Can't get the register page to work can someone look at code and help?

donsnider

dbConfig.php<?

// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "dbUsers";
$pass = "5380ds";
$db = "mysqladmin";

// This part sets up the connection to the
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}

// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>

register.php<?php

// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
include ("dbConfig.php");

//Input vaildation and the dbase code
if ( $GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}

// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO dbUsers (username,password,email) "
."VALUES ('".$POST["username"]."', "
."PASSWORD('".$POST["password"]."'), "
. "'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);

// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if

//The thank you page
elseif ( $_GET["op"] == "thanks" )
{
echo "<h2>Thanks for registering!</h2>";
}

//The web form for input ability
else
{
echo "<form action=\"?op=reg\" method=\"POST\">\n";
echo "Username: <input name=\"username\" MAXLENGTH=\"16\"><br />\n";
echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n";
echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";
echo "<input type=\"submit\">\n";
echo "</form>\n";
}
// EOF
?>

login.php

<?php
session_start();
// dBase file
include "dbConfig.php";

if ($GET["op"] == "login")
{
if (!$POST["username"] || !$_POST["password"])
{
die("You need to provide a username and password.");
}

// Create query
$q = "SELECT * FROM dbUsers "
."WHERE username='".$POST["username"]."' "
."AND password=PASSWORD('".$POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = mysql_fetch_object($r) )
{
// Login good, create session variables
$SESSION["valid_id"] = $obj->id;
$SESSION["valid_user"] = $POST["username"];
$SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>

member.php

?php
session_start();

if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: login.php");
}

// Member only content
// ...
// ...
// ...

// Display Member information
echo "<p>User ID: " . $SESSION["valid_id"];
echo "<p>Username: " . $SESSION["valid_user"];
echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);

// Display logout link
echo "<p><a href=\"logout.php\">Click here to logout!</a></p>";
?>

logout.php

<?php
session_start();
session_unset();

session_destroy();
// Logged out, return home.
Header("Location: index.php");
?>

dagon

care to expand? or are we expected to guess?

donsnider

It gives me a error messge on the register.php page that says.(Error: User not added to database.)
But if you go in mysql database the person is there.
It gives me a error messge on the login.php page that says.(Sorry, could not log you in. Wrong login information.)

Confused???

jamesjohnson88

Try removing the '!' from the mysql_insert_id() in your register.php ?
Does it still log you in, or not? $obj doesn't appear to have a value prior to it's use in the IF statement.

donsnider

No it will not let me login.
What value should I give the $obj? or how should the code read?
Thanks for your help.

jamesjohnson88

In regards to $obj, really, you should be able to tell me what value it has, it's your code, lol. Or are using a template?

Looks to me like you're wanting to check the user and pass against the database value, the code you have atm, isn't doing that.

Here is the code I use -

<?php
// Session?
session_start();
//Connect & select.
$con = mysql_connect("localhost","_____","____");
if (!$con)
{
	die('Could not connect: ' . mysql_error());
}

mysql_select_db("itsjame1_TWTSE", $con);

$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database here
$username = mysql_real_escape_string($username);
$query = "SELECT Password, Salt
        FROM Users
        WHERE Username = '$username';";
$result = mysql_query($query);

$userData = mysql_fetch_array($result, MYSQL_ASSOC);
//$hash = hash('sha256', $password); //debug
$newHash = hash('sha256', $salt . $hash); // Working Hash...
//$newHash2 = hash('sha256', $salt . 'test');//debug

if(mysql_num_rows($result) < 1) //no such user exists
{
    echo "No such user exists! Please try again...</br></br>";
    include_once('login.php');
}
else if($newHash != $userData['Password']) //incorrect password
{
    echo "Incorrect password. Please try again...</br></br>";
    include_once('login.php');
}
//login successful
else
{
	if($_SESSION['uid'] = 1)
	{
		session_destroy();
		session_start();
		$_SESSION['uid'] = $username;
		$_SESSION['pwd'] = $newHash;
		header('Location: index.php') ;
	}
}
mysql_close();
?>