Login and regiser, dosent work, with mysql Options

[sanoj96]

Hello, i have some issius with my PHP script, Login and register, i got 6 files named

dbc.php (database connect)
index.php
login.php
logout.php
members.php
register.php

When i try to register or loggin it is just giveing me some erros that i cant finde out how to fix

try out the login system at this url click here

This post has been edited by sanoj96: Nov 10 2012, 05:03 PM

[sanoj96]

index.php

CODE

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" >
        <meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=0.68, maximum-scale=1.0"/>
        <meta name="apple-mobile-web-app-capable" content="yes" />
        <title>Street Life Roleplay</title>
        <link rel="stylesheet" href="css/style.css">
    </head>
    <body>
<div id="container">
    <div id="logo">
        <!--<span class="highlight">Street life</span>-->Street Life Roleplay
    </div>
    <ul id="menu">
        <li><a href="/">News</a></li>
<li><a href="/faq/">F.A.Q.</a></li>
<li><a href="/download/">Download</a></li>
<li><a href="/server/players/">Server Status</a></li>
<li><a href="/account/donate/">Donate</a></li>
<li><a href="http://streetliferp.net84.net/forum/" target="_blank">Forum</a></li>    </ul>
    <div id="headimage">
        <img src="/image/" />
        <img src="/image/" />
        <img src="/image/" />
        <img src="/image/" />
        <img src="/image/" />
        <img src="/image/" />
    </div>
    <div id="subbar" style="position: relative;"><div id="fb">
        <a href="http://facebook.com/gorupname" target="_blank">
        </a> <img src="http://sanoj96.com/arture/image/fb.png" height="25px;"></div>
            <!-- login thing-->
<?php if(isset($_GET['error'])){echo $_GET['error'];echo "<br>";} ?>
<form action="login.php" method="POST">
    Username: <input type="text" name="username">
    Password: <input type="password" name="password">
    <input type="submit" value="Login">
</form>
<a href='register.php'>Register</a>
</div>
        <!--<ul id="hints">
            <li><b>Did you know?</b> There's daily over <span class="highlight">100</span> new account registrations!</li>
            <li>Italy Mafia has been running for over <b></b><span class="highlight">4 years</span>!</b></li>
            <li>Street Life Mafia gives everybody <b>an easy opportunity</b> to <span class="highlight">start a group, team or faction</span>!</li>
        </ul>
    </div>-->
    <div id="content">
        <div class="left">
            <div class="breadcrumb">
            <div class="news">
                <div class="head">NEW FORUM!</div>
                <div class="body">
TO DAY HAVE WE CHANCED THE SERVER FORUMS TO THIS URL <br><br>
            </div>
            </div>
</div></div></div>
        <div class="right">
                        <div class="register">
                <!--<div class="body">
                    <ul class="sidelist">
                        <table style='width: 260px;'><tr><td>Server IP:</td><td>SERVERIP HERE</td></tr><tr><td></td><td></td></tr><tr><td>Version:</td><td>0.3e</td></tr><tr><td><br><a href='samp://SERVERIPHERER'>Connect now!</a></td><td style='text-align: right;'><br></td></tr></table>                    </ul>
                </div>
            </div>-->
            <div class="rightbox">

                <div id="copyright">© 2012 Street Life RolePlay Community  | sanoj96@sanoj96.com | All rights reserved.</div>
</div>

    </body>
</html>

login.php

CODE

<?php

session_start();

require "dbc.php";

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$enc_password = md5($password);

if($username&&$password)
{
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    $numrow = mysql_num_rows($query);
    
    if($numrow!=0)
    {
        while($row = mysql_fetch_assoc($query))
        {
            $db_username = $row['username'];
            $db_password = $row['password'];
        }
        
        if($username==$db_username&&$enc_password==$db_password)
        {
            //echo "Logged in <a href='members.php'>Click here to enter the members area</a>";
            $_SESSION['username']=$db_username;
            header("location: members.php");
        }
        else
        {
            header("location: index.php?error=Incorrect Password");
        }
    }
    else
    {
        header("location: index.php?error=That user doesn't exist");
    }
}
else
{
    header("location: index.php?error=All fields are required");
}

?>

logout.php

CODE

<?php

session_start();

session_destroy();

header ("location: index.php");

?>

register.php

CODE

<?php

if($_POST['submit'])
require 'dbc.php';
{

    $name = mysql_real_escape_string($_POST['name']);
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $password1 = mysql_real_escape_string($_POST['password1']);
    
    $enc_password = md5($password);
    
    if($name && $username && $password && $password1)
    {
        if(strlen($name)<30)
        {
            if(strlen($username)<10)
            {
                if(strlen($password)<15 || strlen($password)>6)
                {
                    if($password == $password1)
                    {
                        require "dbc.php";
                        $query = mysql_query("INSERT INTO users VALUES ('','$name','$username','$enc_password')");
                        echo "Registration Complete! <a href='index.php'>Click here to login</a>";
                    }
                    else
                    {
                        echo "Passwords must match";
                    }
                }
                else
                {
                    echo "Your password must be between 6 and 15 characters";    
                }
            }
            else
            {
                echo "Your username is too long";    
            }
        }
        else
        {
            echo "Your name is too long";
        }
    }
    else
    {
        echo "All fields are required";
    }
}

?>

<html>

    <form action="register.php" method="POST">
        Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p>
        Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p>
        Password: <input type="password" name="password"> Max length:15<p>
        Re-Enter Password: <input type="password" name="password1"><p>
        <input type="submit" name="submit" value="Register">
    </form>
    
</html>

members.php

CODE

<?php

session_start();

error_reporting(0);

if($_SESSION['username'])
{
    echo "You are logged in as: ".$_SESSION['username'];

    echo "<p><a href='logout.php'>Click here to logout</a>";
}
else
    header ("location: index.php");
?>

dbc.php

CODE

<?php

mysql_connect("host","usernmae","password") or die ("Couldnt connect to database");
mysql_select_db("") or die ("Couldnt find database");

?>

[Christian J]

dbc.php

CODE

<?php

mysql_connect("host","usernmae","password") or die ("Couldnt connect to database");
mysql_select_db("") or die ("Couldnt find database");

?>

I assume you've changed the mysql_connect() arguments when posting the code here? If not there's a typo in "usernmae". Is the server really called "host" (ditto for "password")? In mysql_select_db(), is the DB really called ""?

When I try to login, I get:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/sanojcom/public_html/artur/login.php on line 15

Apparently the $query variable isn't what's expected. Try print_r() on it to investigate.

Warning: Cannot modify header information - headers already sent by (output started at /home/sanojcom/public_html/artur/login.php:15) in /home/sanojcom/public_html/artur/login.php on line 38

Either a header is already sent (but I can't see where) or maybe some other content has been sent (a header must be sent before any other content).

[sanoj96]

I did try to update my files... and the errors are awey, but now i think i got a database error :/


the data base file

CODE

<?php
mysql_connect("localhost","sanojcom_login","iphone3G96") or die("Could not connect to server!");
mysql_select_db("sanojcom_login") or die("Could not select database");
?>

if any one see any error with it plz let me know

[Christian J]

register.php:

CODE

if($_POST['submit'])
require 'dbc.php';
{

Shouldn't the require be inside the curly brace? Apparently the script ignores the $_POST['submit'] check, since the warnings when I first load the page seem to apply to the following lines:

CODE

    $name = mysql_real_escape_string($_POST['name']);
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $password1 = mysql_real_escape_string($_POST['password1']);

(that shouldn't run, since $_POST['submit'] is not yet submitted).

Also use htmlspecialchars() before printing anything user submitted on the page, like here:

CODE

        Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p>
        Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p>

otherwise a username like

CODE

"><b>injection test</b>

will break the HTML.

But once I submit the registration form seem able to register a new account without warnings. However the script didn't object to my three letter password, like it should.

---

FWIW, regarding the redirect headers http://php.net/manual/en/function.header.php says:

"HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs."

Also I don't know if "Location" can begin with a lower-case "l".