Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP Login system problems

  • 29-03-2012 8:42am
    #1
    Registered Users, Registered Users 2 Posts: 108 ✭✭


    I'm a complete noob when it comes to php and I'm just wondering if anyone could tell me what is wrong with this code for the register and login section for my website. I have a database setup in xampp and when I register the user their details are added to the site. However when I login I can enter any username and any password or even no password and it will still log the user in.

    Any help is greatly appreciated, thanks!! :)

    This is the login section code:

    [PHP]<?php include "base.php"; ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
    <html xmlns="http://www.w3.org/1999/xhtml"&gt;
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Testing inMotion</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    <body>
    <div id="main">
    <?php
    if(!empty($_SESSION) && !empty($_SESSION))
    {
    ?>

    <h1>Member Area</h1>
    <p>Thanks for logging in! You are <b><?=$_SESSION?><b> and your email address is <b><?=$_SESSION?></b>.</p>

    <ul>
    <li><a href="logout.php">Logout.</a></li>
    </ul>

    <?php
    }
    elseif(!empty($_POST) && !empty($_POST))
    {
    $username = mysql_real_escape_string($_POST);
    $password = md5(mysql_real_escape_string($_POST));

    $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

    if(mysql_num_rows($checklogin) == 1)
    {
    $row = mysql_fetch_array($checklogin);
    $email = $row;

    $_SESSION = $username;
    $_SESSION = $email;
    $_SESSION = 1;

    echo "<h1>Success</h1>";
    echo "<p>We are now redirecting you to the member area.</p>";
    echo "<meta http-equiv='refresh' content='=2;index.html' />";
    }
    else
    {
    echo "<h1>Error</h1>";
    echo "<p>Sorry, your account could not be found. Please <a href=\"index1.php\">click here to try again</a>.</p>";
    }
    }
    else
    {
    ?>

    <h1>Member Login</h1>

    <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>

    <form method="post" action="index.html" name="loginform" id="loginform">
    <fieldset>
    <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
    <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
    <input type="submit" name="login" id="login" value="Login" />
    </fieldset>
    </form>

    <?php
    }
    ?>
    </div>
    </body>
    </html>[/PHP]

    This is the register section of the site:

    [PHP]<?php include "base.php"; ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
    <html xmlns="http://www.w3.org/1999/xhtml"&gt;
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>User Management System (Tom Cameron for NetTuts)</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    <body>
    <div id="main">
    <?php
    if(!empty($_POST) && !empty($_POST))
    {
    $username = mysql_real_escape_string($_POST);
    $password = md5(mysql_real_escape_string($_POST));
    $email = mysql_real_escape_string($_POST);

    $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");

    if(mysql_num_rows($checkusername) == 1)
    {
    echo "<h1>Error</h1>";
    echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
    }
    else
    {
    $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
    if($registerquery)
    {
    echo "<h1>Success</h1>";
    echo "<p>Your account was successfully created. Please <a href=\"index1.php\">click here to login</a>.</p>";
    }
    else
    {
    echo "<h1>Error</h1>";
    echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
    }
    }
    }
    else
    {
    ?>

    <h1>Register</h1>

    <p>Please enter your details below to register.</p>

    <form method="post" action="register.php" name="registerform" id="registerform">
    <fieldset>
    <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
    <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
    <label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
    <input type="submit" name="register" id="register" value="Register" />
    </fieldset>
    </form>

    <?php
    }
    ?>
    </div>
    </body>
    </html>[/PHP]


Comments

  • Registered Users, Registered Users 2 Posts: 241 ✭✭fcrossen


    I see:
    [HTML]<form method="post" action="index.html" name="loginform" id="loginform">[/HTML]
    in your first code snippet - "This is the login section code".

    Is this the index.html file? If so (unless you unusually have your web server set to parse HTML files as PHP) the PHP code will not execute.

    Rename your index.html file to index.php file and change the action attribute of your form and try that.


  • Registered Users, Registered Users 2 Posts: 953 ✭✭✭hearny


    You need to start the session before any other output, if its not declared in base.php make sure to include
    session_start();
    also fix whats in the above post.


Advertisement