Page 1 of 1

Register and Login Tutorial problems

Posted: Sat Jun 23, 2012 5:26 pm
by robbrazier
First off, I am wrapping the login/register/user management code with twitter bootstrap, if that makes any difference. I am not sure what is wrong really, but the register and login pages won't show :( Here are all of the files used:

Before the login and register pages wouldn't show, users were not added to the database, and you were unable to log in, is that because I am using localhost instead of 127.0.0.1?

init.inc.php
<?php

session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'coolrob1_grange', '*hidden*');
mysql_select_db('coolrob1_grange');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>
user.inc.php
<?php

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//checks if the given username and password combination is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}' AND 'password' = '{$pass}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//adds a user to the database
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('{$user}', '{$pass}')");
}
?>
login.php
<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if (empty($errors) && valid_credentials($_POST['username'], $_POST['password']) == false){
		$errors[] = 'Username / Password incorrect';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
    <div class="container">
    	<h1>Login</h1>
    	<br/>
    	<div>
    		<?php
    		
    		if (empty($errors) === false){
	    		?>
	    		<ul>
	    		<?php
	    		foreach ($errors as $error{
		    		echo "<li>{$error}</li>";
	    		)
	    		?>
	    		</ul>
	    		<?php
    		}else{
	    		echo 'Need an Account? <a href="register.php">Register here</a>';
    		}
	    	
	    	?>
    	</div>
    	
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<input type="submit" value="Login" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include 'core/footer.php'; ?>
logout.php
<?php 

session_start();

$_SESSION = array();

session_destroy();

header('Location: user.php');

?>
register.php
<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['[password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Passwords must match';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username is already taken';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
   <div>
   	<?php
   
	   	if (empty(errors) === false){
		   	?>
		   <ul>
		   	<?php
		   	
		   	foreach ($errors as $error){
		   		echo "<li>{$error}</li>"	
		   	}
		   	?>
		   </ul>
		   <?php
	   	}
   
   	?>
   </div>
   
    <div class="container">
    <h1>Register</h1>
    <br/>
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<label for="repeat_password">Repeat Password:</label>
 		   		<input type="password" name="repeat_password" id="repeat_password" />
    		</p>

    		<p>	<input type="submit" value="Register" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include 'core/footer.php'; ?>
The live site is at http://grange.robbrazier.com (just lorem ipsum so far :))
I put all of the pages in the nav bar for ease of access temporarily

Re: Register and Login Tutorial problems

Posted: Sat Jun 23, 2012 7:08 pm
by jacek
Looks pretty much fine at first glance, the only thing I noticed was that this
if (empty(errors) === false){
should be this
if (empty($errors) === false){
robbrazier wrote: is that because I am using localhost instead of 127.0.0.1?
No they usually mean the exact same thing. If you added
die(mysql_error());
after the INSERT it would probably tell you what the problem was though.
robbrazier wrote: but the register and login pages won't show
That's odd :? What do you mean by show ? What happens instead ?

Re: Register and Login Tutorial problems

Posted: Sat Jun 23, 2012 8:06 pm
by robbrazier
jacek wrote:That's odd :? What do you mean by show ? What happens instead ?
I just see a white screen with safari, and chrome says
The website encountered an error while retrieving http://grange.robbrazier.com/login.php. It may be down for maintenance or configured incorrectly.
so there's not really much space for seeing a mysql error. I've replaced
 if (empty($errors) === false){
though, but no avail as of yet

EDIT: I just checked the error log, and it's saying got various parse errors:
PHP Parse error: syntax error, unexpected ')', expecting T_PAAMAYIM_NEKUDOTAYIM in /home2/***/public_html/robbrazier.com/grange/register.php on line 38
PHP Parse error: syntax error, unexpected T_ECHO in /home2/***/public_html/robbrazier.com/grange/login.php on line 40.php on line 40
PHP Parse error: syntax error, unexpected '}', expecting ',' or ';' in /home2/***/public_html/robbrazier.com/grange/register.php on line 45
but those errors stopped being logged 7 hours ago, so i'm not sure what's wrong now

EDIT 2: Now the index.php is redirecting to login.php :shock:

Re: Register and Login Tutorial problems

Posted: Sun Jun 24, 2012 1:26 pm
by jacek
Well a white screen usually means that there are errors being hidden, which you seem to have found in the error log. They don't seem to match up with the code though so the best thing to do would be to make sure your error_reporting setting is set to E_ALL and display_errors is set to On. That will make sure that any errors show on the screen.

The code must have changed since your first post, so can you post the updated code and any errors that appear ?

Re: Register and Login Tutorial problems

Posted: Sun Jun 24, 2012 2:07 pm
by Temor
You have a typo on line 5 in register.php
 $_POST['[password'],

Re: Register and Login Tutorial problems

Posted: Sun Jun 24, 2012 4:13 pm
by robbrazier
Here's the updated code:
init.inc.php
<?php

session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'coolrob1_grange', '*hidden*');
mysql_select_db('coolrob1_grange');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>
user.inc.php
<?php

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//checks if the given username and password combination is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '{$user}' AND 'password' = '{$pass}'");
	
	return(mysql_result($total, 0) == '1') ? true : false;
}

//adds a user to the database
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`username`, `password`) VALUES ('{$user}', '{$pass}')");
}
?>
login.php
<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if (empty($errors) && valid_credentials($_POST['username'], $_POST['password']) == false){
		$errors[] = 'Username / Password incorrect';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
    <div class="container">
    	<h1>Login</h1>
    	<br/>
    	<div>
    		<?php
    		
    		if (empty($errors) === false){
	    		?>
	    		<ul>
	    		<?php
	    		foreach ($errors as $error{
		    		echo "<li>{$error}</li>";
	    		)
	    		?>
	    		</ul>
	    		<?php
    		}else{
	    		echo 'Need an Account? <a href="register.php">Register here</a>';
    		}
	    	
	    	?>
    	</div>
    	
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<input type="submit" value="Login" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include 'core/footer.php'; ?>
logout.php
<?php 

session_start();

$_SESSION = array();

session_destroy();

header('Location: user.php');

?>
register.php
<?php include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Passwords must match';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username is already taken';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: user.php');
		die();
	}
}

?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
   <div>
   	<?php
   
	   	if (empty($errors) === false){
		   	?>
		   <ul>
		   	<?php
		   	
		   	foreach ($errors as $error){
		   		echo "<li>{$error}</li>";
		   	?>
		   </ul>
		   <?php
	   	}
   
   	?>
   </div>
   
    <div class="container">
    <h1>Register</h1>
    <br/>
    	<form action="" method="post">
    		<p>	<label for="username">Username:</label>
 		   		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
    		</p>
    		<p>	<label for="password">Password:</label>
 		   		<input type="password" name="password" id="password" />
    		</p>
    		<p>	<label for="repeat_password">Repeat Password:</label>
 		   		<input type="password" name="repeat_password" id="repeat_password" />
    		</p>

    		<p>	<input type="submit" value="Register" /></p>
    	
    	
    	</form>
    	  
    </div>

<?php include('core/footer.php'); ?>
(with corrected typo, thanks Temor)

user.php
<?php include('core/init.inc.php'); ?>

<?php include 'core/head.php'; include 'core/nav.php'; ?>
    <div class="container">
    
    <p>
    	You are logged in as <?php echo $_SESSION['username']; ?>
    </p>
    
    <p>
    	<a href="logout.php">Logout</a>
    </p>
         
    </div>

<?php include 'core/footer.php'; ?>
I set display_errors to On, and it's saying
login.php wrote:Parse error: syntax error, unexpected T_ECHO in /home2/coolrob1/public_html/robbrazier.com/grange/login.php on line 40
which is echoing the error:
echo "<li>{$error}</li>";
also, there is another error:
register.php wrote:Parse error: syntax error, unexpected $end in /home2/coolrob1/public_html/robbrazier.com/grange/register.php on line 74
This may be something todo with the footer include, however that is all html, so i'm not sure how that would show an unexpected $end?


footer.php
    </div><!--/.fluid-container-->

    <!-- Le javascript
    ================================================== -->
    <!-- Placed at the end of the document so the pages load faster -->
    <script src="assets/js/jquery.js"></script>
    <script src="assets/js/bootstrap-transition.js"></script>
    <script src="assets/js/bootstrap-alert.js"></script>
    <script src="assets/js/bootstrap-modal.js"></script>
    <script src="assets/js/bootstrap-dropdown.js"></script>
    <script src="assets/js/bootstrap-scrollspy.js"></script>
    <script src="assets/js/bootstrap-tab.js"></script>
    <script src="assets/js/bootstrap-tooltip.js"></script>
    <script src="assets/js/bootstrap-popover.js"></script>
    <script src="assets/js/bootstrap-button.js"></script>
    <script src="assets/js/bootstrap-collapse.js"></script>
    <script src="assets/js/bootstrap-carousel.js"></script>
    <script src="assets/js/bootstrap-typeahead.js"></script>

  </body>
</html>
(I'm turning off display_errors now)

Re: Register and Login Tutorial problems

Posted: Mon Jun 25, 2012 12:23 am
by jacek
robbrazier wrote:so i'm not sure how that would show an unexpected $end?
Unexpected $end is an awkward one, $end is actually the end of file. It usually means you have opened a block with { and never closed it with a } It will be in the register.php file too.
robbrazier wrote:(I'm turning off display_errors now)
Don't do that, it will make debugging problems impossible !

Re: Register and Login Tutorial problems

Posted: Mon Jun 25, 2012 6:20 am
by Temor
There is a parentheses missing on line 39 login.php
And your problem in register.php is with the loop on line 43.

Re: Register and Login Tutorial problems

Posted: Tue Jun 26, 2012 8:59 pm
by robbrazier
The weird thing about the unexpected $end is that no matter what I do, it always says there is the unexpected $end on the last line of login.php and register.php
Also, what's wrong with the foreach loop? I checked php.net and they don't have curly brackets around the variable, so I tried removing the brackets, so it's
echo "<li> $error </li>"; 
instead of
echo "<li>{$error}</li>";

Re: Register and Login Tutorial problems

Posted: Tue Jun 26, 2012 10:11 pm
by Temor
you're never closing the foreach loop in register.php. it has an opening curly bracket ( { } ) but no closing one.