User Registration/Login System Help

Question

CEVGames 0 Light Poster

13 Years Ago

Hi all,

I am completely new to PHP and MySQL, but I need to learn it for a project my friends and I are working on. So, I found a tutorial on how to create a user registration and log in system using PHP and MySql. I am having an issue with both aspects.

First I have a file called db.php The code looks like this:

<?php
session_start(); 
mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB");
function user_login($username, $password) 
{
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 
if ($rows<1)
{ 
echo "Incorrect username/password"; 
}
else 
{ 
echo "Logged in";
$_SESSION['sername'] = $username; 
} 
}
?>

The code for the register.php file is as follows:

<?php 
include("db.php"); 
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
 
{ 

$username = mysql_real_escape_string($_POST['username']); 
$email = mysql_real_escape_string($_POST['email']); 
 
 

$password = md5($_POST['password']); 
 

$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");

If (mysql_num_rows($sql>0)) 

{ 
die ("Username taken."); 
} 
 
 
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.";
 
} 
?>




<html><form action="register.php" method="post">
Username: <input name="username" type="text" />
Password: <input type="password" name="password" />
Email: <input name="email" type="text" />
<input type="submit" value="Submit" />
</form>
</html>

The issue with the registration page is after posting the information to the database it provides this message: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.../register.php on line 17

It does echo back: Account created.

How can I fix this to remove that? (Also, I would like for this page to move to another page that says something like "Account created. Please log in" and generate an automatic e-mail. I know how to set up the auto-responders and all, but is there a way to prompt one through PHP? I am not exactly sure how to move the page forward in PHP. Is that something I should code in HTML onto the submit button? Will the data still post to the DB if I do that?)

The next problem is, although it writes the information to the db when I register, when I attempt to log in with the dummy accounts, it will not. Here is the code I have on the log in page:

<?php
include("db.php"); 
if (isset($_POST['username']) && isset($_POST['password']))
{     
user_login($_POST['username'], $_POST['password']); 
} 
?>

<html>
<form action="login.php" method="post">
Username: <input name="username" type="text" />
Password: <input type="password" name="password" />
<input type="submit" value="Submit" />
</form>
</html>

The only results I get are: Incorrect username/password

I know I am asking a lot, but I would really appreciate any and all help that you can provide me with. Everything I know I have taught myself, and the only programming language I am decently familiar with is ActionScript. Thanks again.

php

2 Contributors
4 Replies
198 Views
7 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by CEVGames

hielo 65 Veteran Poster

13 Years Ago

On line 18 of your FIRST block of code you have: $_SESSION['sername'] = $username; I suspect you meant: $_SESSION['username'] = $username; On line 9 of your FIRST block of code You need to use the values stored in the VARIABLES $email and $password. You incorrectly have a literal string: $sql = mysql_query("SELECT * FROM usersystem WHERE username = '[B]username[/B]' AND password = '[B]password[/B]' LIMIT 1"); You need to prefix those with a dollar sign: $sql = mysql_query("SELECT * FROM usersystem WHERE username = '[B]$username[/B]' AND password = '[B]$password[/B]' LIMIT 1"); The sample problem exists on line 15 of your SECOND block of code.

Also, on line 17 of your SECOND block of code you have to apply the condition check AFTER you have called the function - WRONG: If (mysql_num_rows($sql>0[B])[/B]) CORRECT: If (mysql_num_rows($sql[B])[/B] >0 )

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

CEVGames 0 Light Poster · Answer 1 · 2010-11-19T00:00:31+00:00

Hielo,

Thanks so much. It all worked, EXCEPT, to log in I have to use the encrypted form of the password stored in the database. I'm not sure how to work around this. Do you have any suggestions for this?

Thanks again

Cheryl

hielo 65 Veteran Poster · Answer 2 · 2010-11-19T00:02:58+00:00

Line 8 of your FIRST block of code should be: $password = [B]md5([/B] mysql_real_escape_string($password) [B])[/B];

CEVGames 0 Light Poster · Answer 3 · 2010-11-19T00:05:59+00:00

Thank you so much! You rock! I so appreciate it and the really fast replies! I'm going to mess around and try to figure out some more things we want to do with this site.