Cannot connect to my DB

hoogeebear

Hi,

Im attempting to create a flash welcome screen where the user can log in or sign up. I cannot seem to connect to my database when the user attempts to register. Any help would be greatly appreciated. Here is my code. If you would like to see my flash code just ask and I wil upload(not sure if php people wanna see flash!)

user.php

<?
require_once('conf.inc.php');
require_once('functions.php');
// ---
// register new user
// ---
function register($username,$pass,$email,$question,$answer)
{
   userreg, user_auth;
   $username = trim($username);
   $pass = trim($pass);
   $email = trim($email);
   $question = addslashes(trim($question));
   $answer = addslashes(trim($answer));
   $validEmail = valid_email($email);
   $validName = valid_userName($username);
   $validPass = valid_password($pass);
   if(!$validName) return "error=invalid name";
   if(!$validPass) return "error=invalid password";
   if(!$validEmail) return "error=invalid email";
   $pass = md5(trim($pass));
   // all checks ok
   $query = @mysql_query("INSERT INTO user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
   ."('$username','$pass','$email','$question','$answer')");
   if(!$query)
   {
      return "error=" . mysql_error();
   } else {
      return "user=ok";
   }
}

// ---
// login, check user
// ---
function login($username,$pass)
{
   userreg,user_auth;
   $username = trim($username);
   $pass = md5(trim($pass));
   $query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userPassword = '$pass'");
   return mysql_num_rows($query);
}

// ---
// forget password
// ---
function forget($email)
{
   userreg,user_auth;
   $email = trim($email);
   $query = mysql_query("SELECT userName, userQuestion from user_auth WHERE userMail = '$email'");
   if(mysql_num_rows($query)<1)
   {
      return "error=email not present into database";
   }
   $row = mysql_fetch_array($query);
   return "userName=$row[userName]&userQuestion=" . stripslashes($row['userQuestion']);
}

// ---
// generate new password
// ---
function new_password($username,$email,$answer)
{
   userreg,user_auth;
   $username = trim($username);
   $email = trim($email);
   $answer = addslashes(trim($answer));
   $query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userMail = '$email' AND userAnswer = '$answer'");
   if(mysql_num_rows($query) < 1)
   {
      return "error=wrong answer";
   }
   $rand_string = '';
   // ---
   // generating a random 8 chars lenght password
   // ---
   for($a=0;$a<7;$a++)
   {
      do
      {
         $newrand = chr(rand(0,256));
      } while(!eregi("^[a-z0-9]$",$newrand));
      $rand_string .= $newrand;
   }
   $pwd_to_insert = md5($rand_string);
   $new_query = mysql_query("UPDATE user_auth SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '$email'");
   if(!$new_query)
   {
      return "error=unable to update value";
   }
   return "userName=$username&new_pass=$rand_string";
}

// ---
// decisional switch
// ---
if(isset($HTTP_POST_VARS["action"]))
{
   switch($HTTP_POST_VARS["action"])
   {
      case "register":
         $result = register($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['question'],$HTTP_POST_VARS['answer']);
         print $result;
         break;
      case "login":
         $result = login($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass']);
         print "user=" . $result;
         break;
      case "forget":
         $result = forget($HTTP_POST_VARS['email']);
         print $result;
         break;
      case "new_password":
         $result = new_password($HTTP_POST_VARS['username'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['answer']);
         print $result;
         break;
   }
}
?>
require_once('conf.inc.php');
require_once('functions.php');
// ---
// register new user
// ---
function register($username,$pass,$email,$question,$answer)
{
   userreg, user_auth;
   $username = trim($username);
   $pass = trim($pass);
   $email = trim($email);
   $question = addslashes(trim($question));
   $answer = addslashes(trim($answer));
   $validEmail = valid_email($email);
   $validName = valid_userName($username);
   $validPass = valid_password($pass);
   if(!$validName) return "error=invalid name";
   if(!$validPass) return "error=invalid password";
   if(!$validEmail) return "error=invalid email";
   $pass = md5(trim($pass));
   // all checks ok
   $query = @mysql_query("INSERT INTO user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
   ."('$username','$pass','$email','$question','$answer')");
   if(!$query)
   {
      return "error=" . mysql_error();
   } else {
      return "user=ok";
   }
}

// ---
// login, check user
// ---
function login($username,$pass)
{
   userreg,user_auth;
   $username = trim($username);
   $pass = md5(trim($pass));
   $query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userPassword = '$pass'");
   return mysql_num_rows($query);
}

// ---
// forget password
// ---
function forget($email)
{
   userreg,user_auth;
   $email = trim($email);
   $query = mysql_query("SELECT userName, userQuestion from user_auth WHERE userMail = '$email'");
   if(mysql_num_rows($query)<1)
   {
      return "error=email not present into database";
   }
   $row = mysql_fetch_array($query);
   return "userName=$row[userName]&userQuestion=" . stripslashes($row['userQuestion']);
}

// ---
// generate new password
// ---
function new_password($username,$email,$answer)
{
   userreg,user_auth;
   $username = trim($username);
   $email = trim($email);
   $answer = addslashes(trim($answer));
   $query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userMail = '$email' AND userAnswer = '$answer'");
   if(mysql_num_rows($query) < 1)
   {
      return "error=wrong answer";
   }
   $rand_string = '';
   // ---
   // generating a random 8 chars lenght password
   // ---
   for($a=0;$a<7;$a++)
   {
      do
      {
         $newrand = chr(rand(0,256));
      } while(!eregi("^[a-z0-9]$",$newrand));
      $rand_string .= $newrand;
   }
   $pwd_to_insert = md5($rand_string);
   $new_query = mysql_query("UPDATE user_auth SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '$email'");
   if(!$new_query)
   {
      return "error=unable to update value";
   }
   return "userName=$username&new_pass=$rand_string";
}

// ---
// decisional switch
// ---
if(isset($HTTP_POST_VARS["action"]))
{
   switch($HTTP_POST_VARS["action"])
   {
      case "register":
         $result = register($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['question'],$HTTP_POST_VARS['answer']);
         print $result;
         break;
      case "login":
         $result = login($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass']);
         print "user=" . $result;
         break;
      case "forget":
         $result = forget($HTTP_POST_VARS['email']);
         print $result;
         break;
      case "new_password":
         $result = new_password($HTTP_POST_VARS['username'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['answer']);
         print $result;
         break;
   }
}
?>


function.php
<?
error_reporting(E_ALL);
function valid_email($email)
{
   // check if email is valid
   if( !eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*"
   ."@([a-z0-9]+([\.-][a-z0-9]+))*$",$email, $regs))
   {
      return false;
   } else if( gethostbyname($regs[2]) == $regs[2] )
   {
      // if host is invalid
      return false;
   } else {
      return true;
   }
}

function valid_userName($name)
{
   // check valid input name
   if(!eregi("^[a-z0-9]{8,15}$",$name))
   {
      return false;
   } else {
      return true;
   }
}

function valid_password($pwd)
{
   // check valid password
   if(!eregi("^[a-z0-9]{6,8}$",$pwd))
   {
      return false;
   } else {
      return true;
   }
}
?>

config.inc.php
<?php
   $host = 'localhost';
   $dbuser = '';
   $dbpass = '';
   $dbname = 'userreg';
   $table = 'user_auth';
   $db = @mysql_connect($host,$dbuser,$dbpass) or die("error=could not connect to $host");
   $db = mysql_select_db($userreg);
   if(!$db)
   {
      print "error=could not connect to $dbname table";
      exit;
   }
?>

MOD EDIT: Added

 bbcode tags; please use these in the future.

Joseph07

First of all, $HTTP_POST_VARS is deprecated and you should change to $_POST[].

Secondly, in your config.inc.php, why is it that $dbuser is empty? Should it not be a valid username for you to login to the database? By default, it should be root.

I have not read through every line, but try changing what I have mention and see if it works.

hoogeebear

No luck dude. I even went to phpmyadmin and put a username and password in physically and it tells me invalid username or password. Any other suggestions??

Joseph07

Change this too.

$db = mysql_select_db($userreg);

$db2 = mysql_select_db($dbname, $db);

Could you post the error message you are getting, and also using error reporting on the top of your page.

error_reporting(E_ALL);

hoogeebear

Made them changes also, still not working. Im not getting a syntax error. It just says that an invalid username or password.(thats the error im suppose to get when an invalid username or password is entered.) When I register, it tells me you are now registered, but the info is not going to the db.

Joseph07

First, let's check the connection to the database is made.

if ($db2) {
echo "database connected";
}

Next, check your eregi function of username and password, I'm not that good with this area, but I think preg_match seem to be better.

Next, let's stop the three checks in the meantime and see what happens.

$validEmail = valid_email($email);
$validName = valid_userName($username);
$validPass = valid_password($pass);

Remove the valid_email, valid_userName and valid_password checks.

Lastly, echo out the variables and see if it matches what you have typed in.

hoogeebear

Im really sorry but thats just gone way over my head! an you try and dumb it down a bit?! Where exactly do I make these changes? Sorry for bein a pain in the ass!

Joseph07

Okie. Change the following:

function register($username,$pass,$email,$question,$answer)
{
userreg, user_auth;
$username = trim($username);
$pass = trim($pass);
$email = trim($email);
$question = addslashes(trim($question));
$answer = addslashes(trim($answer));
$validEmail = valid_email($email);
$validName = valid_userName($username);
$validPass = valid_password($pass);
if(!$validName) return "error=invalid name";
if(!$validPass) return "error=invalid password";
if(!$validEmail) return "error=invalid email";
$pass = md5(trim($pass));
// all checks ok
$query = @mysql_query("INSERT INTO user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
."('$username','$pass','$email','$question','$answer')");
if(!$query)
{
return "error=" . mysql_error();
} else {
return "user=ok";
}
}

function register($username,$pass,$email,$question,$answer)
{
// BTW, What's userreg and user_auth meant here?
//userreg, user_auth;
$username = trim($username);
$pass = trim($pass);
$email = trim($email);
$question = addslashes(trim($question));
$answer = addslashes(trim($answer));
//$validEmail = $email;
//$validName = $username;
//$validPass = $pass;
//if(!$validName) return "error=invalid name";
//if(!$validPass) return "error=invalid password";
//if(!$validEmail) return "error=invalid email";
//$pass = md5(trim($pass));
echo $username."<br>".$pass."<br>".$email."<br>".$question."<br>".$answer."<br>";
// all checks ok
$query = @mysql_query("INSERT INTO user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
."('$username','$pass','$email','$question','$answer')");
if(!$query)
{
return "error=" . mysql_error();
} else {
return "user=ok";
}
}

Change config.inc.php FROM

<?php
$host = 'localhost';
$dbuser = '';
$dbpass = '';
$dbname = 'userreg';
$table = 'user_auth';
$db = @mysql_connect($host,$dbuser,$dbpass) or die("error=could not connect to $host");
$db = mysql_select_db($userreg);
if(!$db)
{
print "error=could not connect to $dbname table";
exit;
}
?>

<?php
$host = 'localhost';
$dbuser = ''; // Remember to add in your dbuser
$dbpass = '';
$dbname = 'userreg';
$table = 'user_auth';
$db = @mysql_connect($host,$dbuser,$dbpass) or die("error=could not connect to $host");
$db2 = mysql_select_db($dbname, $db);
if ($db2) {
echo "database connected";
} 
if(!$db2)
{
print "error=could not connect to $dbname table";
}
?>

Let's see what happen. Paste all the variables that is being echoed out and post in your reply.

hoogeebear

I made them changes and SUCCESS!! When the user becomes a memeber, their details are sent to the database. When i go to login however, im getting a message telling that i have entered an invalid username or password. Is this because its not reading from the database? By the way, how do I make my code all neat like u are doing when u post code up? Here is my working code. Any idea why its not accepting my username and password?

conf.inc.php

<?php
$host = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'userreg';
$table = 'user_auth';
$db = @mysql_connect($host,$dbuser,$dbpass) or die("error=could not connect to $host");
$db2 = mysql_select_db($dbname, $db);
if ($db2) {
echo "database connected";
}
if(!$db2)
{
print "error=could not connect to $dbname table";
}
?>

user_auth.php

<?
require_once('conf.inc.php');
require_once('functions.php');
// ---
// register new user
// ---
function register($username,$pass,$email,$question,$answer)
{
$username = trim($username);
$pass = trim($pass);
$email = trim($email);
$question = addslashes(trim($question));
$answer = addslashes(trim($answer));

echo $username." ".$pass." ".$email." ".$question." ".$answer." ";

$query = @("INSERT INTO user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
."('$username','$pass','$email','$question','$answer')");
if(!$query)
{
return "error=" . mysql_error();
} else {
return "user=ok";
}

}

// ---
// login, check user
// ---
function login($username,$pass)
{
$username = trim($username);
$pass = md5(trim($pass));
$query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userPassword = '$pass'");
return mysql_num_rows($query);
}

// ---
// forget password
// ---
function forget($email)
{
$email = trim($email);
$query = mysql_query("SELECT userName, userQuestion from user_auth WHERE userMail = '$email'");
if(mysql_num_rows($query)<1)
{
return "error=email not present into database";
}
$row = mysql_fetch_array($query);
return "userName=$row[userName]&userQuestion=" . stripslashes($row['userQuestion']);
}

// ---
// generate new password
// ---
function new_password($username,$email,$answer)
{
$username = trim($username);
$email = trim($email);
$answer = addslashes(trim($answer));
$query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userMail = '$email' AND userAnswer = '$answer'");
if(mysql_num_rows($query) < 1)
{
return "error=wrong answer";
}
$rand_string = '';
// ---
// generating a random 8 chars lenght password
// ---
for($a=0;$a<7;$a++)
{
do
{
$newrand = chr(rand(0,256));
} while(!eregi("^{[a-z0-9]$",$newrand));}
$rand_string .= $newrand;
}
$pwd_to_insert = md5($rand_string);
$new_query = mysql_query("UPDATE user_auth SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '$email'");
if(!$new_query)
{
return "error=unable to update value";
}
return "userName=$username&new_pass=$rand_string";
}

// ---
// decisional switch
// ---
if(isset($POST["action"]))
{
switch($POST["action"])
{
case "register":
$result = register($POST['username'],$POST['pass'],$POST['email'],$POST['question'],$POST['answer']);
print $result;
break;
case "login":
$result = login($POST['username'],$POST['pass']);
print "user=" . $result;
break;
case "forget":
$result = forget($POST['email']);
print $result;
break;
case "new_password":
$result = new_password($POST['username'],$POST['email'],$_POST['answer']);
print $result;
break;
}
}
?>

bradgrafelman

hoogeebear wrote:
By the way, how do I make my code all neat like u are doing when u post code up?

When posting PHP code, please use the board's [PHP][/PHP] bbcode tags - they make the code much, much easier to read (as well as aiding the diagnosis of syntax errors). You should edit your post now and add these bbcode tags to help others in reading/analyzing your code.

Joseph07

Try this.

// user.php

<?php 

error_reporting(E_ALL);
require_once('conf.inc.php');
require_once('functions.php');
// ---
// register new user
// ---
function register($username,$pass,$email,$question,$answer)
{
userreg, user_auth;
$username = trim($username);
$pass = trim($pass);
$email = trim($email);
$question = addslashes(trim($question));
$answer = addslashes(trim($answer));
$validEmail = valid_email($email);
$validName = valid_userName($username);
$validPass = valid_password($pass);
if(!$validName) return "error=invalid name";
if(!$validPass) return "error=invalid password";
if(!$validEmail) return "error=invalid email";
$pass = md5(trim($pass));
// all checks ok
$query = @mysql_query("INSERT INTO user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
."('$username','$pass','$email','$question','$answer')");
if(!$query)
{
return "error=" . mysql_error();
} else {
return "user=ok";
}
}

// ---
// login, check user
// ---
function login($username,$pass)
{
userreg,user_auth;
$username = trim($username);
$pass = md5(trim($pass));
$query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userPassword = '$pass'");
return mysql_num_rows($query);
}

// ---
// forget password
// ---
function forget($email)
{
userreg,user_auth;
$email = trim($email);
$query = mysql_query("SELECT userName, userQuestion from user_auth WHERE userMail = '$email'");
if(mysql_num_rows($query)<1)
{
return "error=email not present into database";
}
$row = mysql_fetch_array($query);
return "userName=$row[userName]&userQuestion=" . stripslashes($row['userQuestion']);
}

// ---
// generate new password
// ---
function new_password($username,$email,$answer)
{
userreg,user_auth;
$username = trim($username);
$email = trim($email);
$answer = addslashes(trim($answer));
$query = mysql_query("SELECT * FROM user_auth WHERE userName = '$username' AND userMail = '$email' AND userAnswer = '$answer'");
if(mysql_num_rows($query) < 1)
{
return "error=wrong answer";
}
$rand_string = '';
// ---
// generating a random 8 chars lenght password
// ---
for($a=0;$a<7;$a++)
{
do
{
$newrand = chr(rand(0,256));
} while(!eregi("^[a-z0-9]$",$newrand));
$rand_string .= $newrand;
}
$pwd_to_insert = md5($rand_string);
$new_query = mysql_query("UPDATE user_auth SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '$email'");
if(!$new_query)
{
return "error=unable to update value";
}
return "userName=$username&new_pass=$rand_string";
}

// ---
// decisional switch
// ---
if(isset($HTTP_POST_VARS["action"]))
{
switch($HTTP_POST_VARS["action"])
{
case "register":
$result = register($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['question'],$HTTP_POST_VARS['answer']);
print $result;
break;
case "login":
$result = login($HTTP_POST_VARS['username'],$HTTP_POST_VARS['pass']);
print "user=" . $result;
break;
case "forget":
$result = forget($HTTP_POST_VARS['email']);
print $result;
break;
case "new_password":
$result = new_password($HTTP_POST_VARS['username'],$HTTP_POST_VARS['email'],$HTTP_POST_VARS['answer']);
print $result;
break;
}
}
?>

// function.php

<?php

function valid_email($email)
{
$REGE = '/^[a-z0-9\_\.\-]+[\@]+[a-z0-9\-]+[\.]+[a-z0-9\.]{0,10}$/i';
// check if email is valid
if( !preg_match($REGE, $email))
{
return false;
} else if( gethostbyname($regs[2]) == $regs[2] )
{
// if host is invalid
return false;
} else {
return true;
}
}

function valid_userName($name)
{
$REGU = '/^[a-z0-9\_\ ]+$/i';
// check valid input name
if(!preg_match($REGU, $name))
{
return false;
} else {
return true;
}
}

function valid_password($pwd)
{
$REGP = '/^[a-z0-9\_\ ]{6,8}+$/i';
// check valid password
if(!preg_match($REGP, $pwd))
{
return false;
} else {
return true;
}
}
?>

// config.inc.php

<?php
$host = 'localhost';
$dbuser = ''; // Remember to add in your dbuser
$dbpass = '';
$dbname = 'userreg';
$table = 'user_auth';
$db = @mysql_connect($host,$dbuser,$dbpass) or die("error=could not connect to $host");
$db2 = mysql_select_db($dbname, $db);
if ($db2) {
echo "database connected";
}
if(!$db2)
{
print "error=could not connect to $dbname table";
}
?>

I'm not good in preg_match, thus, might need someone else to see for you. Now, try these codes and see what errors comes up.

hoogeebear

I am still getting incorrect username and password. When I enter a new member now the pw field in my database is not the pw i entered but a lot of meaningless numbers? Ive tried to see why this is happening but i cant seem to find out why. It has something to do with the new code you gave as it was working fine b4.

bradgrafelman

The value stored in the database is not the password itself but rather a hash of the password (generated by the [man]md5/man function), since you should never be storing passwords in plain, unencrypted/hashed format.

hoogeebear

Thats so cool! Just shows my limited knowledge of php....Do you think maybe it might have something to do with my flash document? Ive spent the last while looking over ot but cannot seem to find any reasons.

Joseph07

Take a look at what is md5() is all about.

And what is the problem you having now?

hoogeebear

Hi,

Yeah I have looked more into it now and I understand it. After registering a user, it still does not allow me to log in. Any suggestions?

Also, I have copied my files (conf.inc.php, user.php, functions.php) onto another computer. When I run the files they work fine(message :database connected appears) On my new computer, I have setup a database with the exact same information as I have on my laptop(same db name, same table name) However its not reading to the database when insert a new user. On my laptop I am using XAMP, on my new computer I am using WAMP. Could this be the reason? I do not understand why it could be?

Hope all this makes sense....

Joseph07

Where is the form that your user keys in to login?

What is the dbuser and dbpass? Is it the same?

hoogeebear

My login area is just my flash file saved as .html. My dbuser is "root" and I have no password set.

hoogeebear

Here is my code for my flash dude. Sorry I didnt post it earlier....

user_auth

<HTML>
<HEAD>
<meta http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
<TITLE>user_auth</TITLE>
</HEAD>
<BODY bgcolor="#CCCCCC">
<form action = "functions.php" method = "post">
<OBJECT classid="clsid😃27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
WIDTH="550" HEIGHT="400" id="user_auth" ALIGN="">
<PARAM NAME=movie VALUE="user_auth.swf"> <PARAM NAME=menu VALUE=false> <PARAM NAME=quality VALUE=high> <PARAM NAME=devicefont VALUE=true> <PARAM NAME=bgcolor VALUE=#CCCCCC> <EMBED src="user_auth.swf" menu=false quality=high devicefont=true bgcolor=#CCCCCC WIDTH="550" HEIGHT="400" NAME="user_auth" ALIGN=""
TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
</OBJECT>
</BODY>
</HTML>