Problem with the registration

Brajan

Hi!

I have problem with my registration.

When you hit the submit-button, the username and the password should be saved in the database and at the same time the user should automaticaly be transferd to the guestbook.php.

Everything worked, until I started to use Ajax. I use Ajax to open the information that my links hold, into my divbox.

Now, when I try to register, the text "The username or the password couldn't be found in the database".

My scripts:

index.php

<?php
	session_start();
?>
<html>
<head>
<script language="javascript" type="text/javascript" src="Ajax.js">
</script>
<link href="Stil.css" rel="stylesheet" type="text/css">
<title>
Byans's Gastbok Version 1.0  -  Logga In
</title>
</head>
<body>
<?php
include("conn.php");
if(isset($_POST['submit'])) {

$password = $_POST['password'];
		$salt = "Jk!%wAF63&¤!#";
		$kryptering = sha1($salt.$password);

$query = "SELECT id FROM users
   WHERE user='{$_POST['user']}'
   AND password='{$kryptering}'";

$result = mysql_query($query)
	or die(mysql_error());

	//Finns användarnamnet eller lösenordet i databasen?
	if(mysql_num_rows($result) == 0) {
		echo "Användarnamn eller Lösenord kunde inte hittas i databasen";
		}
		else {
	//Sätt unikt id på användaren
	$_SESSION['user_id'] = mysql_result($result, 0);
	$_SESSION['user_sess'] = $_POST['user'];
	header("Location: Gastbok.php");
	exit;

	}
}
?>
<div id="layout">
<form action="index.php" method="post">

<div id="loginbox">
<p><br>
Användarnamn:<br> <input type="text" name="user">
<br>
Lösenord:<br> <input type="password" name="password">
<br>
<input type="submit" name="submit" value="Logga in">
<p>
<a href="#" onClick="ajax('register.php/index.php?page2','centerbox')">Registrera dig</a>
<p>
<a href="#" onClick="ajax('om_webbsidan.php/index.php?page2','centerbox')">Om webbsidan</a>
<p>
<a href="#">Teknisk Info</a>
</div>

<div id="rightbox">
</div>

<div id="centerbox">
<p>
Lösenordet krypteras i databasen
</div>
<p>
<div id="banner">
<img src="images/Logo.gif">
</div>



</div>




</body>

<?php
session_start();
?>
<html>
<head>
<script language="javascript" type="text/javascript" src="Ajax.js">
</script>
<link href="Stil.css" rel="stylesheet" type="text/css">
<title>
Byans's Gastbok Version 1.0  -  Register
</title>
</head>
<body>
<?php
	if(isset($_POST['submit'])) {
	include("conn.php");

	//Kolla om något utav formulären är tomma
	if(empty($_POST['user']) && empty($_POST['password'])) {
		echo "Något utav fälten är inte korrekt ifyllda";
		}

	//Kolla om användarnamnet är upptage
	$sql = "SELECT COUNT(*) FROM users WHERE user='{$_POST['user']}'";
	$result = mysql_query($sql)
		or die(mysql_error());

	if(mysql_result($result, 0) > 0) {
		echo "Användarnamn redan upptaget";
		}

	else {
		//Inget fel? Lägg då in allt i databasen och skicka användaren till huvudsidan.

		$password = $_POST['password'];
		$salt = "Jk!%wAF63&¤!#";
		$kryptering = sha1($salt.$password);
		$query = "INSERT INTO users(user,password) VALUES
		('{$_POST['user']}','{$kryptering}'); ";

		$result1 = mysql_query($query)
			or die(mysql_error());

		$_SESSION['user_id'] = mysql_insert_id();
		$_SESSION['user_sess'] = $_POST['user'];

			header("Location: Gastbok.php");
			exit;
		}


}
?>
<p>
<form action="register.php" method="post">
Anv&auml;ndarnamn:<br>
<input type="text" name="user">
<br>
L&ouml;senord:<br>
<input type="password" name="password">
<br>
<input type="submit" name="submit" value="Registrera">

</body>
</html>

Gastbok.php

<?php
session_start();
if(!isset($_SESSION['user_id'])) {
	header("Location: index.php");
}

if(isset($_POST['submit'])) {
		include("conn.php");
		$datum = date("Y-m-d H:i:s");

	if(empty($_POST['Namn']) && empty($_POST['text_content'])) {

		echo "Alla fält inte ifyllda";
	}
	else {
		$query = "INSERT INTO posts(Namn,Datum,inlagg) VALUES
		('{$_POST['Namn']}','{$datum}','{$_POST['text_content']}'); ";

		$result = mysql_query($query) 
				or die(mysql_error());

			echo "Postades utan problem";

			}


			}




?>
<html>
<head>
<link href="Stil.css" rel="stylesheet" type="text/css">
<title>
Bryan's Gästbok Version 1.0   -  Welcome
</title>
</head>
<body>
<form action="Gastbok.php" method="post">

Namn: <br><input type="text" name="Namn">
<br>
Skriv: <br><textarea name="text_content"></textarea>
<br>
<input type="submit" name="submit" value="Skicka">
<br>
<a href="loggout.php"> Logga ut </a>
<p>
<?php
	include("conn.php");
	$query1 = "SELECT * FROM posts ORDER BY id DESC";

$result1 = mysql_query($query1)
	or die(mysql_error());

while($row = mysql_fetch_array($result1)) {

	echo "<div class='ram'>";
	echo "Namn: $row[Namn] <p>";
	echo "Datum: $row[Datum]<hr></hr> <p>";
	echo " $row[inlagg] <p>";
	echo "</div>";
	echo "<p>";
	}
	?>

</body>
</html>

Ajax.js

function ajax(url, pageElement) {

  document.getElementById(pageElement).innerHTML = 'Uppdaterar';

  var http;

  try
  {
    http = new XMLHttpRequest(); // Firefox, Opera, Safari
  } catch(e) {

try
{
  http = new ActiveXObject("Msxml2.XMLHTTP"); // Internet Explorer
} catch(e) {

  try
  {
    http = new ActiveXObject("Microsoft.XMLHTTP"); // Internet Explorer
  } catch(e) {
    http = false;
    alert('Your browser dont support AJAX!');
  }

}

  }

  random = parseInt(Math.random()*9999999999);
  modurl = url + '&rand=' + random;

  http.onreadystatechange = function() {responseAjax(pageElement);};
  http.open("GET", modurl, true);
  http.send(null);


  function responseAjax(pageElement) {

if (http.readyState == 4) {

  if (http.status == 200) {

    output = http.responseText;
    document.getElementById(pageElement).innerHTML = output;

  } else {
    alert('Ajax error: ' + http.statusText);
  }

}

  }
}

Sorry for my english

Can somebody help me?

WeAnswer_IT

Why use Ajax to handle logins at all? If you had it working without Ajax, you might as well just keep using it without Ajax.

Ajax is useful to keep your server running smoothly when you have tons of simultaneous traffic. It's not likely that Ajax will help your site, and it may even hurt your site since the few people disabling JavaScript will be shut out.

One thing you are doing wrong is this:

<?php

// wrong
echo "Namn: $row[Namn] <p>";

/* This is acceptable
   See how I put single quotes around Namn?
   Also, see how I put brackets around the variable? */
echo "Namn: {$row['Namn']} <p>";

/* This is the best way.
   Variables should be taken out of strings, when possible. */
echo "Namn: " . $row['Namn'] . "<p>";

?>

As for actually helping you, is there any way you could re-post your code translated into English? I'm bad at debugging in other languages 🙂

Brajan

Okey, thank you.

But why should I have brackets around the variable?

I use Ajax to open the information that my links is holding, into my divbox.

Thank you for your answer 🙂

bradgrafelman

// wrong
echo "Namn: $row[Namn] <p>";

Note that there is nothing semantically wrong with that code.

As mentioned, it's a bit hard to understand what's happening when the error messages aren't in English, but is "Användarnamn redan upptaget" the message that you're constantly receiving when trying to register a new user account?

Also, user-supplied data should never be placed directly into SQL queries. Instead, it should first be sanitized with a function such as [man]mysql_real_escape_string/man to prevent SQL injections.

Brajan

Sorry.

No, I'll get the message "Användarnamn eller Lösenord kunde inte hittas i databasen" when i'm trying to register. You can find it in the index.php.

Användarnamn redan upptaget = The username is already taken

Användarnamn eller Lösenord kunde inte hittas i databasen = The username or the password couldn't be found in the database

I know that I should use mysql_real_escape_string() 🙂

Thank you for your answer 🙂

Brajan

Can someone help me? 🙂