Hey guys, creating a simple script for registration and login. Managed to get the registration form working and adding users to a simple 4 table database.
Having problems with the login form. I am not sure how to write the code that validates the user and password because every time that I log in with a registered users details or with an unregistered user I get the part of the script that says the login failed.
Any help would be much appreciated
Here is the login and register script:
register form
<?php
//assign the registration form to a variable and display if it has not been submitted
$regform =<<<EOD
<form action="register.php" method="post">
Please enter your username<input type="text" name="username" />
<br />
Please enter your email address<input type="text" name="usermail" />
<br />
Please confirm your email address<input type="text" name="mailconf" />
<br />
Please enter your password<input type="password" name="userpass" />
<br />
Please confirm your password<input type="password" name="passconf" />
<br />
<input type="submit" name="submit" value="submit"/>
</form>
EOD;
if (empty($_POST['submit'])) {
echo $regform;
}
//if the from has been submitted
if(isset($_POST['submit'])){
//assign variables to form data
$username = $_POST['username'];
$usermail = $_POST['usermail'];
$mailconf = $_POST['mailconf'];
$userpass = $_POST['userpass'];
$passconf = $_POST['passconf'];
//validate form input
if($username == false || $userpass == false || $passconf == false || $mailconf == false || $usermail == false) {
echo "Please fill in all fields in the form, Thanks!";
echo "<br />";
echo $regform;
} elseif($usermail != $mailconf || $userpass != $passconf) {
echo "Please enter a matching email address or password";
echo "<br />";
echo $regform;
} else {
//if form data validated connect and insert into database
$connect = mysql_connect("localhost","sexybacklink","testpass")
or die(mysql_error());
mysql_select_db("testsite")
or die(mysql_error());
$register = "INSERT INTO user(username,usermail,userpass)
VALUES('$username',
'$usermail','$userpass')";
$result = mysql_query($register)
or die(mysql_error($register));
echo "Thanks for registering with our site!";
}
}
?>
login form
<?php session_start();?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
//assign the login form to a variable and display if it has not been submitted
$form=<<<EOD
<form action="login.php" method="post">
Username:<input type="text" name="username"/>
<br />
Password:<input type="password" name="password"/>
<br />
<input type="submit" name="submit" value="submit" />
</form>
EOD;
if(empty($_POST['submit']))
echo $form;
//if the form has been sent
elseif (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
//connect and select database
$connect = mysql_connect("localhost","mytestuser","mytestpass")
or die(mysql_error());
mysql_select_db("testsite")
or die(mysql());
//query database to find user details
$login =
"SELECT * " .
"FROM user " .
"WHERE 'username' = '$username' " .
"AND 'userpass' = '$password' " .
"LIMIT 0 , 30";
$results = mysql_query($login)
or die(mysql_error());
$row = mysql_fetch_assoc($results);
//validate user details to login or try again
if ($row == false) {
echo "<p>You have not correctly logged in. Please check your username and
password or <a href=\"register.php\">click here to register</a></p>";
} else {
$_SESSION['username'] = $username;
$_SESSION['authuser'] = 1;
echo "Thanks $username, for logging in";
}
}
?>
</body>