more registration

andruschak

I made the changes that were suggested but still no luck, whenever i try to execute the login command, i am only presented with the login box again, without formatting, and no user is created. I have tried other scripts with no luck.

HELP i dont really know what to do or what is wrong!!

here is my code

<***************************************
index.php

<form method=post action='user_login.php'>
<table cellspacing=0 cellpadding=0 width=100%>
<tr>
<td class='menu_right_header'>
<b>Login</b>
</td>
</tr>
<tr>
<td class='menu_right'>
<table style='margin-bottom: 0px;'>
<tr>
<td class='form' width='65'>name:</td>
<td class='form'><input name=name_input type=text value='' size=16 maxlength=20>
</td>
</tr>
<tr>
<td class='form' width='65'>password:</td>
<td class='form'><input name=password_input type=password size=16 maxlength=20></td>
</tr>
<tr>
<td colspan=2 class='form'><input name=submit_login type=submit value=login></td>
</tr>
</table>
<br>
:<a href='index.php?user=register'>click here to register</a>:
</td>
</tr>
</table>
</form>

***************************************>

<***************************************
user_login.php

<?php
if (isset ($_POST["submit_login"])) {
include "connect.php";

$query = "SELECT id,password FROM users WHERE name='$name_input'";
$exec = mysql_query($query);
$name_check = mysql_num_rows($exec);

if ($name_check == '1') {
$result = mysql_fetch_array($exec);
$id = $result["id"];
$password_check = $result["password"];

if ($password_check == $password_input) {
  setcookie("loggedin_id", $id, time() + 1512000);
  session_unregister("lastvisit");

  if (isset ($login_http_referer)) {
    $url = $login_http_referer;
    session_unregister("login_http_referer");
  }

  else {
    $url =  $HTTP_REFERER;
  }

  if (isset ($login_name_input)) {
    session_unregister("login_name_input");
  }

  echo "<script>location.href='$url'</script>";
}

else {
  session_start();
  session_register("login_name_input");
  $login_name_input = $name_input;
  session_register("login_http_referer");
  $login_http_referer = $HTTP_REFERER;

  $url = 'index.php?error=2';
  echo "<script>location.href='$url'</script>";
}

}

else {
session_start();
session_register("login_http_referer");
$login_http_referer = $HTTP_REFERER;

$url = 'index.php?error=1';
echo "<script>location.href='$url'</script>";

}
}

else {
if (isset ($login_name_input)) {
$login_name_input = $login_name_input;
session_unregister("login_name_input");
}

else {
$login_name_input = "";
}

echo "<form method=post action='user_login.php'>
<table cellspacing=0 cellpadding=0 width=100%>
<tr>
<td class='menu_right_header'>
<b>Login</b>
</td>
</tr>
<tr>
<td class='menu_right'>
<table style='margin-bottom: 0px;'>
<tr>
<td class='form' width='65'>name:</td>
<td class='form'><input name=name_input type=text value='$login_name_input' size=16 maxlength=20>
</td>
</tr>
<tr>
<td class='form' width='65'>password:</td>
<td class='form'><input name=password_input type=password size=16 maxlength=20></td>
</tr>
<tr>
<td colspan=2 class='form'><input name=submit_login type=submit value=login></td>
</tr>
</table>
<br>
:<a href='index.php?user=register'>click here to register</a>:
</td>
</tr>
</table>
</form>
";
}
?>

***************************************>

<*************************************
connect.php

<?php
mysql_connect ('127.0.0.1','','');
mysql_select_db ('test_db');
?>

sijis

i have a few tips for you.
first off, please use the PHP button so that your code, especially if its long like yours, is formatted, color coded and indented. It makes it much easier to read and see what you are doing.

on your sql query:

$query = "SELECT id,password FROM users WHERE name='$name_input'";

you don't have the field 'name' when you do "SELECT id,password ..."
this means that in that query, the field 'name' isn't being used.
if you put name in the query, like so:

$query = "SELECT id, name, password FROM users WHERE name='$name_input'";

it might fix your problem.

on the same note, you can check username AND password in a single query.
so you can do this also:

$query = "SELECT id, name, password FROM users WHERE name='$name_input' AND password = '$password_input'";

this mysql_num_rows($exec) will return the number of matches for that username AND password combination. otherwise, it will return a 0 (no matches)
this will condense you code and optimize the use of a query (would notice the difference if you have a billion hits a minute 🙂 )
I did the same mistake when i began using databases.

on another tip,
php has a built in function "header()" that allows your to redirect a user to a specified location
so instead of doing something like this:

$url = $HTTP_REFERER; 
echo "<script>location.href='$url'</script>";

you can do this:

$url = $HTTP_REFERER; 
header("Location: $url");
exit(); // make sure nothing is executed past this point.

the problem with your code is if a user has javascript disabled, they won't be redirected, but using php's function, they would always be.

other than that, you logic seems to be good.
hope that helps ya.