I can't seem to get my register page working with a password.
This is the query I executed:
CREATE TABLE dbUsers (
id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(16) unique,
password CHAR(16),
email VARCHAR(25)
);It only registers if there is no password filled..
Jump to PostIf you're planning on storing md5 data as your password, you need to set your varchar to a higher integer. Pretty sure md5 are 30+ character strings, so change it to varchar(40) and you should be safe.
Jump to PostPost the code for your form processing
Jump to PostTry:
if(isset($_POST['username'])) { $username = mysql_real_escape_string($_POST['username']); } else { echo "No username detected<br>"; } if(isset($_POST['password'])) { $password = mysql_real_escape_string($_POST['password']); } else { echo "No password detected<br>"; } if(isset($_POST['email'])) { $email = mysql_real_escape_string($_POST['email']); } else { echo "No email detected"; } $q = "INSERT INTO `dbusers` SET `username` …
Jump to PostThe above script will check to see if the $_POST data is filled, otherwise it'll return an error. I also added the escape string function to prevent SQL injection, and try to never use raw $_POST data in your SQL queries.
Jump to PostReplace
// Fields are clear, add user to database // Setup query $q = "INSERT INTO `dbusers` (`username`,`password`,`email`) " ."VALUES ('".$_POST["username"]."', " ."PASSWORD('".$_POST["password"]."'), " ."'".$_POST["email"]."')";With the script I wrote and see if that works.
I tried changing:
password CHAR(16),to
password VARCHAR(16),but it still won't register with a password.. does this have something to do with md5?
If you're planning on storing md5 data as your password, you need to set your varchar to a higher integer. Pretty sure md5 are 30+ character strings, so change it to varchar(40) and you should be safe.
Oh okay, some people set it to 255 I think but even with md5 on..
I cannot register if I have a password filled in..look
http://fifarulez.dyndns.org/hacks4all.wapzan.com/registration/register.php
Try anything just to test.. and you'll see..
Thanks for the quick reply though
Post the code for your form processing
<?php
// dbConfig.php is a file that contains your
// database connection information.
include ("dbConfig.php");
//Input vaildation and the dbase code
$op = isset($_GET['op']) ? $_GET['op'] : '';
if ($op == 'reg')
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO `dbusers` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);
// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if
//The thank you page
$op = isset($_GET['op']) ? $_GET['op'] : '';
if ($op == 'thanks')
{
echo "<h2> Thanks for registering!</h2> ";
}
//The web form for input ability
else
{
echo "<form action=\"?op=reg\" method=\"POST\"> \n";
echo "Username: <input name=\"username\" MAXLENGTH=\"16\"> <br /> \n";
echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"> <br /> \n";
echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"> <br /> \n";
echo "<input type=\"submit\"> \n";
echo "</form> \n";
}
// EOF
?>Or maybe it's just this that you wanted
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO `dbusers` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);Sorry, im really a newbie to this.
Is there another way to set this?
Like post username, pass and email with one line? or something?
thanks
Try:
if(isset($_POST['username'])) {
$username = mysql_real_escape_string($_POST['username']);
} else {
echo "No username detected<br>";
}
if(isset($_POST['password'])) {
$password = mysql_real_escape_string($_POST['password']);
} else {
echo "No password detected<br>";
}
if(isset($_POST['email'])) {
$email = mysql_real_escape_string($_POST['email']);
} else {
echo "No email detected";
}
$q = "INSERT INTO `dbusers` SET `username` = '$username', `password` = '$password', `email` = '$email'";The above script will check to see if the $_POST data is filled, otherwise it'll return an error. I also added the escape string function to prevent SQL injection, and try to never use raw $_POST data in your SQL queries.
Oh okay, thank you very much!
Where do I exactly insert the code?
Replace
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO `dbusers` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";With the script I wrote and see if that works.
Wow.... it works perfectly.
Glad I could help, please mark the thread as SOLVED if you could.
Last thing!!!
For the login.php, it says that the information is wrong.
Is it the same lines I gotta change?
Here is a basic login script I use:
'login.php'
<?php
include('config.php');
if(isset($_POST['username'])) {
$username = mysql_real_escape_string($_POST['username']);
}
if(isset($_POST['password'])) {
$password = mysql_real_escape_string($_POST['password']);
}
$password = md5($password);
$sql = "Select COUNT(*) from `users` where username = '$username' AND password = '$password'";
$result=mysql_query($sql);
//check that at least one row was returned
$rowCheck = mysql_result($result, 0);
if($rowCheck > 0) {
$_SESSION['username'] = $username;
header ("Location: index.php");
//we will redirect the user to another page where we will make sure they're logged in
} else {
//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.<br>';
echo "$username - $password";
}
?>My passwords aren't in md5 though.
take out the line that says $password = md5($password);
Uhm....alright but I'm still having some problems
http://fifarulez.dyndns.org/hacks4all.wapzan.com/registration/login.php
which are
( ! ) Notice: Undefined variable: username in C:\wamp\www\hacks4all.wapzan.com\registration\login.php on line 14
( ! ) Notice: Undefined variable: password in C:\wamp\www\hacks4all.wapzan.com\registration\login.php on line 14
You need to add a form for people to login through. All you have now is a register form, but no login form.
Set the login forms action to login.php to process the form data.
I now have:
<?php
session_start();
// dBase file
include "dbConfig.php";
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>I don't know how to redirect the information to the actual logger..
First, put the session_start(); at the top of your dbconfig.php file, that way you won't have to reference it on every page.
<?php
// dBase file
include "dbConfig.php";
{
//If all went right the Web form appears and users can log in
echo "<form action=\"login.php\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>Done
It looks like I can now login and logout, but there's one last thing.
Why do I get a notice?
( ! ) Notice: Undefined variable: username in C:\wamp\www\hacks4all.wapzan.com\registration\login.php on line 14
I can still login and log out.
post your login.php code
<?php
// dBase file
include "dbConfig.php";
if(isset($_POST['username'])) {
$username = mysql_real_escape_string($_POST['username']);
}
if(isset($_POST['password'])) {
$password = mysql_real_escape_string($_POST['password']);
}
$sql = "Select COUNT(*) from `dbusers` where username = '$username' AND password = '$password'";
$result=mysql_query($sql);
//check that at least one row was returned
$rowCheck = mysql_result($result, 0);
if($rowCheck > 0) {
$_SESSION['username'] = $username;
header ("Location: index.php");
//we will redirect the user to another page where we will make sure they're logged in
} else {
//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.<br>';
echo "$username - $password";
}
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>Replace it with this:
<?php
// dBase file
include "dbConfig.php";
if(isset($_POST['submit'])) { //if the login button is pushed
if(isset($_POST['username'])) {
$username = mysql_real_escape_string($_POST['username']);
}
if(isset($_POST['password'])) {
$password = mysql_real_escape_string($_POST['password']);
}
$sql = "Select COUNT(*) from `dbusers` where username = '$username' AND password = '$password'";
$result=mysql_query($sql);
//check that at least one row was returned
$rowCheck = mysql_result($result, 0);
if($rowCheck > 0) {
$_SESSION['username'] = $username;
header ("Location: index.php");
//we will redirect the user to another page where we will make sure they're logged in
} else {
//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.<br>';
echo "$username - $password";
}
{
} else { //show login form
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" name=\"submit\" value=\"Login\">";
echo "</form>";
}
}
?>( ! ) Parse error: syntax error, unexpected T_ELSE in C:\wamp\www\hacks4all.wapzan.com\registration\login.php on line 44
All better
<?php
// dBase file
include "dbConfig.php";
if(isset($_POST['submit'])) { //if the login button is pushed
if(isset($_POST['username'])) {
$username = mysql_real_escape_string($_POST['username']);
}
if(isset($_POST['password'])) {
$password = mysql_real_escape_string($_POST['password']);
}
$sql = "Select COUNT(*) from `dbusers` where username = '$username' AND password = '$password'";
$result=mysql_query($sql);
//check that at least one row was returned
$rowCheck = mysql_result($result, 0);
if($rowCheck > 0) {
$_SESSION['username'] = $username;
header ("Location: index.php");
//we will redirect the user to another page where we will make sure they're logged in
} else {
//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.<br>';
echo "$username - $password";
}
} else { //show login form
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" name=\"submit\" value=\"Login\">";
echo "</form>";
}
?>Oh great!! Thank you very much!!!!! a million times!!!
Solved! :D
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.