0

Hi, so I have been trying to create a Login and Register system, but the thing is every time I try to login using the system nothing really happens. You can check it out at http://edwinjoseph.co/logintest/ if you click login and use user for the username and password for the password, you will notice nothing happens.

The code for login.php is as follows:

<?php
    session_start();

    //This displays your login form
    function index(){

    echo "<form action='?act=login' method='post'>" 
        ."Username: <input type='text' name='username' size='30'><br>"
        ."Password: <input type='password' name='password' size='30'><br>"
        ."<input type='submit' value='Login'>"
        ."</form>";    

    }

    //This function will find and checks if your data is correct
    function login(){

        //Collect your info from login form
        $username = $_REQUEST['username'];
        $password = $_REQUEST['password'];


        //Connecting to database
        $connect = mysql_connect("example.com", "user", "password");
        if(!$connect){
            die(mysql_error());
        }

        //Selecting database
        $select_db = mysql_select_db("database", $connect);
        if(!$select_db){
            die(mysql_error());
        }

        //Find if entered data is correct

        $result = mysql_query("SELECT * FROM database WHERE username='$username' AND password='$password'") or die(mysql_error());;
        $row = mysql_fetch_array($result);
        $id = $row['id'];

        $select_user = mysql_query("SELECT * FROM database WHERE id='$id'") or die(mysql_error());;
        $row2 = mysql_fetch_array($select_user);
        $user = $row2['username'];

        if($username != $user){
            die("Username is wrong!");
        }


        $pass_check = mysql_query("SELECT * FROM database WHERE username='$username' AND id='$id'");
        $row3 = mysql_fetch_array($pass_check);
        $email = $row3['email'];
        $select_pass = mysql_query("SELECT * FROM database WHERE username='$username' AND id='$id' AND email='$email'");
        $row4 = mysql_fetch_array($select_pass);
        $real_password = $row4['password'];

        if($password != $real_password){
            die("Your password is wrong!");
        }



        //Now if everything is correct let's finish his/her/its login

        session_register("username", $username);
        session_register("password", $password);

        echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";

    }

    switch($act){

        default;
        index();
        break;

        case "login";
        login();
        break;

    }
?> 

Thank you, if you need any more information I will give it to you ASAP.

Edwin

Edited by pritaeas: Removed MySQL credentials from code.

4
Contributors
12
Replies
30
Views
4 Years
Discussion Span
Last Post by edwin.joseph.7543
Featured Replies
  • 1

    Many issues here: - `database` is a mysql reserved word so it is a bad idea to use it for the table name (and is missguiding also), but if you insist, enclose it in backticks - sending two queries is not necessary if you retrieve all data with the first … Read More

  • 1. You need to ensure Direct Access is enabled when the database is setup. Review the following linked article going forward: http://support.godaddy.com/help/article/4978/connecting-remotely-to-shared-hosting-databases 2. It could be a problem with connection strings, refer here: http://support.godaddy.com/help/article/3323/locating-your-database-connection-strings Read More

  • The question has been solved and for those of you who are like me, and with GoDaddy, it turns out I can't create this login system without buying a virtual dedicated server which costs $16 a months for 2 years. I hope that has answered any questions, if you do … Read More

0

The problem is that $act on line 72 (switch) has not been given a value. I assume it's being passed through the $_GET or $_POST array.

0

Ah. It's using a global setting (not recommended). I suggest you replace line 72 with:

switch ($_GET['act']) {

It's also being used in register.php (same issue).

1

Many issues here:

  • database is a mysql reserved word so it is a bad idea to use it for the table name (and is missguiding also), but if you insist, enclose it in backticks
  • sending two queries is not necessary if you retrieve all data with the first one
  • escape all the values from $_REQUEST before using them in queries otherwise you risk an SQL injection attack: $username = mysql_real_escape_string($_REQUEST['username']);
  • better use $_POST and $_GET arrays instead of $_REQUEST since you already use GET and POST in the same script
  • check for existence of values before using them: if(isset($_REQUEST['username'])) ...
  • mysql database extension is very old, witch to mysqli or even better to PDO

Edited by broj1

0

okay so I changed it but know I get an error (which is good, sort of)

Access denied for user 'clanhuntersdb'@'%' to database 'database'

0

Your user does no have priviliges to use this database. Do you have access to the MySQL server? Did you add this user yourself? Or is database not really the name of the database you are using (more likely).

Edited by pritaeas

0

I have access to the database, yes. The database is actually called database and I did add the user myself.

0

It has to be something you missed while adding the user. Does the user have access to all databases, or just this one? Are you connecting on localhost? Did you flush priviliges?

0

So I am using GoDaddy's server just incase you need to know, the user I believe only has access to that one database because I created him on that DB. No Im not using localhost cause I dont know how to use it.. flush privilliges I dont know what that is or how it is done.

2

The question has been solved and for those of you who are like me, and with GoDaddy, it turns out I can't create this login system without buying a virtual dedicated server which costs $16 a months for 2 years. I hope that has answered any questions, if you do have questions and are with GoDaddy, it was better to talk to them personally, I spock with someone who runs their servers who helped me figure this out :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.