Register and Login (User Account System) doesn't work
Posted: Thu Jul 14, 2011 11:52 pm
I'm following the tutorial, and I wrote 3 files:
init.inc.php
[syntax=php]
<?php
session_start();
$exceptions = array('register', 'login');
$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
if (in_array ($page, $exceptions) === false){
if (isset($_SESSION['username']) === false){
header('Location: login.php');
}
}
mysql_connect('localhost', 'root', '');
mysql_select_db('betterphp_register_login_simple');
$path = dirname(_FILE_);
include("{$path}/inc/user.inc.php");
?>
[/syntax]
user.inc,php
[syntax=php]
<?php
//checks if the given username exists in the database.
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = {$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = [$user}' AND 'user_password'= '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//adds a user to the database.
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO 'users' ('user_name', 'user_password'') VALUES ('{$user}', '{$pass}')");
}
?>
[/syntax]
and register.php
[syntax=php]
<?php
include('core/init.inc.php');
$errors = array();
//check if form was sent.
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
//call function user_exists() from user.inc.php
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
//call function add_user() from user.inc.php
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="ext/css/style.css" type="text/css" />
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<label for="repeat_password">Repeat Password:</label>
<input type="password" name="repeat_password" id="repeat_password" />
</p>
<p>
<input type="submit" value="Register" />
</p>
</form>
</body>
</html>
[/syntax]
I type something in form's fields, but I get this warning:
Warning: mysql_result() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\betterphp_tutos\Register_login_simple\inc\user.inc.php on line 9
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\betterphp_tutos\Register_login_simple\inc\user.inc.php:40) in C:\xampp\htdocs\betterphp_tutos\Register_login_simple\register.php on line 32
I revised the script but I don't found what is wrong, Can someone help me, please?
init.inc.php
[syntax=php]
<?php
session_start();
$exceptions = array('register', 'login');
$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
if (in_array ($page, $exceptions) === false){
if (isset($_SESSION['username']) === false){
header('Location: login.php');
}
}
mysql_connect('localhost', 'root', '');
mysql_select_db('betterphp_register_login_simple');
$path = dirname(_FILE_);
include("{$path}/inc/user.inc.php");
?>
[/syntax]
user.inc,php
[syntax=php]
<?php
//checks if the given username exists in the database.
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = {$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'user_name' = [$user}' AND 'user_password'= '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//adds a user to the database.
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO 'users' ('user_name', 'user_password'') VALUES ('{$user}', '{$pass}')");
}
?>
[/syntax]
and register.php
[syntax=php]
<?php
include('core/init.inc.php');
$errors = array();
//check if form was sent.
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
//call function user_exists() from user.inc.php
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
//call function add_user() from user.inc.php
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="ext/css/style.css" type="text/css" />
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<label for="repeat_password">Repeat Password:</label>
<input type="password" name="repeat_password" id="repeat_password" />
</p>
<p>
<input type="submit" value="Register" />
</p>
</form>
</body>
</html>
[/syntax]
I type something in form's fields, but I get this warning:
Warning: mysql_result() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\betterphp_tutos\Register_login_simple\inc\user.inc.php on line 9
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\betterphp_tutos\Register_login_simple\inc\user.inc.php:40) in C:\xampp\htdocs\betterphp_tutos\Register_login_simple\register.php on line 32
I revised the script but I don't found what is wrong, Can someone help me, please?