Hi, so I have been trying to create a Login and Register system, but the thing is every time I try to login using the system nothing really happens. You can check it out at http://edwinjoseph.co/logintest/ if you click login and use user for the username and password for the password, you will notice nothing happens.

The code for login.php is as follows:

<?php
    session_start();

    //This displays your login form
    function index(){

    echo "<form action='?act=login' method='post'>" 
        ."Username: <input type='text' name='username' size='30'><br>"
        ."Password: <input type='password' name='password' size='30'><br>"
        ."<input type='submit' value='Login'>"
        ."</form>";    

    }

    //This function will find and checks if your data is correct
    function login(){

        //Collect your info from login form
        $username = $_REQUEST['username'];
        $password = $_REQUEST['password'];


        //Connecting to database
        $connect = mysql_connect("example.com", "user", "password");
        if(!$connect){
            die(mysql_error());
        }

        //Selecting database
        $select_db = mysql_select_db("database", $connect);
        if(!$select_db){
            die(mysql_error());
        }

        //Find if entered data is correct

        $result = mysql_query("SELECT * FROM database WHERE username='$username' AND password='$password'") or die(mysql_error());;
        $row = mysql_fetch_array($result);
        $id = $row['id'];

        $select_user = mysql_query("SELECT * FROM database WHERE id='$id'") or die(mysql_error());;
        $row2 = mysql_fetch_array($select_user);
        $user = $row2['username'];

        if($username != $user){
            die("Username is wrong!");
        }


        $pass_check = mysql_query("SELECT * FROM database WHERE username='$username' AND id='$id'");
        $row3 = mysql_fetch_array($pass_check);
        $email = $row3['email'];
        $select_pass = mysql_query("SELECT * FROM database WHERE username='$username' AND id='$id' AND email='$email'");
        $row4 = mysql_fetch_array($select_pass);
        $real_password = $row4['password'];

        if($password != $real_password){
            die("Your password is wrong!");
        }



        //Now if everything is correct let's finish his/her/its login

        session_register("username", $username);
        session_register("password", $password);

        echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";

    }

    switch($act){

        default;
        index();
        break;

        case "login";
        login();
        break;

    }
?> 

Thank you, if you need any more information I will give it to you ASAP.

Edwin

The problem is that $act on line 72 (switch) has not been given a value. I assume it's being passed through the $_GET or $_POST array.

Ah. It's using a global setting (not recommended). I suggest you replace line 72 with:

switch ($_GET['act']) {

It's also being used in register.php (same issue).

Many issues here:

  • database is a mysql reserved word so it is a bad idea to use it for the table name (and is missguiding also), but if you insist, enclose it in backticks
  • sending two queries is not necessary if you retrieve all data with the first one
  • escape all the values from $_REQUEST before using them in queries otherwise you risk an SQL injection attack: $username = mysql_real_escape_string($_REQUEST['username']);
  • better use $_POST and $_GET arrays instead of $_REQUEST since you already use GET and POST in the same script
  • check for existence of values before using them: if(isset($_REQUEST['username'])) ...
  • mysql database extension is very old, witch to mysqli or even better to PDO

okay so I changed it but know I get an error (which is good, sort of)

Access denied for user 'clanhuntersdb'@'%' to database 'database'

Your user does no have priviliges to use this database. Do you have access to the MySQL server? Did you add this user yourself? Or is database not really the name of the database you are using (more likely).

I have access to the database, yes. The database is actually called database and I did add the user myself.

It has to be something you missed while adding the user. Does the user have access to all databases, or just this one? Are you connecting on localhost? Did you flush priviliges?

So I am using GoDaddy's server just incase you need to know, the user I believe only has access to that one database because I created him on that DB. No Im not using localhost cause I dont know how to use it.. flush privilliges I dont know what that is or how it is done.

I have no experience with GoDaddy, so you'll have to wait for somebody else to chip in.

The question has been solved and for those of you who are like me, and with GoDaddy, it turns out I can't create this login system without buying a virtual dedicated server which costs $16 a months for 2 years. I hope that has answered any questions, if you do have questions and are with GoDaddy, it was better to talk to them personally, I spock with someone who runs their servers who helped me figure this out :)