MySql & PHP Register/Login Script HELP

jelvischan

Hello everyone, I have a problem.
I was making 4 files that contain scripts to register and login on my website.

The 4 files were called:
-register.html
-register.php ( backup )
-login.html
-login.php ( backup )

Once I finished creating the files, I executed them in my web browser ( Safari 4.0.2 ).

The register.html and login.html were clean and easy to execute. However, when I executed the other 2 php files, there was an error in each of their syntaxes.

Register.php's error read: Parse error: syntax error, unexpected T_VARIABLE in /Library/WebServer/Documents/register.php on line 16

Login.php's error read: Parse error: syntax error, unexpected T_STRING in /Library/WebServer/Documents/login.php on line 19

I looked through both files numerous amounts of time, but I still can't see the error on the lines specified or the lines around them.

Here are the 2 files. Can someone please point out the error? Notice I used MySql to insert the data into the database:

Register.php

<?PHP

//Database Information

$dbhost = "localhost";
$dbname = "register";
$dbuser = "root";
$dbpass = "[I]my password went here.[/I]";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

****
$name = $_POST['name'];
$email = $_POST['email'];****
$username = $_POST['username'];
$password = md5($_POST['password']);

// lets check to see if the username already exists

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'"); 

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
****echo "I'm sorry but the username you specified has already been taken.**Please pick another one.";
****unset($username);
****include 'register.html';
****exit();
} 

// lf no errors present with the username
// use a query to insert the data into the database.

$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";
****
// mail user their information

$yoursite = ‘http://web.mac.com/jelvischan1’;
$webmaster = ‘Anti’;
$youremail = ‘porsche105@mac.com’;
****
$subject = "You have successfully registered at $yoursite...";
$message = "Dear $name, you are now registered at our web site.**
****To login, simply go to our web page and enter in the following details in the login form:
****Username: $username
****Password: $password
****
****Please print this information out and store it for future reference.
	Continue excelling in the LoD Clan!
****
****Thanks,
****$webmaster";
****
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
****
echo "Your information has been mailed to your email address.";

?>

Login.php

<?php

//Database Information

$dbhost = "localhost";
$dbname = "register";
$dbuser = "root";
$dbpass = "[I]my password went here.[/I]";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);

$query = “select * from users where username=’$username’ and password=’$password’”;

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
****include “login.html”;

} else {
****$_SESSION[‘username’] = “$username”;
****include “memberspage.php”;
}

?>

Thanks guys.
Jelvis

Desbrina

get rid of all the * and it should be ok

if you want stars them comment them out

jelvischan

The stars were put into the code when I posted the topic.
The real script doesn't contain the stars.

That isn't the problem, but thanks.

Please anyone help me with this. It is not solved yet...

seco

<?php

//Database Information

$dbhost = "localhost";
$dbname = "users";
$dbuser = "root";
$dbpass = "";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
?>

<form action="" method="post">
name <br><input name="name" type="text"><br>
email <br><input name="email" type="text"><br>
username <br><input name="username" type="text"><br>
passowrd <br><input name="password" type="password"><br>
<input name="submit" type="submit" value="submit">
</form>

<?php
if(isset($_POST['submit'])){
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);

// lets check to see if the username already exists

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'"); 

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken.Please pick another one.";
unset($username);
exit();
} 

// lf no errors present with the username
// use a query to insert the data into the database.

$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";
}
// mail user their information

$yoursite = "http://web.mac.com/jelvischan1";
$webmaster = "Anti";
$youremail = "porsche105@mac.com";

$subject = "You have successfully registered at $yoursite...";
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $password

Please print this information out and store it for future reference.
	Continue excelling in the LoD Clan!

Thanks,
$webmaster";

mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());

echo "Your information has been mailed to your email address.";

?>

<?php

//Database Information

$dbhost = "localhost";
$dbname = "users";
$dbuser = "root";
$dbpass = "";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
?>

<form action="" method="post">
username <br /><input name="username" type="text"><br>
password <br /><input name="password" type="password"><br>
<input name="submit" type="submit" value="submit">
</form>

<?php

if(isset($_POST['submit'])){

// username and password sent from form
$username=$_POST['username'];
$password=md5($_POST['password']);

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){
// Register $username, $password and redirect to file "memberspage.php"
session_register("username");
session_register("password");
header("location:memberspage.php");
}
else {
echo "Wrong Username or Password";
}
}
?>

jelvischan

Thank you for your code response.
Everything went well, except for 1 rather key thing:

When I register, the Name, Email, Username, and Password are inserted into the database, and I see that.

When I log in given the login details I provided and was sent to my email, I do not get forwarded to memberspage.php, but instead get a white page with this message:

Warning: Cannot modify header information - headers already sent by (output started at /Library/WebServer/Documents/login.php:17) in /Library/WebServer/Documents/login.php on line 40.

The header was that part in the script that said:

if($count==1){ 
// Register $username, $password and redirect to file "memberspage.php" 
session_register("username"); 
session_register("password"); 
header("location:memberspage.php"); 
} 
else { 
echo "Wrong Username or Password"; 
}

Can you please clarify the script and make it so that the browser forwards me to memberspage.php, logged into my account?

Thank you very much.

Bjom

headers already sent

this happens when your script produces any output before the line with the "header".

the code below should work

<?php 

//Database Information 

$dbhost = "localhost"; 
$dbname = "users"; 
$dbuser = "root"; 
$dbpass = ""; 

//Connect to database 

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); 
mysql_select_db($dbname) or die(mysql_error()); 

if(isset($_POST['submit'])){ 

// username and password sent from form 
$username=$_POST['username']; 
$password=md5($_POST['password']); 

// To protect MySQL injection (more detail about MySQL injection) 
$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 

$sql="SELECT * FROM users WHERE username='$username' and password='$password'"; 
$result=mysql_query($sql); 

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 
// If result matched $username and $password, table row must be 1 row 

if($count==1){ 
// Register $username, $password and redirect to file "memberspage.php" 
session_register("username"); 
session_register("password"); 
header("location:memberspage.php"); 
} 
else { 
echo "Wrong Username or Password"; 
} 
} 
?> 

<form action="" method="post"> 
username <br /><input name="username" type="text"><br> 
password <br /><input name="password" type="password"><br> 
<input name="submit" type="submit" value="submit"> 
</form>