login using MySQL and PHP

tissam

I have two problems.
1. I have 2 files registration.php and login.php. these two files having registration and login HTML files and individually links to each other. registration.php is ok i can register username and password in Mysql with MD5 password. but login not successful as per the login.php. both file attached here and kindly provide me with correct codes for login.php
2. After login i need to continue username in every navigating pages. I tried with
echo "Logged in as ".$_SESSION['username']; but not working. please help me on that too.
If you have better coding for Registering and login sessions with correct coding pls send me.

registration.php

<?php
//Database Information

$dbhost = "localhost";
$dbname = "wings";
$dbuser = "user";
$dbpass = "pass";

//Connect to database

mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());

$name = $_POST['name'];
$email = $_POST['email'];    

$username = $_POST['username'];
$password = md5($_POST['password']);
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);

if ($name == "")
{

echo "<p>You forgot to enter the name !!!";
exit;
}
if ($email == "")
{

echo "<p>You forgot to enter the email !!!";
exit;
}
if ($username == "")
{

echo "<p>You forgot to enter the username !!!";
exit;
}

if($username_exist > 0){
    echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
    unset($username);
    include 'registration.html';
    exit();
}
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

?>

Please find login.php

<?php
//$host="localhost"; // Host name
//$username="user"; // Mysql username
//$password="pass"; // Mysql password
$db_name="wings"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("localhost", "user", "pass")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");



// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();

session_register("username");
session_register("password");
//echo "Logged in as ".$_SESSION['username'];
echo "Logged in as ".$_SESSION['username'];
//header("location:http://localhost/tissa/usermanagement/insertmanagement.html");
}
else {

header("Location: http://localhost/tissa/logoutlogin3/relogin.html");
}
?>

Saviola

Few advices:
- separate mysql connection script in one file and include it in begining of each file where you need of it, don't write every time same connection script :
dbconnect.php

//Database Information
$dbhost   = "localhost";
$dbname = "wings";
$dbuser   = "user";
$dbpass   = "pass";

//Connect to database
mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());

require_once('path/dbconnect.php')

For other type of SQL statements, INSERT, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error.
If you want try this :

if ($name == "") {
  echo "<p>You forgot to enter the name !!!";
  exit;
}else if ($email == "") {
  echo "<p>You forgot to enter the email !!!";
  exit;
}else if ($username == "") {
  echo "<p>You forgot to enter the username !!!";
  exit;
}else if($username_exist > 0) {
    echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
    unset($username);
    include 'registration.html';
    exit();
}
$query = "INSERT INTO users (name, email, username, password) VALUES('$name', '$email', '$username', '$password')";
$result = mysql_query($query);
if ( !$result ) {
  die("MySQl error" . mysql_errno() ." - ". mysql_error());
}
mysql_close();
header( "refresh:5;url=index.php" );
echo "You have successfully Registered. <br> You'll be redirected to home page in about 5 secs. If not, click <a href='wherever.php'>here</a>";

in login page, before to check user whether exist in DB, you must do :

......
$username = stripslashes($username);
$password = md5(stripslashes($password));
........

because, when user create account, you get inserted user password, calculate the md5 hash of a string and then insert to table. Therefore when user try to login you have to get inserted password, calculate the md5 hash and then check it:

.......
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = md5($password);

$sql    = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
...............

Use of session_register() is deprecated, use this:
```
//  session_register("username"); - deprecated
$_SESSION['username'] = $username;
```
note: you don't need to register password i session.

NOTE: You should declare your problem in section General Help or Newbies

bradgrafelman

Also note that you should not be using [man]stripslashes/man on incoming data. If you find that single quotes in incoming data has automagically been escaped, then you should instead look into disabling the deprecated magic_quotes_gpc directive.