Why isnt this also working!!

grahamcracker

Hello everyone,

I am trying to make my login script and have tried two different alternatives.

<html>
<head>
  <title>HomePage</title>
  <style type="text/css">
h1
{
font-family=Times;
font-size:50;
font-weight:bolder;
text-align:center; 
padding:5px 0 5px 30px; 
margin-bottom:19px; 
font-size:2em; 
color:#fff;
}

ul
{
list-style-type:none;
margin:0;
padding:0;
overflow:hidden;
}
li
{
float:left;
}
a:link,a:visited
{
display:inline;
width:250px;
font-weight:bold;
color:#FFFFFF;
background-color:003366;
text-align:center;
padding:6px;
font-style:italic;
text-decoration:none;
}
a:hover,a:active
{
background-color:#7A991A;
}
h2
{
text-align:center; color:#ff9841; font-weight:bold;
}
div
{
color:#FFFFFF;
font-family=Times>;
font-size:15;
}
#header
{
height:175px; padding:5px 0; margin-bottom:15px;background-color:black;
}
#footer
{
height:80px; padding:5px 0; margin-bottom:15px;background-color:black;
}  

</style>
<body bgcolor="gray" text="#FFFFFF" link="#0000FF" vlink="#800080" alink="#FF0000" background="Blue.jpg">
<div id="header">
<h1>Stock-Dissect</h1>
<ul>
<li><a href="Aboutus.html">About Us</a></li>
<li><a href="#news">What's this all about?</a></li>
<li><a href="#contact">Features</a></li>
<li><a href="#jkf">Register</a></li>
</ul>
</div>

<?php
mysql_connect("localhost", "root", "root") or die(mysql_error());
mysql_select_db("myDb") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
header("Location: HomePage.php");
}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) 
{

// makes sure they filled it in
if(!$_POST['Enterhere'] || !$_POST['password']) 
{
die('You did not fill in a required field.');
}
// checks it against the database
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['Enterhere']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) 
{
die('Sorry wrong username entered. Click here to register -> <a href=Register.php>Register Now</a>');
}
while($info = mysql_fetch_array( $check ))
{
//gives error if the password is wrong
if ($_POST['password'] != $info['Password']) 
{
die('Incorrect password, please try again.');
}

else
{

// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['Enterhere'], $hour);
setcookie(Key_my_site, $_POST['password'], $hour);

//then redirect them to the members area
header("Location: CompanyPage.php");
}
}
}
else if(!isset($_POST['submit']))
{

// if they are not logged in

echo "Please try again";
?>
<fieldset>
<legend style="color:#FFFFFF" style=font-weight:"bold">
Log in:
</legend>
    <form action="checklogin.php" method="post">
Username: <input type="text" name="Enterhere " /><br/><br/>
Password: <input type="password" name="Password" /><br/><br/>
<input type="Submit" value="Submit" />
</form>
</fieldset></br></br></br>
<?php
}

?>

<div id="footer">
<p>Footer *****</p>
</div>

</body>
</html>

SECOND ONE.

<html>
<head>
  <title>HomePage</title>
  <style type="text/css">
h1
{
font-family=Times;
font-size:50;
font-weight:bolder;
text-align:center; 
padding:5px 0 5px 30px; 
margin-bottom:19px; 
font-size:2em; 
color:#fff;
}

ul
{
list-style-type:none;
margin:0;
padding:0;
overflow:hidden;
}
li
{
float:left;
}
a:link,a:visited
{
display:inline;
width:250px;
font-weight:bold;
color:#FFFFFF;
background-color:003366;
text-align:center;
padding:6px;
font-style:italic;
text-decoration:none;
}
a:hover,a:active
{
background-color:#7A991A;
}
h2
{
text-align:center; color:#ff9841; font-weight:bold;
}
div
{
color:#FFFFFF;
font-family=Times>;
font-size:15;
}
#header
{
height:175px; padding:5px 0; margin-bottom:15px;background-color:black;
}
#footer
{
height:80px; padding:5px 0; margin-bottom:15px;background-color:black;
}  

</style>
<body bgcolor="gray" text="#FFFFFF" link="#0000FF" vlink="#800080" alink="#FF0000" background="Blue.jpg">
<div id="header">
<h1>Stock-Dissect</h1>
<ul>
<li><a href="Aboutus.html">About Us</a></li>
<li><a href="#news">What's this all about?</a></li>
<li><a href="#contact">Features</a></li>
<li><a href="#jkf">Register</a></li>
</ul>
</div>

<?php
mysql_connect("localhost", "root", "root") or die(mysql_error());
mysql_select_db("myDb") or die(mysql_error());


$myusername=$_POST['Enterhere'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE UserName='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "loginsuccess.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

<div id="footer">
<p>Footer *****</p>
</div>

</body>
</html>

-------------------------------------------------------------------------------------------------------

BOTH OF THESE GO STRAIGHT TO THE ELSE STATEMENT, AND DISPLAY WRONG USERNAME AND PASSWORD OR DISPLAY THE FORM. PLEASE HELP

grahamcracker

btw Enterhere is the name for my username field

djjjozsi

No, you current username field in the form is: "Enterhere " with a whitespace...

In your second code snipet, where did you star session?

First rule, do not generate output before header() function.

The form check should placed before your HTML heads,
and save the errors into a variable, and if it has set, echo as an embedded content before your html form.

mysql_error() after your queries?

Plus:

// Register $myusername, $mypassword and redirect to file "loginsuccess.php"
session_register

If you're using session_register , You're using a DEPRECATED function.
Use the $_SESSION array to save states instead .

NogDog

Welcome to the forums, grahamcracker. In future posts, please make use of this forum's [noparse]

...

[/noparse] BBCode tags around your code samples, as it makes them much easier to read. (I have edited your post accordingly.)

I'd also suggest that you get in the practice of indenting your code to help keep track of blocks of code within loops, if/else conditions, etc. as this makes it much easier for us to follow (and for you to keep track of your logic). There are many free editors/IDEs out there that can help with the automating of the indenting. (Or maybe you did indent it but it was lost somehow in the cutting and pasting?)

grahamcracker

thank you

grahamcracker

Reg form

<h2 class="title">Registration Form</h2>
<div class="entry">
<p>Please fill in all the fields in order for the registration to be successful.</p>
<fieldset>
<form action="reginsert.php" method="post">
Company Name: <input type="text" name="Enterhere" /><br/><br/>
Industry: <input type="text" name="Industry" /><br/><br/>
Store these many records(price varies):
<input type="radio" name="small" value="0-100"> 0-100</br>
<input type="radio" name="medium" value="100-500">100-500</br>
<input type="radio" name="large" value="500" checked="checked">500 Above</br></br>
Telephone ((country code) (number)):<input type="text" name="Telephone" /><br/><br/>
Fax ((country code) (number)):<input type="text" name="Fax" /><br/><br/>
Postcode: <input type="text" name="Postcode" /><br/><br/>
Address: <input type="text" name="Address" /><br/><br/>
Username: <input type="text" name="username" /><br/><br/>
Password: <input type="password" name="password" /><br/><br/>
Confirm Password:<input type="password" name="confirmpassword" /><br/><br/>
<input type="Submit" name="register" value="Register" />
</fieldset>
</form>
</div>

Reg checking form

div id="page">
<div id="content">
<div class="post">
<h2 class="title">Registration Form</h2>
<div class="entry">
<?php
$con = mysql_connect("localhost","root","root");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("myDb", $con) or die(mysql_error());

if(isset($_POST["register"]))
{
  if(!$_POST["Enterhere"] || !$_POST['Industry'] || !$_POST['Telephone'] || !$_POST['Fax'] || !$_POST['PostCode'] || !$_POST['Address'] || !$_POST['username'] || !$_POST['password'] || !$_POST['confirmpassword'] ) 
{
die('You did not complete all of the required fields, Please try to register again.');
}

$usercheck = $_POST['Enterhere'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) 
{
die('Sorry, the username '.$_POST['Enterhere'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['password'] != $_POST['confirmpassword']) {
die('Your passwords did not match. ');
}

// now we insert it into the database
$add="INSERT INTO CompanyAddress (Telephone, Fax, PostCode, Address)
VALUES
('$_POST[Telephone]','$_POST[Fax]','$_POST[Postcode]','$_POST[Address]')";
$add_address = mysql_query($add); 

$comp="INSERT INTO Company (Name, Industry, NOFrecords)
VALUES
('$_POST[Enterhere]','$_POST[Industry]','$_POST[records]')";
$add_company = mysql_query($comp);

$insert = "INSERT INTO users (username, password)
VALUES ('".$_POST['username']."', '".$_POST['password']."')";
$add_member = mysql_query($insert);
echo "You have been succesfully registered! Please go back to home page to log in.";

?>

<?php
}
else
{
?>

<p>Please fill in all the fields in order for the registration to be successful.</p>
<fieldset>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Company Name: <input type="text" name="Enterhere" /><br/><br/>
Industry: <input type="text" name="Industry" /><br/><br/>
Store these many records(price varies):
<input type="radio" name="small" value="0-100"> 0-100</br>
<input type="radio" name="medium" value="100-500">100-500</br>
<input type="radio" name="large" value="500" checked="checked">500 Above</br></br>
Telephone ((country code) (number)):<input type="text" name="Telephone" /><br/><br/>
Fax ((country code) (number)):<input type="text" name="Fax" /><br/><br/>
Postcode: <input type="text" name="Postcode" /><br/><br/>
Address: <input type="text" name="Address" /><br/><br/>
Username: <input type="text" name="username" /><br/><br/>
Password: <input type="password" name="password" /><br/><br/>
Confirm Password:<input type="password" name="confirmpassword" /><br/><br/>
<input type="Submit" name="register" value="Register" />
</fieldset>
</form>
</div>
</div>
</div>

<?php
}
?>

The problem is in the first if statement, also if all are filled in it still displays the error, you have not filled in the required fields...........
it doesnt go beyond that.

grahamcracker

yes it loses indenting in the copy pasting, ill do that next time thank you nogdog

djjjozsi

this forum has a PHP bb tag. you should use it...

grahamcracker

div id="page">
<div id="content">
<div class="post">
<h2 class="title">Registration Form</h2>
<div class="entry">
<?php
$con = mysql_connect("localhost","root","root");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("myDb", $con) or die(mysql_error());

if(isset($_POST["register"]))
{
  if(!$_POST["Enterhere"] || !$_POST['Industry'] || !$_POST['Telephone'] || !$_POST['Fax'] || !$_POST['PostCode'] || !$_POST['Address'] || !$_POST['username'] || !$_POST['password'] || !$_POST['confirmpassword'] ) 
{
die('You did not complete all of the required fields, Please try to register again.');
}

$usercheck = $_POST['Enterhere'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) 
{
die('Sorry, the username '.$_POST['Enterhere'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['password'] != $_POST['confirmpassword']) {
die('Your passwords did not match. ');
}

// now we insert it into the database
$add="INSERT INTO CompanyAddress (Telephone, Fax, PostCode, Address)
VALUES
('$_POST[Telephone]','$_POST[Fax]','$_POST[Postcode]','$_POST[Address]')";
$add_address = mysql_query($add); 

$comp="INSERT INTO Company (Name, Industry, NOFrecords)
VALUES
('$_POST[Enterhere]','$_POST[Industry]','$_POST[records]')";
$add_company = mysql_query($comp);

$insert = "INSERT INTO users (username, password)
VALUES ('".$_POST['username']."', '".$_POST['password']."')";
$add_member = mysql_query($insert);
echo "You have been succesfully registered! Please go back to home page to log in.";

?>

<?php
}
else
{
?>

<p>Please fill in all the fields in order for the registration to be successful.</p>
<fieldset>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Company Name: <input type="text" name="Enterhere" /><br/><br/>
Industry: <input type="text" name="Industry" /><br/><br/>
Store these many records(price varies):
<input type="radio" name="small" value="0-100"> 0-100</br>
<input type="radio" name="medium" value="100-500">100-500</br>
<input type="radio" name="large" value="500" checked="checked">500 Above</br></br>
Telephone ((country code) (number)):<input type="text" name="Telephone" /><br/><br/>
Fax ((country code) (number)):<input type="text" name="Fax" /><br/><br/>
Postcode: <input type="text" name="Postcode" /><br/><br/>
Address: <input type="text" name="Address" /><br/><br/>
Username: <input type="text" name="username" /><br/><br/>
Password: <input type="password" name="password" /><br/><br/>
Confirm Password:<input type="password" name="confirmpassword" /><br/><br/>
<input type="Submit" name="register" value="Register" />
</fieldset>
</form>
</div>
</div>
</div>

<?php
}
?>

djjjozsi

PostCode is undefined in your $_POST check...

While you cannot write without errors, try to use lower-case in all your codes.

grahamcracker

// now we insert it into the database
$comp="INSERT INTO Company (Name, Industry, NOFrecords)
VALUES
('$_POST[Enterhere]','$_POST[Industry]','$_POST[records]')";
$add_company = mysql_query($comp);

//echo $_POST[Telephone].$_POST[Fax].$_POST[Postcode].$_POST[Address];
$add="INSERT INTO CompanyAddress (Telephone, Fax, PostCode, Address, QA_ID)
VALUES
('$_POST[Telephone]','$_POST[Fax]','$_POST[Postcode]','$_POST[Address]', NULL)";
$add_address = mysql_query($add); 

$insert = "INSERT INTO users (UserName, Password)
VALUES
('$_POST[username]','$_POST[password]')";
$add_member = mysql_query($insert);
echo "You have been succesfully registered! Please go back to home page to log in.";

halojoy

As already told, it may be PostCode is your problem now.
As this is a variable used in second INSERT

<input type="text" name="Postcode" /><br/><br/>

Note:
$POST['PostCode'] is not the same variable as $POST['Postcode']
Postcode
PostCode
PHP variable names are case sensitive

grahamcracker

I have changed the names to Postcode,
the only thing i havnt changed is the $add="INSERT INTO CompanyAddress (Telephone, Fax, PostCode, Address, QA_ID)
but still no success

Pikachu2000

Start by going through everything and changing all the cases to lower case for every variable, table name, field name, etc. If you need to separate words for clarity, use the underscore instead. it will make your life a lot easier.

Then you should put some echo/print_r statements in your code so you can see what variables or arrays don't contain the values you think they should.

Once you get that done and working properly, you need to make sure you sanitize the POST data before inserting it into the database. You should never, ever, ever allow user-entered data to go directly into a database query.

bradgrafelman

There's no need to change the case on all of your variables, as long as you're consistent.

You need to check if [man]mysql_query/man is returning FALSE, indicating a SQL error. If it is, output the SQL error - [man]mysql_error/man.

Pikachu2000

bradgrafelman;10944357 wrote:
There's no need to change the case on all of your variables, as long as you're consistent.

The variables and form field names aren't anywhere near consistent, that's why I suggested it . . . 🙂

bradgrafelman

Unless I missed something, there aren't any inconsistencies.. not sure where halojoy saw $POST['PostCode'], because all of the $POST references look right to me.

EDIT: Oh, nevermind, now I see it - it was in the if() statement. Still, that's only one typo...

Pikachu2000

Oh, I was talking more about the inconsistencies from one variable to the other like FirstName then Enterhere, POST['Industry'], POST['records'], etc. He'd be better off to use one naming convention and sticking with it, like all variables in all lower case, all functions in all upper case, separating with underscores, and so on. I just find it easier in general to spot errors and typos if I do it that way.