Kezonz Posted September 24, 2010 Share Posted September 24, 2010 This Works But for Some reason when you Register an Account and try to login it says "Incorrect Username/Password" It is also Allowing Multiple Accounts to be Created Under the Same Username and Password: DB.php <?php session_start(); mysql_connect("localhost", "USERNAME", "PASSWORD"); mysql_select_db("DATABASE_USER"); function user_login ($username, $password) { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows<=0 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Register.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) { //Prevent SQL injections $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); //Get MD5 hash of password $password = md5($_POST['password']); //Check to see if username exists $sql = mysql_query("SELECT username FROM usersystem WHERE username = 'username'"); if(mysql_num_rows($sql) > 0) { die ("Username taken."); } mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created."; } ?> <form action="register.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> Email: <input name="email" type="text" /><br> <input type="submit" value="Submit" /> </form> Login.php <?php include("db.php"); if (isset($_POST['username']) && isset($_POST['password'])) { user_login($_POST['username'], $_POST['password']); } ?> <form action="login.php" method="post"> Username: <input name="username" type="text" /><br> Password: <input type="password" name="password" /><br> <button type="submit">Submit</button><br> </form> Could Anyone Help Please? Quote Link to comment Share on other sites More sharing options...
ShibSta Posted September 24, 2010 Share Posted September 24, 2010 Your query within' user_login is trying to match two strings instead of the value of your variables. Try: $sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); Quote Link to comment Share on other sites More sharing options...
Kezonz Posted September 24, 2010 Author Share Posted September 24, 2010 Edit: That Works for Not Allowing More than 1 Of the Same Account Being Created However it Still Won't Allow Logins. Quote Link to comment Share on other sites More sharing options...
ShibSta Posted September 24, 2010 Share Posted September 24, 2010 I think you're confused, that code should have been placed in DB.php within the user_login() function. In Register.php, you can use: $sql = mysql_query("SELECT `username` FROM `usersystem` WHERE `username` = '".$username."'"); Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 You have to make the same changes in the user_login() function in db.php. I would also change this line in the login function as well. if ($rows<=0 ) to this if( $rows != 1 ) This is because the result you are expecting from the database is exactly one record. Anything else means no record was returned, thus the username/password is wrong or nonexistent; or more than one record was returned, making the query result ambiguous and therefor invalid. Quote Link to comment Share on other sites More sharing options...
Kezonz Posted September 24, 2010 Author Share Posted September 24, 2010 I Get this Error: Parse error: syntax error, unexpected '(', expecting ')' in /home/kezonz/public_html/test/db.php on line 5 Heres My Currently DB.php <?php session_start(); mysql_connect("localhost", "kezonz_1", "Kieron1993"); mysql_select_db("kezonz_users"); function user_login ($sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $sql = mysql_query("SELECT * FROM usersystem WHERE username = 'username' AND password = 'password' LIMIT 1"); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows!=1 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Sorry Guys im Sort of trying to get to know PHP Still new with it Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 This should be better. Don't know yet if it will work, but it doesn't have any parse errors, at least. <?php session_start(); mysql_connect("localhost", "kezonz_1", "Kieron1993"); mysql_select_db("kezonz_users"); function user_login ($username, $password ) { //take the username and prevent SQL injections $username = mysql_real_escape_string($username); //begin the query $query = "SELECT * FROM `usersystem` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1"; $sql = mysql_query($query); //check to see how many rows were returned $rows = mysql_num_rows($sql); if ($rows!=1 ) { echo "Incorrect username/password"; } else { //have them logged in $_SESSION['sername'] = $username; } } ?> Quote Link to comment Share on other sites More sharing options...
Kezonz Posted September 24, 2010 Author Share Posted September 24, 2010 Well Everything is Now Working Fine but theres still a problem with the Login, If you attempt to login it says Incorrect Information. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 24, 2010 Share Posted September 24, 2010 Did you remove any duplicate database entries that may have gotten created? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.