Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

PHP Login system problems

Options
  • 29-03-2012 9:42am
    #1
    HotP0pp3r
    Registered Users Posts: 108 ✭✭


    I'm a complete noob when it comes to php and I'm just wondering if anyone could tell me what is wrong with this code for the register and login section for my website. I have a database setup in xampp and when I register the user their details are added to the site. However when I login I can enter any username and any password or even no password and it will still log the user in.

    Any help is greatly appreciated, thanks!! :)

    This is the login section code:

    [PHP]<?php include "base.php"; ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
    <html xmlns="http://www.w3.org/1999/xhtml"&gt;
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Testing inMotion</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    <body>
    <div id="main">
    <?php
    if(!empty($_SESSION) && !empty($_SESSION))
    {
    ?>

    <h1>Member Area</h1>
    <p>Thanks for logging in! You are <b><?=$_SESSION?><b> and your email address is <b><?=$_SESSION?></b>.</p>

    <ul>
    <li><a href="logout.php">Logout.</a></li>
    </ul>

    <?php
    }
    elseif(!empty($_POST) && !empty($_POST))
    {
    $username = mysql_real_escape_string($_POST);
    $password = md5(mysql_real_escape_string($_POST));

    $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

    if(mysql_num_rows($checklogin) == 1)
    {
    $row = mysql_fetch_array($checklogin);
    $email = $row;

    $_SESSION = $username;
    $_SESSION = $email;
    $_SESSION = 1;

    echo "<h1>Success</h1>";
    echo "<p>We are now redirecting you to the member area.</p>";
    echo "<meta http-equiv='refresh' content='=2;index.html' />";
    }
    else
    {
    echo "<h1>Error</h1>";
    echo "<p>Sorry, your account could not be found. Please <a href=\"index1.php\">click here to try again</a>.</p>";
    }
    }
    else
    {
    ?>

    <h1>Member Login</h1>

    <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>

    <form method="post" action="index.html" name="loginform" id="loginform">
    <fieldset>
    <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
    <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
    <input type="submit" name="login" id="login" value="Login" />
    </fieldset>
    </form>

    <?php
    }
    ?>
    </div>
    </body>
    </html>[/PHP]

    This is the register section of the site:

    [PHP]<?php include "base.php"; ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
    <html xmlns="http://www.w3.org/1999/xhtml"&gt;
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>User Management System (Tom Cameron for NetTuts)</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    <body>
    <div id="main">
    <?php
    if(!empty($_POST) && !empty($_POST))
    {
    $username = mysql_real_escape_string($_POST);
    $password = md5(mysql_real_escape_string($_POST));
    $email = mysql_real_escape_string($_POST);

    $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");

    if(mysql_num_rows($checkusername) == 1)
    {
    echo "<h1>Error</h1>";
    echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
    }
    else
    {
    $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
    if($registerquery)
    {
    echo "<h1>Success</h1>";
    echo "<p>Your account was successfully created. Please <a href=\"index1.php\">click here to login</a>.</p>";
    }
    else
    {
    echo "<h1>Error</h1>";
    echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
    }
    }
    }
    else
    {
    ?>

    <h1>Register</h1>

    <p>Please enter your details below to register.</p>

    <form method="post" action="register.php" name="registerform" id="registerform">
    <fieldset>
    <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
    <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
    <label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
    <input type="submit" name="register" id="register" value="Register" />
    </fieldset>
    </form>

    <?php
    }
    ?>
    </div>
    </body>
    </html>[/PHP]


Comments

  • Options
    #2
    fcrossen
    Registered Users Posts: 241 ✭✭fcrossen


    I see:
    [HTML]<form method="post" action="index.html" name="loginform" id="loginform">[/HTML]
    in your first code snippet - "This is the login section code".

    Is this the index.html file? If so (unless you unusually have your web server set to parse HTML files as PHP) the PHP code will not execute.

    Rename your index.html file to index.php file and change the action attribute of your form and try that.


  • Options
    #3
    hearny
    Registered Users Posts: 953 ✭✭✭hearny


    You need to start the session before any other output, if its not declared in base.php make sure to include
    session_start();
    also fix whats in the above post.


Advertisement