Script Help

IDontKnow

I'm having some problems with this code. Logging in when already in the database results in my error message ( that you are not in the database or your are not validated yet (this is not so). Also, all the fields from the membership form do not go into the database: gender, zip code, and country are missing.
What's frustrating is that I'm not getting any errors, so I don't know why it's not working.

Thanks in advance for any help. Mada

Database Fields:
userid first_name email_address username password age gender zip_code country signup_date last_login

activated -- 0 = no 1 = yes

Signup Form:
<center><form name="Join_form" method="post" action="register.php">
<table width=600 style="BORDER-RIGHT: #000000 2px solid; BORDER-TOP: #000000 2px solid; BORDER-LEFT: #000000 2px solid; BORDER-BOTTOM: #000000 2px solid">
<tr>
<td colspan=4 bgcolor=000000><font color=white><center>Membership Form</center></font></td>
<tr>
<td width=150>First Name</td>
<td width=150>Email Address</td>
<td width=150>Desired Username</td>
<td width=150>Password</td>
</tr>
<tr>
<td width=150>
<input
name="first_name"
type="text"
id="first_name"
value="<? echo $first_name; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>

<td width=150>
<input
name="email_address"
type="text"
id="email_address"
value="<? echo $email_address; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
<td width=150>
<input
name="username"
type="text"
id="username"
value="<? echo $username; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
<td width=150>
<input
name="password"
type="text"
id="password"
value="<? echo $password; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
</tr>
<tr>
<td colspan=4 height=1 bgcolor=000000></td>
</tr>
<tr>
<td colspan=4 height=1 bgcolor=000000></td>
</tr>
<tr>
<td>Age</td>
<td>Gender</td>
<td>Zip Code/Postal Code</td>
<td>Country</td>
</tr>
<tr>
<td>
<input
name="age"
type="text"
id="age"
value="<? echo $age; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
<td>
<input
name="gender"
type="text"
id="gender"
value="<? echo $gender; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
<td>
<input
name="zip_code"
type="text"
id="zip_code"
value="<? echo $zip_code; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
<td>
<input
name="country"
type="text"
id="country"
value="<? echo $country; ?>"
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
BORDER-LEFT: #000000 1px solid;
COLOR: #000000;
BORDER-BOTTOM: #000000 1px solid;
BACKGROUND-COLOR: #FFFFFF";
WIDTH: 18;
HEIGHT: 20;"

</td>
</tr>
<tr>
<td colspan=4 height=1 bgcolor=000000></td>
</tr>
<tr>
<td colspan=4><center>
<INPUT
type=submit
value=Join Now
style="BORDER-RIGHT: #000000 1px solid;
BORDER-TOP: #000000 1px solid;
FONT-WEIGHT: bold;
FONT-SIZE: 8pt;
BACKGROUND: #000000;
BORDER-LEFT: #000000 1px solid;
WIDTH: 100px;
CURSOR: hand;
COLOR: #FFFFFF;
BORDER-BOTTOM: #000000 1px solid;
HEIGHT: 20px"

</center></td>
</tr>
</table>

</form></center>

include 'db.php';

// Define post fields into simple variables
$first_name = $POST['first_name'];
$email_address = $POST['email_address'];
$password = $POST['password'];
$username = $POST['username'];
$age = $POST['age'];
$gender = $Post['gender'];
$zip_code = $Post['zip_code'];
$country = $Post['country'];

/ Let's strip some slashes in case the user entered
any escaped characters. /

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$age = stripslashes($age);
$gender = stripslashes($gender);
$zip_code = stripslashes($zip_code);
$country = stripslashes($country);

/ Do some error checking on the form posted fields /

if((!$first_name) ||(!$password) ||(!$email_address) || (!$username)){
echo 'You did not submit the following required information! <br />';
if(!$first_name){
echo "First Name is a required field. Please enter it below.<br />";
}
if(!$password){
echo "Password is a required field. Please enter it below.<br />";
}
if(!$email_address){
echo "Email Address is a required field. Please enter it below.<br />";
}
if(!$username){
echo "Desired Username is a required field. Please enter it below.<br />";
}
include 'join_form.html'; // Shows the form again!
/ End the error checking and if everything is ok, we'll move on to
creating the user account /
exit(); // if the error checking has failed, we'll exit the script!
}

/ Let's do some checking and ensure that the user's email address or username
does not exist in the database /

$sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){
echo "Please fix the following errors: <br />";
if($email_check > 0){
echo "<strong>Your email address is already in our database. If you have forgotten your password, please retrieve it here.<br />";
unset($email_address);
}
if($username_check > 0){
echo "We apologize, but the username, <? echo '$username' ?>, is already in use by another member. Please choose a different Username!<br />";
unset($username);
}
include 'join_form.html'; // Show the form again!
exit(); // exit the script so that we do not create this account!
}

/ Everything has passed both error checks that we have done.
It's time to create the account! /

// Enter info into the Database.
$sql = mysql_query("INSERT INTO users (first_name, password, email_address, username, age, gender, zip_code, country, signup_date)
VALUES('$first_name', '$password', '$email_address', '$username','$age','$gender','$zip_code','$country', now())") or die (mysql_error());

if(!$sql){
echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
$userid = mysql_insert_id();
echo 'Thank you for your interest in joining our ranks. Your information will be reviewed and your will receive an email within 24 hours.';

}

?>

Login Form goes to checkuser.php and just has username and password.

Check User:

<?
/ Check User Script /
session_start(); // Start Session

include 'db.php';
// Conver to simple variables
$username = $POST['username'];
$password = $POST['password'];

if((!$username) || (!$password)){
echo "Please enter ALL of the information! <br />";
include 'login_form.html';
exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('first_name');
$SESSION['first_name'] = $first_name;
session_register('username');
$SESSION['username'] = $username;
session_register('password');
$_SESSION['password'] = $username;
mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

	header("Location: login_success.php");
}

} else {
echo "You could not be logged in! Either the username and password do not match or your membership has not been validated.<br />
Please try again!<br />";
include 'login_form.html';
}

?>

stolzyboy

i don't believe you are retreiving the records to check against, you are only using mysql_num_rows with your query you need to use mysql_fetch_array to loop thru the records and check against the username input by the form

IDontKnow

I might be way off here and not looking in the right place, but I thought I used mysql_fetch_array right here...

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}

Is this where I'm doing it wrong? Thanks for your help!

Mada

stolzyboy

yeah i see it now, sorry, but here is how i do it

<?

$conn = mysql_connect("localhost", "username", "password") or die ("Could not connect to database!");
$db = mysql_select_db("intranet") or die ("Could not select database");
if (isset($signin))
{

$query = "select * from tablewhere username='$username' and password=(password('$password'))";
$result = mysql_query($query) or die ("Could not select records");

$isAuth = false;

while($row = mysql_fetch_array($result))
{
	if($row['username'] == $username)
	{
		$isAuth = true;
		$fname = $row['fname'];
	}  
}  

if($isAuth)
{
             do whatever when username is there
             }
            else
{
do whatever when username is not there
}
?>

IDontKnow

I am at work right now, but will try this when I get home. Thanks so much for your time. Mada