Logging Page

Could you please Post Your SQL Script also to Try this in our End.
And also please post what is Not working, Any Errors, because I cant assume the Problems here. ;)

[PHP]$_POST['pass'] = md5($_POST['pass']);

if (!get_magic_quo tes_gpc()) {

$_POST['pass'] = addslashes($_PO ST['pass']);[/PHP]

You are adding slashes after using md5. Is it correct?

I hope this is not a puzzle! In order to be of help, you should at least tell us:

- what is it that does not work?
- where (approx) the error occurring?
- what have you done to narrow down the part of the code that does not work?
- what have you used with respect to tracing, setting break points, echoing, etc. to narrow down the part of the script where the error occurs?

Ronald :cool:

Please except my apology, i was so frustrated last night after spending 5 hours tryting to understand the script, i put up the discussion with out thinking about it. Here what me and my friend trying to do.

Part 1: we have a normal form as follow:

[HTML]

<form action="loginpa ge.php" method="post">
<div align="center">
<table border="0">
<tr>
<td>Title:</td>
<td> <input type="text" name="title" maxlength="10">
</td>
</tr>
<tr>
<td>First Name:</td>
<td> <input type="text" name="first_nam e" maxlength="30">
</td>
</tr>
<tr>
<td>Last Name:</td>
<td> <input type="text" name="last_name " maxlength="30">
</td>
</tr>
<tr>
<td>Address Line 1:</td>
<td> <input type="text" name="address_l ine1" maxlength="60">
</td>
</tr>
<tr>
<td>Address Line 2:</td>
<td> <input type="text" name="address_l ine2" maxlength="60">
</td>
</tr>
<tr>
<td>City:</td>
<td> <input type="text" name="city" maxlength="60">
</td>
</tr>
<tr>
<td>Post Code:</td>
<td> <input type="text" name="postcode" maxlength="20">
</td>
</tr>
<tr>
<td>Username: </td>
<td> <input type="text" name="username" maxlength="25">
</td>
</tr>
<tr>
<td>Password: </td>
<td> <input type="password" name="pass" maxlength="10">
</td>
</tr>
<tr> <td>Confirm Password:</td>
<td> <input type="password" name="pass2" maxlength="10">
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<th colspan=150><in put type="submit" name="submit" value="Register "></th>
</tr>
</table>
</div>
</form>

[/HTML]

The following script is designed to populate the mysql table, which i dont have the description at work and will post it when i get home. The first error happens after the form is filled and submited, it says That user does not exist in our database.

[PHP]

<?php
// Connects to your Database
mysql_connect(" host", "user", "pass") or die(mysql_error ());
mysql_select_db ("db") or die(mysql_error ());

//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank
if (!$_POST['title'] | !$_POST['first_name'] | !$_POST['last_name'] | !$_POST['address_line1'] | !$_POST['address_line2'] | !$_POST['city'] | !$_POST['postcode'] | !$_POST['username'] | !$_POST['pass'] | !$_POST['pass2']) {
die('You did not complete all of the required fields, Click Back to try Again');
}
// checks if the username is in use
if (!get_magic_quo tes_gpc()) {
$_POST['username'] = addslashes($_PO ST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SE LECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error ());
$check2 = mysql_num_rows( $check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match.');
}

//encrypt the password and add slashes if needed

$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quo tes_gpc()) {
$_POST['pass'] = addslashes($_PO ST['pass']);
$_POST['username'] = addslashes($_PO ST['username']);
}


// insert it into the database
$insert = "INSERT INTO users (title, first_name, last_name, address_line1, address_line2, city, postcode, username, password)
VALUES ('".$_POST['title']."', '".$_POST['first_name']."', '".$_POST['last_name']."', '".$_POST['address_line1']."', '".$_POST['address_line2']."', '".$_POST['city']."', '".$_POST['postcode']."', '".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($in sert);
echo("<code>".$ insert."</code>");
$add_member = mysql_query($in sert) or die(mysql_error ());
?>
</div>
<h1 align="center"> Registered</h1>
<h1 align="center"> Thank you, you have registered - you may now <a href="loginpage .php">login</a>.</h1>
<div align="center">
[/PHP]
[PHP]
<?php
}
else
{
}
?>
[/PHP]


Now the logging page where the user enters the password and username, starts again with a form to create the input fields. I have populated the sql table manualy with data including username and password. if i enter a password and username which dosent exist on the sql table, it will through the error saying: That user does not exist in our database. <a href=signin1.ph p>Click Here to Register. when a username and password which has been registered is used it directs it to an blank page, which tbh is whats confusing me, as i thought i have asked it to be directed to index1.php.

[PHP]

<?php

// Connects to your Database
mysql_connect(" host", "user", "pass") or die(mysql_error ());
mysql_select_db ("db") or die(mysql_error ());


//Checks if there is a login cookie

if(isset($_COOK IE['ID_my_site']))


//if there is, it logs you in and directes you to the members page

{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SE LECT * FROM users WHERE username = '$username'")or die(mysql_error ());

while($info = mysql_fetch_arr ay( $check ))
{

if ($pass != $info['password'])
{

}

else
{
header("Locatio n: index1.php");

}

}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quo tes_gpc()) {
$_POST['username'] = addslashes($_PO ST['username']);
}

$check = mysql_query("SE LECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error ());

//Gives error if user dosen't exist

$check2 = mysql_num_rows( $check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=signin1.ph p>Click Here to Register</a>');
}


while($info = mysql_fetch_arr ay( $check ))
{

$_POST['pass'] = stripslashes($_ POST['pass']);
$info['password'] = stripslashes($i nfo['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

//else
//{
// if login is ok then we add a cookie

//$_POST['username'] = stripslashes($_ POST['username']);


//$hour = time() + 3600;
//setcookie(ID_my _site, $_POST['username'], $hour);
//setcookie(Key_m y_site, $_POST['pass'], $hour);

//then redirect them to the members area
//header("Locatio n: admin");
}
}
//}
else
{
}
// if they are not logged in
?>
[/PHP]

[HTML]

<form action="<?php echo $_SERVER['index1']?>" method="post">
<div align="center">
<table border="0">
<tr> <td colspan=2><h1>L ogin</h1></td>
</tr>
<tr>
<td>Username: </td>
<td> <input type="text" name="username" maxlength="40">
</td>
</tr>
<tr>
<td>Password: </td>
<td> <input type="password" name="pass" maxlength="50">
</td>
</tr>
<tr>
<td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</div>
</form>

[/HTML]

Now to answer other questions, i personally thought the the main problem was at the redirection when the user name and pass word was entered so i tried to change it by changing the pages it was suppose to read. that didnt work. To answer satya, my friend is trying to encrypt the password, i personally dont know what he is trying to do, but from what i can understand the answer your question is simply yes.

I will give you the sql table design when i get home tonight.

thx well in advnce

keyvan

Hi.

I believe that the user error is caused because you add slashes to the user name twice. First before you check it against the database, and then again before you add it to the database.

As for your header. I'm not sure why that doesn't work.
My first thought was that it was redirected correctly, but the index1.php was simply empty.

If the problem is the redirect, you could try to change it to './index1.php' or the complete url of your page and see if that works.
If that doesn't work, you could try something like this:
[PHP]
echo "<script language='javas cript'>location .href='index1.p hp'</script>";
[/PHP]