Login and regiser, dosent work, with mysql |
Login and regiser, dosent work, with mysql |
sanoj96 |
Nov 10 2012, 05:02 PM
Post
#1
|
Advanced Member Group: Members Posts: 118 Joined: 18-September 12 Member No.: 17,803 |
Hello, i have some issius with my PHP script, Login and register, i got 6 files named
dbc.php (database connect) index.php login.php logout.php members.php register.php When i try to register or loggin it is just giveing me some erros that i cant finde out how to fix try out the login system at this url click here This post has been edited by sanoj96: Nov 10 2012, 05:03 PM |
sanoj96 |
Nov 10 2012, 05:20 PM
Post
#2
|
Advanced Member Group: Members Posts: 118 Joined: 18-September 12 Member No.: 17,803 |
index.php
CODE <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=0.68, maximum-scale=1.0"/> <meta name="apple-mobile-web-app-capable" content="yes" /> <title>Street Life Roleplay</title> <link rel="stylesheet" href="css/style.css"> </head> <body> <div id="container"> <div id="logo"> <!--<span class="highlight">Street life</span>-->Street Life Roleplay </div> <ul id="menu"> <li><a href="/">News</a></li> <li><a href="/faq/">F.A.Q.</a></li> <li><a href="/download/">Download</a></li> <li><a href="/server/players/">Server Status</a></li> <li><a href="/account/donate/">Donate</a></li> <li><a href="http://streetliferp.net84.net/forum/" target="_blank">Forum</a></li> </ul> <div id="headimage"> <img src="/image/" /> <img src="/image/" /> <img src="/image/" /> <img src="/image/" /> <img src="/image/" /> <img src="/image/" /> </div> <div id="subbar" style="position: relative;"><div id="fb"> <a href="http://facebook.com/gorupname" target="_blank"> </a> <img src="http://sanoj96.com/arture/image/fb.png" height="25px;"></div> <!-- login thing--> <?php if(isset($_GET['error'])){echo $_GET['error'];echo "<br>";} ?> <form action="login.php" method="POST"> Username: <input type="text" name="username"> Password: <input type="password" name="password"> <input type="submit" value="Login"> </form> <a href='register.php'>Register</a> </div> <!--<ul id="hints"> <li><b>Did you know?</b> There's daily over <span class="highlight">100</span> new account registrations!</li> <li>Italy Mafia has been running for over <b></b><span class="highlight">4 years</span>!</b></li> <li>Street Life Mafia gives everybody <b>an easy opportunity</b> to <span class="highlight">start a group, team or faction</span>!</li> </ul> </div>--> <div id="content"> <div class="left"> <div class="breadcrumb"> <div class="news"> <div class="head">NEW FORUM!</div> <div class="body"> TO DAY HAVE WE CHANCED THE SERVER FORUMS TO THIS URL <br><br> </div> </div> </div></div></div> <div class="right"> <div class="register"> <!--<div class="body"> <ul class="sidelist"> <table style='width: 260px;'><tr><td>Server IP:</td><td>SERVERIP HERE</td></tr><tr><td></td><td></td></tr><tr><td>Version:</td><td>0.3e</td></tr><tr><td><br><a href='samp://SERVERIPHERER'>Connect now!</a></td><td style='text-align: right;'><br></td></tr></table> </ul> </div> </div>--> <div class="rightbox"> <div id="copyright">© 2012 Street Life RolePlay Community | sanoj96@sanoj96.com | All rights reserved.</div> </div> </body> </html> login.php CODE <?php session_start(); require "dbc.php"; $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $enc_password = md5($password); if($username&&$password) { $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrow = mysql_num_rows($query); if($numrow!=0) { while($row = mysql_fetch_assoc($query)) { $db_username = $row['username']; $db_password = $row['password']; } if($username==$db_username&&$enc_password==$db_password) { //echo "Logged in <a href='members.php'>Click here to enter the members area</a>"; $_SESSION['username']=$db_username; header("location: members.php"); } else { header("location: index.php?error=Incorrect Password"); } } else { header("location: index.php?error=That user doesn't exist"); } } else { header("location: index.php?error=All fields are required"); } ?> logout.php CODE <?php session_start(); session_destroy(); header ("location: index.php"); ?> register.php CODE <?php if($_POST['submit']) require 'dbc.php'; { $name = mysql_real_escape_string($_POST['name']); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $password1 = mysql_real_escape_string($_POST['password1']); $enc_password = md5($password); if($name && $username && $password && $password1) { if(strlen($name)<30) { if(strlen($username)<10) { if(strlen($password)<15 || strlen($password)>6) { if($password == $password1) { require "dbc.php"; $query = mysql_query("INSERT INTO users VALUES ('','$name','$username','$enc_password')"); echo "Registration Complete! <a href='index.php'>Click here to login</a>"; } else { echo "Passwords must match"; } } else { echo "Your password must be between 6 and 15 characters"; } } else { echo "Your username is too long"; } } else { echo "Your name is too long"; } } else { echo "All fields are required"; } } ?> <html> <form action="register.php" method="POST"> Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p> Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p> Password: <input type="password" name="password"> Max length:15<p> Re-Enter Password: <input type="password" name="password1"><p> <input type="submit" name="submit" value="Register"> </form> </html> members.php CODE <?php session_start(); error_reporting(0); if($_SESSION['username']) { echo "You are logged in as: ".$_SESSION['username']; echo "<p><a href='logout.php'>Click here to logout</a>"; } else header ("location: index.php"); ?> dbc.php CODE <?php mysql_connect("host","usernmae","password") or die ("Couldnt connect to database"); mysql_select_db("") or die ("Couldnt find database"); ?> |
Christian J |
Nov 11 2012, 01:21 PM
Post
#3
|
. Group: WDG Moderators Posts: 9,656 Joined: 10-August 06 Member No.: 7 |
dbc.php
CODE <?php mysql_connect("host","usernmae","password") or die ("Couldnt connect to database"); mysql_select_db("") or die ("Couldnt find database"); ?> I assume you've changed the mysql_connect() arguments when posting the code here? If not there's a typo in "usernmae". Is the server really called "host" (ditto for "password")? In mysql_select_db(), is the DB really called ""? When I try to login, I get: QUOTE Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/sanojcom/public_html/artur/login.php on line 15 Apparently the $query variable isn't what's expected. Try print_r() on it to investigate. QUOTE Warning: Cannot modify header information - headers already sent by (output started at /home/sanojcom/public_html/artur/login.php:15) in /home/sanojcom/public_html/artur/login.php on line 38 Either a header is already sent (but I can't see where) or maybe some other content has been sent (a header must be sent before any other content). |
sanoj96 |
Nov 12 2012, 10:14 AM
Post
#4
|
Advanced Member Group: Members Posts: 118 Joined: 18-September 12 Member No.: 17,803 |
I did try to update my files... and the errors are awey, but now i think i got a database error :/
the data base file CODE <?php mysql_connect("localhost","sanojcom_login","iphone3G96") or die("Could not connect to server!"); mysql_select_db("sanojcom_login") or die("Could not select database"); ?> if any one see any error with it plz let me know |
Christian J |
Nov 12 2012, 11:10 AM
Post
#5
|
. Group: WDG Moderators Posts: 9,656 Joined: 10-August 06 Member No.: 7 |
register.php:
CODE if($_POST['submit']) require 'dbc.php'; { Shouldn't the require be inside the curly brace? Apparently the script ignores the $_POST['submit'] check, since the warnings when I first load the page seem to apply to the following lines: CODE $name = mysql_real_escape_string($_POST['name']); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $password1 = mysql_real_escape_string($_POST['password1']); (that shouldn't run, since $_POST['submit'] is not yet submitted). Also use htmlspecialchars() before printing anything user submitted on the page, like here: CODE Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p> Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p> otherwise a username like CODE "><b>injection test</b> will break the HTML. But once I submit the registration form seem able to register a new account without warnings. However the script didn't object to my three letter password, like it should. --- FWIW, regarding the redirect headers http://php.net/manual/en/function.header.php says: "HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs." Also I don't know if "Location" can begin with a lower-case "l". |
Lo-Fi Version | Time is now: 23rd April 2024 - 04:12 AM |