Page 1 of 1

Php register and login

Posted: Wed May 30, 2012 9:58 am
by drama22
i Create every thing in the script but the problem when i test the register page nothing happend here is my code

Register.php
<?php
include('core/init.inc.php');
$errors = array();
if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){

if (empty($_POST['username'])){
$errors[] = 'The user name cannot be empty.';
}
if(empty($_POST['password']) || empty($_POST['repeat_pasword'])){
$errors[] = 'password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'password not the same.';
}
if (user_exists($_POST['username'])){
$errors[] = 'This user name already registered.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlspecialchars($_POST['username']);
header('Location: protected.php');
}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>
<div>
<?php
if (empty($erros)===false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
<form action="" method="post">
<p>
<label for="username">username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlspecialchars($_POST['username']);?>"/>
</p>
<p>
<label for="username">password:</label>
<input type="text" name="password" id="password" value=""/>
</p>
<p>
<label for="username">Retype Password:</label>
<input type="text" name="repeat_password" id="repeat_password" value=""/>
</p>
<p>
<input type="submit" value="register"/>
</p>

</form>

</body>

</html>




___________________________________________________

user.inc.php
<?php
// Checks if given username exists in the table
function user_exists($user){
$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT(user_id) FROM table_users WHERE username = '{$user}'");

return(mysql_result($total, 0) == '1') ? true : false;

}
// checks if the givin username and password is valid
function valid_credebtails($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT (user_id) FROM table_users WHERE username = '{$user}' AND password = '{$pass}'");
return(mysql_result($total, 0) =='1') ? true : false;

}
// adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);

mysql_query("INSERT INTO table_users (username, password) VALUES ('{$user}', '{$pass}')");
}
?>

_____________________________________________

init.inc.php
<?php
session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/',$_SERVER['SCRIPT_NAME'])), 0, -4);

if(in_array($page, $exceptions)===false){
if(isset($_SESSION['username'])===false){
header('Location: login.php');
die();
}
}
mysql_connect('localhost', 'root', '1');
mysql_select_db('table_system');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
?>

Re: Php register and login

Posted: Wed May 30, 2012 1:22 pm
by jacek
You misspelled errors on this line
if (empty($erros)===false){
That might be causing what ever the error is to be hidden ?

Re: Php register and login

Posted: Wed May 30, 2012 1:36 pm
by Temor
that error would probably be
password cannot be empty.
if(empty($_POST['password']) || empty($_POST['repeat_pasword'])){
You missed an S in repeat_password.

Re: Php register and login

Posted: Wed May 30, 2012 1:39 pm
by drama22
thank you for replay, well i remove that line ?

Re: Php register and login

Posted: Wed May 30, 2012 1:41 pm
by drama22
Temor wrote:that error would probably be
password cannot be empty.
if(empty($_POST['password']) || empty($_POST['repeat_pasword'])){
You missed an S in repeat_password.
aww thanks you got me

Re: Php register and login

Posted: Wed May 30, 2012 1:42 pm
by drama22
but i still get the same problem nothing happend in page even it didnt show any errors just submit and i get the same page

Re: Php register and login

Posted: Wed May 30, 2012 1:50 pm
by drama22
jacek wrote:You misspelled errors on this line
if (empty($erros)===false){
That might be causing what ever the error is to be hidden ?
I remove that line

<?php
if (empty($erros) === false){
?>

and the problem is fixed ,, bit this will effect on security or somthing ?

Re: Php register and login

Posted: Wed May 30, 2012 7:44 pm
by Temor
that is a very crucial piece of code that you need. If you don't have that, you won't show any errors that occur. Just fix the typo. It's spelled errors, not erros.

Re: Php register and login

Posted: Thu May 31, 2012 1:58 am
by drama22
Temor wrote:that is a very crucial piece of code that you need. If you don't have that, you won't show any errors that occur. Just fix the typo. It's spelled errors, not erros.
Thxxxxxxxxxxxxxxxxx you got my errors Broo , but now one more problem i get this error in login.php

and this is the user.inc.php content
<?php
// Checks if given username exists in the table
function user_exists($user){
$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `tbl_users` WHERE `username` = '{$user}'");

return(mysql_result($total, 0) == '1') ? true : false;

}
// checks if the givin username and password is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT (user_id) FROM `tbl_users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlspecialchars($user));
$pass = sha1($pass);

mysql_query("INSERT INTO `tbl_users` (`username`, `password`) VALUES ('{$user}', '{$pass}')");

}
?>
_________________________________

login.php
<?php

include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'username / password incorrect';
}
if (empty($errors)){
$_SESSION['username'] = htmlspecialchars($_POST['username']);

header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>
<p>
need account ? <a href="register.php">Register Here </a>
</p>
<form action="" method="post">
<p>
<label>username : </label>
<input type="text" name="username" id="username"/>
</p>
<p>
<label>password : </label>
<input type="password" name="password" id="password"/>
</p>

<input type="submit" value="Login" />

</form>

</body>

</html>
i fix the problem but i always get wrong username or pass when i login

Re: Php register and login

Posted: Thu May 31, 2012 5:08 am
by Temor
If you add
echo mysql_error();
under the query that is failing, it usually tells you what's wrong.
$total = mysql_query("SELECT COUNT (user_id) FROM `tbl_users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
echo mysql_error();
return (mysql_result($total, 0) == '1') ? true : false;
In this case, it has something to do with this part:
SELECT COUNT (user_id) FROM 

Re: Php register and login

Posted: Thu May 31, 2012 5:29 am
by drama22
Temor wrote:If you add
echo mysql_error();
under the query that is failing, it usually tells you what's wrong.
$total = mysql_query("SELECT COUNT (user_id) FROM `tbl_users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
echo mysql_error();
return (mysql_result($total, 0) == '1') ? true : false;
In this case, it has something to do with this part:
SELECT COUNT (user_id) FROM 
yes bro the problem was there is space between COUNT (user_id) should be COUNT(user_id) but my problem now i cant login i get always wrong username / password :(

Problem Fixed Thanks Bro

Re: Php register and login

Posted: Thu May 31, 2012 4:20 pm
by Temor
Glad you fixed it :)