0

I can't seem to get my register page working with a password.

This is the query I executed:

CREATE TABLE dbUsers (
         id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
         username VARCHAR(16) unique,
         password CHAR(16),
         email VARCHAR(25)
       );

It only registers if there is no password filled..

2
Contributors
29
Replies
30
Views
6 Years
Discussion Span
Last Post by fifarulez
Featured Replies
  • If you're planning on storing md5 data as your password, you need to set your varchar to a higher integer. Pretty sure md5 are 30+ character strings, so change it to varchar(40) and you should be safe. Read More

  • Post the code for your form processing Read More

  • Try: [code] if(isset($_POST['username'])) { $username = mysql_real_escape_string($_POST['username']); } else { echo "No username detected<br>"; } if(isset($_POST['password'])) { $password = mysql_real_escape_string($_POST['password']); } else { echo "No password detected<br>"; } if(isset($_POST['email'])) { $email = mysql_real_escape_string($_POST['email']); } else { echo "No email detected"; } $q = "INSERT INTO `dbusers` SET `username` = '$username', … Read More

  • The above script will check to see if the $_POST data is filled, otherwise it'll return an error. I also added the escape string function to prevent SQL injection, and try to never use raw $_POST data in your SQL queries. Read More

  • Replace [code] // Fields are clear, add user to database // Setup query $q = "INSERT INTO `dbusers` (`username`,`password`,`email`) " ."VALUES ('".$_POST["username"]."', " ."PASSWORD('".$_POST["password"]."'), " ."'".$_POST["email"]."')"; [/code] With the script I wrote and see if that works. Read More

0

I tried changing:

password CHAR(16),

to

password VARCHAR(16),

but it still won't register with a password.. does this have something to do with md5?

1

If you're planning on storing md5 data as your password, you need to set your varchar to a higher integer. Pretty sure md5 are 30+ character strings, so change it to varchar(40) and you should be safe.

0
<?php
     
    // dbConfig.php is a file that contains your
    // database connection information.
    include ("dbConfig.php");
     
     
    //Input vaildation and the dbase code
    $op = isset($_GET['op']) ? $_GET['op'] : '';
    if ($op == 'reg')
    {
    $bInputFlag = false;
    foreach ( $_POST as $field )
    {
    if ($field == "")
    {
    $bInputFlag = false;
    }
    else
    {
    $bInputFlag = true;
    }
    }
    // If we had problems with the input, exit with error
    if ($bInputFlag == false)
    {
    die( "Problem with your registration info. "
    ."Please go back and try again.");
    }
     
    // Fields are clear, add user to database
    // Setup query
    $q = "INSERT INTO `dbusers` (`username`,`password`,`email`) "
    ."VALUES ('".$_POST["username"]."', "
    ."PASSWORD('".$_POST["password"]."'), "
    ."'".$_POST["email"]."')";
    // Run query
    $r = mysql_query($q);
     
    // Make sure query inserted user successfully
    if ( !mysql_insert_id() )
    {
    die("Error: User not added to database.");
    }
    else
    {
    // Redirect to thank you page.
    Header("Location: register.php?op=thanks");
    }
    } // end if
     
     
    //The thank you page
    $op = isset($_GET['op']) ? $_GET['op'] : '';
    if ($op == 'thanks')
    {
    echo "<h2> Thanks for registering!</h2> ";
    }
     
    //The web form for input ability
    else
    {
    echo "<form action=\"?op=reg\" method=\"POST\"> \n";
    echo "Username: <input name=\"username\" MAXLENGTH=\"16\"> <br /> \n";
    echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"> <br /> \n";
    echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"> <br /> \n";
    echo "<input type=\"submit\"> \n";
    echo "</form> \n";
    }
    // EOF
    ?>

Edited by fifarulez: n/a

0

Or maybe it's just this that you wanted

// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO `dbusers` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);

Sorry, im really a newbie to this.

0

Is there another way to set this?
Like post username, pass and email with one line? or something?

thanks

1

Try:

if(isset($_POST['username'])) {
$username = mysql_real_escape_string($_POST['username']);
} else {
echo "No username detected<br>";
}

if(isset($_POST['password'])) {
$password = mysql_real_escape_string($_POST['password']);
} else {
echo "No password detected<br>";
}

if(isset($_POST['email'])) {
$email = mysql_real_escape_string($_POST['email']);
} else {
echo "No email detected";
}

$q = "INSERT INTO `dbusers` SET `username` = '$username', `password` = '$password', `email` = '$email'";
1

The above script will check to see if the $_POST data is filled, otherwise it'll return an error. I also added the escape string function to prevent SQL injection, and try to never use raw $_POST data in your SQL queries.

0

Oh okay, thank you very much!

Where do I exactly insert the code?

1

Replace

// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO `dbusers` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";

With the script I wrote and see if that works.

0

Last thing!!!

For the login.php, it says that the information is wrong.

Is it the same lines I gotta change?

1

Here is a basic login script I use:

'login.php'

<?php 

include('config.php');

 if(isset($_POST['username'])) {
 	$username = mysql_real_escape_string($_POST['username']);
 }
 
 if(isset($_POST['password'])) {
 	$password = mysql_real_escape_string($_POST['password']);
 }
 
 $password = md5($password);
 
$sql = "Select COUNT(*) from `users` where username = '$username' AND password = '$password'";

$result=mysql_query($sql);



//check that at least one row was returned



$rowCheck = mysql_result($result, 0);

if($rowCheck > 0) {


	$_SESSION['username'] = $username;

header ("Location: index.php");

  //we will redirect the user to another page where we will make sure they're logged in

  } else {
  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.<br>';

  echo "$username - $password";

  } 

?>
0

You need to add a form for people to login through. All you have now is a register form, but no login form.

Set the login forms action to login.php to process the form data.

0

I now have:

<?php
    session_start();
    // dBase file
    include "dbConfig.php";
     
    {
    //If all went right the Web form appears and users can log in
    echo "<form action=\"?op=login\" method=\"POST\">";
    echo "Username: <input name=\"username\" size=\"15\"><br />";
    echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
    echo "<input type=\"submit\" value=\"Login\">";
    echo "</form>";
    }
    ?>

I don't know how to redirect the information to the actual logger..

0

First, put the session_start(); at the top of your dbconfig.php file, that way you won't have to reference it on every page.

<?php
    // dBase file
    include "dbConfig.php";
     
    {
    //If all went right the Web form appears and users can log in
    echo "<form action=\"login.php\" method=\"POST\">";
    echo "Username: <input name=\"username\" size=\"15\"><br />";
    echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
    echo "<input type=\"submit\" value=\"Login\">";
    echo "</form>";
    }
    ?>

Edited by stoopkid: n/a

0

It looks like I can now login and logout, but there's one last thing.

Why do I get a notice?

( ! ) Notice: Undefined variable: username in C:\wamp\www\hacks4all.wapzan.com\registration\login.php on line 14

I can still login and log out.

Edited by fifarulez: n/a

0
<?php
    // dBase file
    include "dbConfig.php";
     
    if(isset($_POST['username'])) {
    $username = mysql_real_escape_string($_POST['username']);
    }
     
    if(isset($_POST['password'])) {
    $password = mysql_real_escape_string($_POST['password']);
    }
     
     
    $sql = "Select COUNT(*) from `dbusers` where username = '$username' AND password = '$password'";
     
    $result=mysql_query($sql);
     
     
     
    //check that at least one row was returned
     
     
     
    $rowCheck = mysql_result($result, 0);
     
    if($rowCheck > 0) {
     
     
    $_SESSION['username'] = $username;
     
    header ("Location: index.php");
     
    //we will redirect the user to another page where we will make sure they're logged in
     
    } else {
    //if nothing is returned by the query, unsuccessful login code goes here...
     
    echo 'Incorrect login name or password. Please try again.<br>';
     
    echo "$username - $password";
     
    }
    {
    //If all went right the Web form appears and users can log in
    echo "<form action=\"?op=login\" method=\"POST\">";
    echo "Username: <input name=\"username\" size=\"15\"><br />";
    echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
    echo "<input type=\"submit\" value=\"Login\">";
    echo "</form>";
    }
    ?>
0

Replace it with this:

<?php
    // dBase file
    include "dbConfig.php";
  if(isset($_POST['submit'])) { //if the login button is pushed
    if(isset($_POST['username'])) {
    $username = mysql_real_escape_string($_POST['username']);
    }
     
    if(isset($_POST['password'])) {
    $password = mysql_real_escape_string($_POST['password']);
    }
     
     
    $sql = "Select COUNT(*) from `dbusers` where username = '$username' AND password = '$password'";
     
    $result=mysql_query($sql);
     
     
     
    //check that at least one row was returned
     
     
     
    $rowCheck = mysql_result($result, 0);
     
    if($rowCheck > 0) {
     
     
    $_SESSION['username'] = $username;
     
    header ("Location: index.php");
     
    //we will redirect the user to another page where we will make sure they're logged in
     
    } else {
    //if nothing is returned by the query, unsuccessful login code goes here...
     
    echo 'Incorrect login name or password. Please try again.<br>';
     
    echo "$username - $password";
     
    }
    {
  } else { //show login form 
    //If all went right the Web form appears and users can log in
    echo "<form action=\"?op=login\" method=\"POST\">";
    echo "Username: <input name=\"username\" size=\"15\"><br />";
    echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
    echo "<input type=\"submit\" name=\"submit\" value=\"Login\">";
    echo "</form>";
    }
 }
    ?>
1

All better

<?php
    // dBase file
    include "dbConfig.php";
    if(isset($_POST['submit'])) { //if the login button is pushed
    if(isset($_POST['username'])) {
    $username = mysql_real_escape_string($_POST['username']);
    }
     
    if(isset($_POST['password'])) {
    $password = mysql_real_escape_string($_POST['password']);
    }
     
     
    $sql = "Select COUNT(*) from `dbusers` where username = '$username' AND password = '$password'";
     
    $result=mysql_query($sql);
     
     
     
    //check that at least one row was returned
     
     
     
    $rowCheck = mysql_result($result, 0);
     
    if($rowCheck > 0) {
     
     
    $_SESSION['username'] = $username;
     
    header ("Location: index.php");
     
    //we will redirect the user to another page where we will make sure they're logged in
     
    } else {
    //if nothing is returned by the query, unsuccessful login code goes here...
     
    echo 'Incorrect login name or password. Please try again.<br>';
     
    echo "$username - $password";
     
    }
    
    } else { //show login form
    //If all went right the Web form appears and users can log in
    echo "<form action=\"?op=login\" method=\"POST\">";
    echo "Username: <input name=\"username\" size=\"15\"><br />";
    echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
    echo "<input type=\"submit\" name=\"submit\" value=\"Login\">";
    echo "</form>";
    }
    
    ?>
0

Oh great!! Thank you very much!!!!! a million times!!!

Solved! :D

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.