Jump to content

User Registration Code

Kezonz

By Kezonz
in PHP Coding Help

 Share

Recommended Posts

Kezonz Newbie

Kezonz

Posted
Posted

This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password:

 

DB.php

 

<?php
session_start();
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE_USER");
function user_login ($username, $password)
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows<=0 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['sername'] = $username;
}
}
?>

Register.php

 

<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

{
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);


//Get MD5 hash of password
$password = md5($_POST['password']);

//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'");
if(mysql_num_rows($sql) > 0)
{
die ("Username taken.");
}


mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.";

}
?>
<form action="register.php" method="post">
Username: <input name="username" type="text" /><br>
Password: <input type="password" name="password" /><br>
Email: <input name="email" type="text" /><br>
<input type="submit" value="Submit" />
</form>

Login.php

 

<?php
include("db.php");
if (isset($_POST['username']) && isset($_POST['password']))
{
user_login($_POST['username'], $_POST['password']);
}
?>
<form action="login.php" method="post">
Username: <input name="username" type="text" /><br>
Password: <input type="password" name="password" /><br>
<button type="submit">Submit</button><br>
</form>

 

Could Anyone Help Please?

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You have to make the same changes in the user_login() function in db.php. I would also change this line in the login function as well.

if ($rows<=0 )

to this

if( $rows != 1 )

 

This is because the result you are expecting from the database is exactly one record. Anything else means no record was returned, thus the username/password is wrong or nonexistent; or more than one record was returned, making the query result ambiguous and therefor invalid.

Link to comment
Share on other sites
Kezonz Newbie

Kezonz

Posted
  • Author
Posted

I Get this Error:

 

Parse error: syntax error, unexpected '(', expecting ')' in /home/kezonz/public_html/test/db.php on line 5

 

Heres My Currently DB.php

 

<?php
session_start();
mysql_connect("localhost", "kezonz_1", "Kieron1993");
mysql_select_db("kezonz_users");
function user_login ($sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1");
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows!=1 )
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['sername'] = $username;
}
}
?>

 

Sorry Guys im Sort of trying to get to know PHP Still new with it

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

This should be better. Don't know yet if it will work, but it doesn't have any parse errors, at least.

 

<?php
session_start();
mysql_connect("localhost", "kezonz_1", "Kieron1993");
mysql_select_db("kezonz_users");
function user_login ($username, $password ) {
   //take the username and prevent SQL injections
   $username = mysql_real_escape_string($username);
   //begin the query
   $query = "SELECT * FROM `usersystem` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
   $sql = mysql_query($query);
   //check to see how many rows were returned
   $rows = mysql_num_rows($sql);
   if ($rows!=1 ) {
      echo "Incorrect username/password";
   } else {
      //have them logged in
      $_SESSION['sername'] = $username;
   }
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.