BetterPHP

I'm following the tutorial, and I wrote 3 files:

init.inc.php

[syntax=php]
<?php

session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array ($page, $exceptions) === false){
if (isset($_SESSION['username']) === false){
header('Location: login.php');
}
}

mysql_connect('localhost', 'root', '');
mysql_select_db('betterphp_register_login_simple');

$path = dirname(_FILE_);

include("{$path}/inc/user.inc.php");

?>
[/syntax]

user.inc,php

[syntax=php]
<?php

//checks if the given username exists in the database.
function user_exists($user){
$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = {$user}'");

return (mysql_result($total, 0) == '1') ? true : false;
}

//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = [$user}' AND 'user_password'= '{$pass}'");

return (mysql_result($total, 0) == '1') ? true : false;
}

//adds a user to the database.
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);

mysql_query("INSERT INTO 'users' ('user_name', 'user_password'') VALUES ('{$user}', '{$pass}')");

}

?>
[/syntax]

and register.php

[syntax=php]
<?php

include('core/init.inc.php');

$errors = array();

//check if form was sent.
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}

if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}

if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}

//call function user_exists() from user.inc.php
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}

if (empty($errors)){
//call function add_user() from user.inc.php
add_user($_POST['username'], $_POST['password']);

$_SESSION['username'] = htmlentities($_POST['username']);

header('Location: protected.php');
die();
}

}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="ext/css/style.css" type="text/css" />
</head>

<body>

<div>
<?php

if (empty($errors) === false){
?>
<ul>
<?php

foreach ($errors as $error){
echo "<li>{$error}</li>";
}

?>
</ul>
<?php

}

?>

</div>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<label for="repeat_password">Repeat Password:</label>
<input type="password" name="repeat_password" id="repeat_password" />
</p>
<p>
<input type="submit" value="Register" />
</p>

</form>

</body>

</html>
[/syntax]

I type something in form's fields, but I get this warning:

Warning: mysql_result() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\betterphp_tutos\Register_login_simple\inc\user.inc.php on line 9

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\betterphp_tutos\Register_login_simple\inc\user.inc.php:40) in C:\xampp\htdocs\betterphp_tutos\Register_login_simple\register.php on line 32

I revised the script but I don't found what is wrong, Can someone help me, please?

For the header problem, you must have content already out-putted. (where ) try this:
[syntax=php]
 
  if (empty($errors)){
    //call function add_user() from user.inc.php
    add_user($_POST['username'], $_POST['password']);
 
    $_SESSION['username'] = htmlentities($_POST['username']);
  ob_start(); //add this line to handle header change after content is output—"ob" means "output buffer"
    header('Location: protected.php');
    die();
  }
[/syntax]

The second error is actually caused by the first, and the first is caused by a query failing.

In all of your queries you need to use ` around column and table names not '

so
[syntax=sql]SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = {$user}'[/syntax]

should be
[syntax=sql]SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = {$user}'[/syntax]

The script it's working.

Thank you very much.

A quick search or even looked a few posts lower you would have seen my post with the very same problem and answer: viewtopic.php?f=7&t=337 the search is good as many new people make the same mistakes

Hi,
I am tried your script and is working fine in Firefox but not in IE8 or Chrome where is remaining on login. php although is inserting in DB correctly when you register. Do you know what could be the problem.
Thanks for the tutorials

otto1303 wrote:The script it's working.

Thank you very much.

faga wrote:Hi,
I am tried your script and is working fine in Firefox but not in IE8 or Chrome where is remaining on login. php although is inserting in DB correctly when you register. Do you know what could be the problem.
Thanks for the tutorials

Make sure the HTML is valid, you might have messed up the form in some way that means only Firefox can understand it.

Thanks for the answer. I think it is from the stupid advertisement code they put on my freehosting because it is working on local server.

faga wrote:Thanks for the answer. I think it is from the stupid advertisement code they put on my freehosting because it is working on local server.

Ahh that is easy to solve. Don't use bad hosting