Minecraft_iPod;11001257 wrote:

How do I turn on display_errors and error_reporting?

The manual page [man]configuration.changes[/man] lists the various ways to alter PHP directives.

Minecraft_iPod;11001257 wrote:

Also, does this code work?

I don't know... you tell us. 🙂

Note I do see one thing that doesn't make much sense:

$strSQL = "INSERT INTO Members(firstname, username, password) values('" . $_POST["firstname"] . "', '" . $_POST["username"] . "', '" . $_POST["password"] . "')";

//Check to see if the values firstname, username and password are empty
if (empty($strSQL)){

Two things wrong with that if() statement:

  1. It doesn't do what the code comment is saying it's doing.

  2. It doesn't do anything useful since the 'else' branch will never be executed; why would $strSQL be empty when it was just defined (with a non-empty value) in the previous statement?

Minecraft_iPod;11001258 wrote:

Also, are these properly named?

That depends what you mean by "properly," I suppose. You can name them whatever you want - it's your form, after all. However, none of the names you've given the three text fields match the names you're using in the PHP code, so unless you updated the code as well then you're still going to have problems.

    Okay, I totally remade the login system with a different tutorial. Almost everything works, except when I try to login with the information I have added to MyPHPAdmin, it comes up with my message, "Wrong Username or Password".

    Here's the code:

    <html>
	<head>
		<title> Lego Comic </title>
	</head>

<body>
	<center>
	<h1> Lego Comic </h1>
	<h2> Login below! </h2>
	<h3> To become a member, click <a href="register.php" title="Become a Member!"> HERE! </a> </h3>
<?php
session_start();
// dBase file
include "dbconfig.php";

if ($_GET["op"] == "login")
 {
 if (!$_POST["username"] || !$_POST["password"])
 	{
 	die("You need to provide a username and password.");
 	}

 // Create query
 $q = "SELECT * FROM `Members` "
 	."WHERE `username`='".$_POST["username"]."' "
 	."AND `password`=PASSWORD('".$_POST["password"]."') "
 	."LIMIT 1";
 // Run query
 $r = mysql_query($q);

 if ( $obj = @mysql_fetch_object($r) )
 	{
 	// Login valid, create session variables
 	$_SESSION["valid_id"] = $obj->id;
 	$_SESSION["valid_user"] = $_POST["username"];
 	$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: mainsite.php");
}
 else
 	{
 	// Login not successful
 	die("Incorrect Username or Password. Press the back button on your browser to try again.");
 	}
 }
else
 {
//If all went right the Web form appears and users can log in
 echo "<form action=\"?op=login\" method=\"POST\">";
 echo "Username: <input name=\"username\" size=\"15\"><br />";
 echo "Password: <input type=\"password\" name=\"password\" size=\"15\"><br />";
 echo "<input type=\"submit\" value=\"Login\">";
 echo "</form>";
 }
?>

	</center>
</body>
</html>

    Can you see any problems?

    Thanks! 😃

      Did you store your password in plain text in mysql? Because the select query is looking for a string that has gone through the PASSWORD() function.

        By plain text, do you mean not encoded? If that's what you mean, the password is encoded.

          I just checked, and on the registration page, the password is put into a PASSWORD() function.

            Try using phpMyAdmin to execute a query like:

            SELECT PASSWORD('your password here')

            to see what the password you're entering looks like when it's encoded by that function, and then manually SELECT the relevant row in your Members table. That would be one easy way to verify that the two values match (and, if they don't, you might be able to deduce why based on how the two values differ).

              Would I write the SELECT PASSWORD like this?

              
<?php
include "dbconfig.php";

$m = "SELECT * FROM Members WHERE password = 'nepean99'";
$n = mysql_query($m);

echo $n;

?>

                No, because the password column shouldn't contain 'nepean99' if you're using the PASSWORD() function. If you do see 'nepean99' in your database, then why are you trying to encode the supplied password with PASSWORD() in your previous SELECT query?

                  Okay, so if I do it like this:

                  <?php
include "dbconfig.php";

$m = "SELECT * FROM Members WHERE password = '*12FB3A63FA1CBBC'";
$n = mysql_query($m);

echo $n;

?>

                  It would work?

                    Okay, that didn't work. It just said "Resource id #10".

                    Any help?

                    Thanks, much appreciated.

                      [man]mysql_query/man returns a resource on success, so I'm not sure why you think the output of "Resource id #10" means that it "didn't work" (when in fact it means quite the opposite - the query was successfully executed).

                        A [man]resource[/man] that was treated as if it were a string (such as by trying to echo/print() it).

                          So then, how can I figure out if my password is right? I'm so confused (😕), so can you just write the code (:o)?

                            Why have you suddenly forgotten how to use the return result from a SELECT query? You managed to do it back in your post #15.

                              I don't think he did, he said he was following a tutorial, which I took to mean, he copied the code verbatim from it and came here when it didn't work.

                                Yeah, that is exactly it. I can figure out a few things on my own, but I am REALLY a beginner... :o.

                                  I thought the idea of a tutorial was that it was something you learned from, not just copied verbatim. Of course, there are a lot of very poor tutorials out there...

                                    I fixed the login problem. I can get to the main site, but get this error:

                                    "Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /*/**/_*/mainsite.php on line 34"

                                    I tried taking away the ';' at the end of line 34, but it didn't change the message. Any ideas?

                                    <?php
session_start();

if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: index.php");
}

?>

<html>
	<head>
		<title> Lego Comic </title>
		<link rel="stylesheet" type="text/css" href="style.css" />
	</head>

<body>
	<center>

	<?php
	//Display Welcome message
	echo "<h1> Welcome </h1>" . $_SESSION["valid_user"];
	?>

	<h1> Hello! </h1>
	<h2> Welcome to Lego Comic, where, among other things, we feature lego comics! </h2>
	<p> You probably guessed that, didn't you. </p>
	<h3> Well anyways, at the top of every page, you will find links to different pages where you can find games, comics and more! Enjoy! </h3>
	<p> To change your password, click <a href="changepassword.php" title="Change Your Password"> HERE. </a> </p>
	<p> To delete your account, click <a href="deleteaccount.php" title="Delete Your Account"> HERE. </a> </p>
	<?php
	// Display logout link
	echo "<p><a href="logout.php" title="Logout">Click Here To Logout!</a></p>";
	echo "<p> This page was last edited: " . date("r", filemtime("mainsite.php"));
	//This shows when the page was last edited
	?>
	</center>
</body>
</html>

                                    Thanks for all your help so far, guys!

                                      Never mind, solved it (stupid, stupid me!). I forgot that I can't echo a link.

                                        Write a Reply...