Help for Login

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • punk86
    New Member
    • Jan 2010
    • 9
    #1

    Help for Login

    Hi,
    i can register and login without fail.
    However i notice that my inputs are not record into the database.
    I do not know the reason.
    Can someone guide me into login and register.
    Actually im quite confuse with the codings

    login.php
    Code:
    <?php
session_start ();
			$HOST = 'localhost';
			$USERNAME = 'root';
			$PASSWORD = '';
			$DB = 'c203';
			$username = $_POST['username'];
			$password = $_POST['password'];

		$link = mysqli_connect ($HOST,$USERNAME,$PASSWORD,$DB)or die(mysqli_connect_error());
		$sql = "SELECT username,password FROM login WHERE username='".$USERNAME."' AND password = SHA1('".$PASSWORD."')";
		$result = mysqli_query($link,$sql) or die (mysqli_error($link));

		if (mysqli_num_rows($result) == 1) {
		$row = mysqli_fetch_array($result);
		$_SESSION['username'] = $row['username'];
		$_SESSION['password'] = $row['password'];
		$msg = '<p><i>You are logged in as '.$SESSION['username'].'<br/><a href="index.php">Home</p>';

}		else {
		$msg = '<p class ="error"> Sorry, you must enter a valid username and password to log in. <a href ="index.php">Back</a></p>';
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>StarGazer - Login</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h3>StarGazer - Login</h3>
<?php

echo $msg
	
?>
</body>
</html>

    loginPage.php
    Code:
    <?php
session_start();
if(isset($_SESSION['user_id'])) {
	echo"<p>You are already logged in ...<a href=\"index.php\">Back</a></p>";
	
	exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>StarGazer!</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
  <h3>StarGazer- Login</h3>
  <form method="post" action="login.php">
  	<fieldset>
  		<legend>Login</legend>
		<table>
			<tr>
				<td><label for="username">Username:</label></td>
				<td><input type="text" id="username" name="userName"/></td>
			</tr>
			<tr>
				<td><label for="password">Password:</label></td>
				<td><input type="password" id="password" name="password"/></td>
			</tr>
		</table>
  	</fieldset>
	<input type="submit" value="Login" name="submit"/>
  </form>
	</body>
</html>
    register.php
    Code:
    <?php
if(isset($_POST)){
	//retrieve form data
	$name = $_POST['name'];
	$gender = $_POST['gender'];
	$birthdate = $_POST['birthdate'];
	$username = $_POST['username'];
	$password1 = $_POST['password1'];

	//connect to database		
	$HOST = 'localhost';
	$USERNAME = 'root';
	$PASSWORD = '';
	$DB = 'c203';
		
	$link = mysqli_connect($HOST,$USERNAME,$PASSWORD,$DB);
	$query = "INSERT INTO register(name,gender,birthdate,username,password) VALUES ('".$name."','".$gender."','".$birthdate."','".$username."',SHA1('".$password1."'))";
	$status = mysqli_query($link,$query) or die(mysqli_error($link));

	//insert new record
	if($status){
		$message = '<p>Your new account has been successfully created. You are now ready to <a href="index.php">Login</a>.</p>';
		$message .= '<p><a href="index.php">Home</a>';
	}
	mysqli_close($link);
}else {//form not posted
	$message = '<p class="error">You must enter all of the sign-up data.<a href="register.html">Back</a></p>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>StarGazer - Register</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h3>StarGazer - Register</h3>
<?php
echo $message;
?>
</body>
</html>
    Tags: None
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      Hey.

      I assume you mean that your database is filled with empty rows?

      There are two things in your registration script that could/would cause this:
      • You can not verify that a form has been submitted by checking if the $_POST array is set. It is always set, regardless of whether it has any data.
        [code=php]
        // This is ALWAYS true. Do not do this
        // to check if a form has been posted
        if(isset($_POST )) { //... }

        // Instead, check the actual fields.
        if(issset($_POS T['field1'], $_POST['field2'] /* etc.. */)) { ... }

        // ... And yes, you should check ALL fields that
        // should be present.
        [/code]
      • Which brings me to me second point: Validating the data.
        You should always make sure your data is in fact what it is supposed to be. As it is, your script doesn't so much as check whether the fields have any data. Which means - coupled with what I discussed earlier - your script inserts a row with empty data every time somebody opens your registration script to see the form.

        Never trust the user to insert valid data. Always assume the user is trying to manipulate your system to do something harmful to your site, and code accordingly.
        Look up the phrase "SQL Injection". You could start by reading the chapter on it in the PHP manual.

        Comment

        Previous template Next
        Working...