Whats wrong with this login and register form??

akacj

Go to this link to look at the page:::

 [url]http://cjnetgearserver.homedns.org/loginindex.php[/url]



   Heres my code for the whole thing::::




        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Web2coders - Login module</title>
<meta http-equiv="content-language" content="en">
<meta name="revisit-after" content="7 days">
<meta name="Author" content="j-r charlier">
<meta name="copyright" content="j-r charlier">
<meta name="robots" content="index,follow">
<?php

// ========================================================================================================
// = DATABASE SET-UP
// ========================================================================================================
// YOU MUST REDEFINE THESE CONSTANTS WITH YOUR OWN VALUES:
define("localhost", "......"); // The name of your host
define("root", "......"); // The user name of your database
define("", ""); // The password for accessing your database
define("dbusers", "......"); // The name of your database
define("TABLE_USERS", "tmpusers"); // The name of the table you want to user for your members
define("chabet12@roadrunner.com", "chabet12@roadruner.com"); // YOUR email!

function db_connect()
{
$link = mysql_connect('localhost', 'root', '') or die ("Error: ".mysql_error());
mysql_select_db('dbusers') or die("Could not select database: ".mysql_error());
return($link);
}
function create_user_table()
{
$link = db_connect();
$cmd0 = "drop table if exists " . TABLE_USERS;
mysql_query($cmd0) or die("Query failed : " . mysql_error());
$cmd1 = "create table ".'dbusers'.".".TABLE_USERS." (
user varchar( 25 ) not null ,
pwd varchar( 25 ) not null ,
lastlog date not null default '0000-00-00',
email varchar( 40 ) not null
) ENGINE = MYISAM";
$txt = $cmd0."<br />".$cmd1."<br />";
mysql_query($cmd1) or die("Query failed : " . mysql_error());
$sql = "alter table ".TABLE_USERS." add index (user)";
mysql_query($sql) or die("Query failed : " . mysql_error());
$txt .= $sql . "<br />Table ".TABLE_USERS." created.<br />";
mysql_close($link);
return($txt);
}
function fill_user_table()
{

}
function show_users()
{
$link = db_connect();
$sql = "select * from ".TABLE_USERS." where 1";
$list = mysql_query($sql);
$txt = "<table align=\"center\" border=\"1\">";

{

}

}
// ========================================================================================================
// = LOGIN FUNCTIONS
// ========================================================================================================
function login_form()
{
$txt = "<form name=\"login\" action=\"loginindex.php\" method=\"post\">";
$txt .= "<table border=\"1\" align=\"center\">";
$txt .= "<tr><td>Username:</td>";
$txt .= "<td><input type=\"text\" name=\"user\"></td></tr>";
$txt .= "<tr><td>Password:</td>";
$txt .= "<td><input type=\"password\" name=\"pwd\"></td></tr>";
$txt .= "<tr><td align=\"center\"><input type=\"submit\" name=\"login\" value=\"LOGIN\"></td>";
$txt .= "<td align=\"center\"><input type=\"submit\" name=\"register\" value=\"REGISTER\"></td>";
$txt .= "</tr></table>";
$txt .= "</form>";
return ($txt);
}
function show_post($POST)
{
$txt = "<table align=\"center\">";
$txt .= "<tr><td>User: ".$POST['user']."</td></tr>";
$txt .= "<tr><td>Pwd: ".$POST['pwd']."</td></tr>";
$txt .= "<tr><td>Login: ".$POST['login']."</td></tr>";
$txt .= "<tr><td>Register: ".$POST['register']."</td></tr>";
$txt .= "</table>";
return ($txt);
}
function login($POST)
{
$user = $POST['user'];
$pwd = $POST['pwd'];
unset($POST);
$link = db_connect();
$sql = "select * from ".TABLE_USERS." where user='".$user."' limit 1";
$list = mysql_query($sql);
if (mysql_error())
return ($txt . " Error: sq: ". $sq . " - " . mysql_error());
$lst = mysql_fetch_array($list);
mysql_free_result($list);
mysql_close($link);
if ($lst['user'] != $user)
return ($txt .= "<p align=\"center\">Unknown User.</p>".login_form());
if ($pwd != $lst['pwd'])
return ($txt .= "<p align=\"center\">Incorrect password.</p>".login_form());
// UPDATE THE DATABASE
$link = db_connect();
$sql = "update ".TABLE_USERS." set lastlog='".date("Y-m-d")."' where user='".$user."' limit 1";
mysql_query($sql);
mysql_close($link);
// SHOW LOG OFF FORM
$txt = logoff_form($user);
return ($txt);
}
function register($POST)
{
if ($POST['user'] != "")
$user = $POST['user'];
if ($POST['pwd'] != "")
$pwd = $POST['pwd'];
$txt = "<form name=\"register\" action=\"loginindex.php\" method=\"post\">";
$txt .= "<table border=\"1\" align=\"center\">";
$txt .= "<tr><td>Username:</td>";
$txt .= "<td><input type=\"text\" name=\"user\" value=\"".$user."\"></td></tr>";
$txt .= "<tr><td>Password:</td>";
$txt .= "<td><input type=\"password\" name=\"pwd\" value=\"".$pwd."\"></td></tr>";
$txt .= "<tr><td>Email:</td>";
$txt .= "<td><input type=\"text\" name=\"email\"></td></tr>";
$txt .= "<tr><td align=\"center\" colspan=\"2\"><input type=\"submit\" name=\"Register\" value=\"Register\"></td>";
$txt .= "</tr></table>";
$txt .= "</form>";
return ($txt);
}
function logoff_form($user)
{
$txt = "<form name=\"logoff\" action=\"loginindex.php\" method=\"post\">";
$txt .= "<table align=\"center\" border=\"1\">";
$txt .= "<tr><td align=center>".$user." on-line</td></tr>";
$txt .= "<tr><td align=\"center\"><input type=\"submit\" name=\"logoff\" value=\"LOGOFF\"></td>";
$txt .= "</table>";
$txt .= "<input type=\"hidden\" name=\"user\" value=\"".$user."\">";
$txt .= "</form>";
return($txt);
}
function logoff($user)
{
$link = db_connect();
$sql = "update ".TABLE_USERS." set lastlog='' where user='".$user."' limit 1";
mysql_query($sql);
mysql_close($link);
return (login_form());
}
function new_user($POST)
{
$user = $POST['user'];
$pwd = $POST['pwd'];
$lastlog = date("Y-m-d");
$email = $POST['email'];
unset($_POST);
$link = db_connect();
$sql = "insert into ".TABLE_USERS." (user,pwd,lastlog,email)
values ('".$user."','".$pwd."','".$lastlog."','".$email."')";
mysql_query($sql);
if (mysql_error())
return ("Error: ".mysql_error());
mysql_close($link);
// SEND A MESSAGE TO YOURSELF
$headers = "To: ".'MY_EMAIL'."\r\n";
$headers .= "From: ".$email."\r\n";
$to = 'MY_EMAIL';
$subject = "New Registrant";
$msg = "NEW User ".$user.".";
mail($to, $subject, $msg, $headers);
// SEND A MESSAGE TO THE NEW USER
$headers = "To: ".$email."\r\n";
$headers .= "From: ".'MY_EMAIL'."\r\n";
$to = $email;
$subject = "Successful registration";
$msg = "You have successfully registered with my site!";
mail($to, $subject, $msg, $headers);
$txt = "<p align=\"center\">You have successfully registered!</p>";
return ($txt);
}
?>

</head>
<body>
<?php
echo ("<div id='page'>");
if (isset($POST['login']) || isset($POST['register'])) // THE FORM HAS BEEN SUBMITTED
{
echo (show_post($POST)); // SHOW WHAT S_POST HAS RECEIVED
if (isset($POST['login'])) // LOGIN BUTTON CLICKED
echo (login($POST)); // DEAL WITH THE LOGIN
else // THE REGISTER BUTTON HAS BEEN CLICKED
echo (register($POST)); // REGISTER A NEW USER
}
else if (isset($POST['logoff']))
{
echo (logoff($POST['user'])); // REMOVE DATE FROM DB, SHOW LOG-IN
unset ($POST);
}
else if (isset($POST['save'])) // REGISTER A NEW USER
{
echo (new_user($_POST));
echo (show_users());
echo (login_form());
}
else
{
echo (create_user_table());
echo (fill_user_table());
echo (show_users());
echo (login_form());
}
echo ("</div>");
?>
</body>
</html>

dagon

and the problem is ?

akacj

when you click the link I posted at the top

it goes to a page and you see this error:::

drop table if exists tmpusers
create table dbusers.tmpusers ( user varchar( 25 ) not null , pwd varchar( 25 ) not null , lastlog date not null default '0000-00-00', email varchar( 40 ) not null ) ENGINE = MYISAM
alter table tmpusers add index (user)
Table tmpusers created.

akacj

and when you click register it goes to the register page and you see this error:::

Notice: Undefined index: login in C:\wamp\www\loginindex.php on line 88
User:

Pwd:

Login:

Register: REGISTER

Notice: Undefined variable: user in C:\wamp\www\loginindex.php on line 128

Notice: Undefined variable: pwd in C:\wamp\www\loginindex.php on line 130

what do i do??

dagon

akacj;10929438 wrote:
what do i do??

since you didn't write it your self, i would seek help from where you got it.

rincewind456

That script is hideous! It has constants defined for the database login function, then doesn't use them as it's hard coded. Basically it's a mess and would take longer to fix than write a new one.

drop table if exists tmpusers
create table test.tmpusers ( user varchar( 25 ) not null , pwd varchar( 25 ) not null , lastlog date not null default '0000-00-00', email varchar( 40 ) not null ) ENGINE = MYISAM
alter table tmpusers add index (user)
Table tmpusers created.

Is not an error message, it's a message returned by a function.

The undefined variables are because the variables haven't been initialised with a value, not an error but a notice and an indication of poor coding practise.

Also the script drops the database table every time a new member registers so at best you'll have one member at a time.

Weedpacket

rincewind456 wrote:
It has constants defined for the database login function, then doesn't use them as it's hard coded.

I think the problem is how they've been edited. Have a look:

define("localhost", "......"); // The name of your host
define("root", "......"); // The user name of your database
define("", ""); // The password for accessing your database
define("dbusers", "......"); // The name of your database
define("TABLE_USERS", "tmpusers"); // The name of the table you want to user for your members
define("chabet12@roadrunner.com", "chabet12@roadruner.com"); // YOUR email!

It looks like the names of the constants have been changed as well as their values (with only one - TABLE_USERS - surviving). A ham-fisted search-and-replace?