	
	$sql = "SELECT
			COUNT(`user_activations`. `user_id`)
			FROM `users`
			INNER JOIN `user_activations`
			ON `users`, `user_id` = `user_activations`,`user_id`
			WHERE `users`,`user_name` = '{$user}'";
			
	$result = mysql_query($sql);
	return (mysql_result($result, 0) == '0') ? true : false;
}
function activate_account($aid){
		$aid = mysql_real_escape_string($aid);
		
		mysql_query("DELETE FROM `user_activations` WHERE `activations_code` = '{$aid}'");
		
}
//paswoord vergeten 
function random_string($length){
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)));
	
	shuffle($charset);
	$password = array_slice($charset, 0, $length);
	return implode('', $password);
}
//voegt een gebruiker toe aan de database
function add_user($user, $email, $pass){
	$user  = mysql_real_escape_string(htmlentities($user));
	$email = mysql_real_escape_string($email);
	$pass  = sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL
	Hallo,
	dank voor het registreren, voordat je gaat inloggen is het nodig dat je je account gaat activeren.
	omdat de doen kan je gewoon op deze link klikken, http://www.robcnossen.nl/activate.php?aid={$aid}
EMAIL;
mail($email, 'je nieuwe account in robbcnossen.nl', $body, 'From: robcnossen@quicknet.nl');	
	
	mysql_query("INSERT INTO `user_system` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	$user_id = mysql_insert_id();
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activations_code`) VALUES ({$user_id}, '{$aid}')");
}

?>
login.php 
<?php 
include('init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'De gebruikersnaam mag niet leeg wezen.';
	}
	if (empty($_POST['password'])){
		$errors[] = 'Het paswoord mag niet leeg zijn.';
	}
	if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
		$errors[] = 'Gebruikersnaam/paswoord zijn niet goed ingevuld.';
	}
	if (empty($errors) &&is_active($_POST['username']) === false){
		$errors[] = 'Deze account is niet geactiveerd.';
	}
	if (empty($errors)){
		if(isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
			setcookie('username', $_POST['username'], time() + 684800);
			setcookie('password', sha1($_POST['password']), time() + 684800);
		}
		$_SESSION['username'] = htmlentities($_POST['username']);
	header('location:beschermd.php');
	die();
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
<?php 
if (empty($errors) === false){
	?>
    <ul>
    <?php
		foreach ($errors as $error){
			echo"<li>{$error}</li>";
		}
	?>
   </ul>
   <?php
}else{
	echo 'Wil je je inschrijven? <a href="register.php">Schrijf je hier in</a>';
}
?>

</p>
<form action="" method="post">
	<p>
	<label for="username">Gebruikersnaam:</label>
    <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>" />
    </p>
    <p>
	<label for="password">Paswoord:</label>
    <input type="password" name="password" id="password" />
    </p>
    	<p>
        <label for="set_cookie">Onthoud mij:</label>
        <input type="checkbox" name="set_cookie" id="set_cookie" value="1" />
        </p>
    <p>
    <input type="submit" value="Login" />
    </div>
    <a href="forgot_pass.php">Paswoord vergeten? Klik hier.</a>

</body>
</html>
I hope someone can find the mistake. I can't find it.
Thanks,
Robbedoesie

Re: username not in database

Posted: Wed Mar 21, 2012 9:03 pm
by Robbedoesie
Sorry, instead of the lofin page i mean the register page. 
<?php 
include('init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'De gebruikersnaam mag niet leeg zijn.';
	}
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
		$errors[] = 'De ingevulde emailadres is niet goed.';
}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'Het paswoord is niet ingevuld.';
	}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'De paswoord vereficatie was niet correct';
	}
	if (user_exists($_POST['username'])){
		$errors[] = 'De gebruikersnaam is al in gebruik';
	}
	if (empty($errors)){
		add_user($POST['username'], $_POST['email'], $_POST['password']);
		
		header('location: beschermd.php');
		die();
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
	<?php 
	if (empty($errors) === false){
	?>
    <ul>
    	<?php 
		foreach ($errors as $error){
			echo "<li>{$error}</li>";
		}
		?>
    </ul>
    <?php	
	}
	?>
	
</div>
  <form action="" method="post">
	<p>
    	<label for="username"> Gebruikersnaam;</label>
        <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>" />
    </p>
    <p>
    	<label for="email"> Email;</label>
        <input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email'])?>" />
    </p>
    <p>
    	<label for="password"> Paswoord;</label>
        <input type="password" name="password" id="password" />
    </p>
    <p>
    	<label for="password">Herhaal paswoord;</label>
        <input type="password" name="repeat_password" id="repeat_password" />
    </p>
    <p>
    	<input type="submit" value="Registreer" />
    </p>
  </form>
</body>
</html>

Re: username not in database

Posted: Wed Mar 21, 2012 9:21 pm
by Temor
In your valid credentials function you're checking to see if the plain text password matches the sha1 hashed password that you store in your database. You will have to apply the sha1() function to $pass in valid_credentials as well.

Re: username not in database

Posted: Wed Mar 21, 2012 10:14 pm
by Robbedoesie
Thanks for your quick reply.

I chanced the credentials function from 
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}
to 
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = shal($pass);
	
	$total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}
Is that what you mean? It is not bring the username into the database so maybe i understand you wrong?

Re: username not in database

Posted: Wed Mar 21, 2012 10:28 pm
by Temor
yes, that's what I meant. I also noticed another error. 
 add_user($POST['username'], $_POST['email'], $_POST['password']);
$_POST['username'] is missing an underscore ( _ ).

Re: username not in database

Posted: Wed Mar 21, 2012 11:54 pm
by Robbedoesie
Sharp. I haven't seen that and i looked there a lot. I thought that this would solve it but unfortunately the username refuse to go into the database.

Re: username not in database

Posted: Thu Mar 22, 2012 12:55 am
by Temor
Is the email and password being inserted?

can you show me your table structure please.

Re: username not in database

Posted: Thu Mar 22, 2012 9:35 pm
by Robbedoesie
the tablename is user_system and the tables are user_id, user_name, user_password and user_email.
The user_id, user_password and the user_email are alright, only the user_name isn't.

Re: username not in database

Posted: Thu Mar 22, 2012 9:51 pm
by Robbedoesie
Sorry, i don't know how but the username is now also inserted. I think that yesterday i maybe forgot to refresh somewhere.
I think that the missing underscore was the mistake. Thanks for helping me

Re: username not in database

Posted: Thu Mar 22, 2012 10:35 pm
by Temor
No worries. That's what I'm here for! :)

I'm just happy you fixed it and hope that you may have learned something.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited