|
PHP - Simple Login And Register Script
Hey I would just like to release a simple login/register script that will work just fine and has some nice systems in it.
The Login. (I will post the code then below tell you what you need to do to get it to work with MYSQL DATABASE) Create a file and call it login with the suffix .php so if you have file extensions showing on your computer it will look like "login.php" then put this code inside of it. Code: [Select] <?php session_start(); ?> <?php function mysql_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string"); // i.e PHP >= v4.3.0 if($new_enough_php){ // PHP v4.3.0 or higher if ($magic_quotes_active){ $value = stripslashes($value); } $value = mysql_real_escape_string($value); }else{ //Before PHP v4.3.0 //if magic quotes aren't already on then add slahes manually if(!$magic_quotes_active){ $value = addslashes($value); } // if magic quotes are active then the slashes already exist } return $value; } function redirect_to($location = NULL){ if($location != NULL){ header("Location: {$location}"); exit; } } define("DB_SERVER","localhost"); define("DB_USER","root"); define("DB_PASS","yourpassword"); define("DB_NAME","yourdatabasename"); $connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); if(!$connection){ die("Database Connection Failed: " . mysql_error()); } $db_select = mysql_select_db("bcooperz", $connection); if(!$db_select){ die("Connection to database failed: " . mysql_error()); } ?> <?php if(isset($_SESSION['user_id'])){ redirect_to("staff.php"); } ?> <?php if (isset($_POST['submit'])){ $errors = array(); // Perform validations on the form $required_fields = array('username', 'password'); foreach($required_fields as $fieldname){ if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){ $errors[] = $fieldname; } } $field_with_lengths = array('username' => 30, 'password' => 30); foreach($field_with_lengths as $fieldname => $maxlength) { if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $errors[] = $fieldname; } } $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); if (empty($errors)){ // Checks database to see if username and password exist their $query = "SELECT id, username FROM users WHERE username='$username' AND hashed_password='$hashed_password' LIMIT 1"; $result_set = mysql_query($query, $connection); if(!$result_set){ die("Database Query Failed: " . mysql_error()); } if (mysql_num_rows($result_set) == 1) { // The Username and Password have been found in the database and the user is verified // Only 1 Match $found_user = mysql_fetch_array($result_set); $_SESSION['user_id'] = $found_user['id']; $_SESSION['username'] = $found_user['username']; redirect_to("staff.php"); }else{ // Username and Password was not found in the database. $message = "Username/Password Combination Incorrect.<br/>Please make sure your caps lock key is off and try again."; echo $message; } }else{ $count = count($errors); if($count == 1){ echo "Their Was {$count} Error In The Form" . "<br />"; print_r(implode(", ", $errors)); }else{ echo "Their Was {$count} Error's In The Form" . "<br />"; echo "<b>"; print_r(implode(", ", $errors)); echo "</b>"; } } }else{ // The Form Has Not Been Submitted if(isset($_GET['logout']) && $_GET['logout'] == 1){ echo "You Are Now Logged Out"; } if(isset($_GET['nowlogged']) && $_GET['nowlogged'] == 1){ echo "You Need to Login to reach this page."; } $username = ""; $password = ""; } ?> <html> <head> <title>Register</title> </head> <body> <form action="login.php" method="post"> Username : <input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /><br /> Password : <input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /><br /><br /> <input type="submit" name="submit" value="Login" /><br /> </form> <p>Haven't got an account? register <a href="register.php">here!</a></p> </body> </html> Now once you have a file called "login.php" with the above code inside of it you will need to goto your mysql database and create a database with a table that has 3 fields in the following format. - id - int(11) - Auto increment - username - varchar(50) - hashed_password - varchar(40) Now search for this in the login.php code Code: [Select] define("DB_SERVER","localhost"); define("DB_USER","root"); define("DB_PASS","yourpassword"); define("DB_NAME","yourdatabasename"); And This: Code: [Select] $db_select = mysql_select_db("bcooperz", $connection); And change these to your settings. Once you have done all this create a new file called register with the suffix .php as well so if you have file extensions turned on it will look like "register.php" And add this code inside it: Code: [Select] <?php function mysql_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string"); // i.e PHP >= v4.3.0 if($new_enough_php){ // PHP v4.3.0 or higher if ($magic_quotes_active){ $value = stripslashes($value); } $value = mysql_real_escape_string($value); }else{ //Before PHP v4.3.0 //if magic quotes aren't already on then add slahes manually if(!$magic_quotes_active){ $value = addslashes($value); } // if magic quotes are active then the slashes already exist } return $value; } function redirect_to($location = NULL){ if($location != NULL){ header("Location: {$location}"); exit; } } ?> <?php define("DB_SERVER","localhost"); define("DB_USER","root"); define("DB_PASS","maxcooper"); define("DB_NAME","bcooperz"); $connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); if(!$connection){ die("Database Connection Failed: " . mysql_error()); } $db_select = mysql_select_db("bcooperz", $connection); if(!$db_select){ die("Connection to database failed: " . mysql_error()); } ?> <?php if(isset($_POST['submit'])){ $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); $confirmpass=$_POST['confirmpass']; $query2 = "SELECT * FROM users WHERE username='$username'"; $result2 = mysql_query($query2); $counted=mysql_num_rows($result2); $errors = array(); // Perform validations on the form $required_fields = array('username', 'password', 'confirmpass'); foreach($required_fields as $fieldname){ if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){ $errors[] = $fieldname; } } if($confirmpass!=$_POST['password']){ $errors[] = "passdifference"; } if($counted > 0){ $errors[] = "User Already Created"; } $field_with_lengths = array('username' => 30, 'password' => 30); foreach($field_with_lengths as $fieldname => $maxlength) { if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $errors[] = $fieldname; } } /* The Form Has Been Submitted */ if (empty($errors)){ $query = "INSERT INTO users (username,hashed_password) VALUES ('{$username}', '{$hashed_password}')"; $result = mysql_query($query, $connection); if($result){ echo "User Successfully Created"; }else{ echo "The User Could Not Be Created" . "<br />"; echo mysql_error(); } }else{ $count = count($errors); if($count == 1){ echo "Their Was {$count} Error In The Form" . "<br />"; print_r(implode(", ", $errors)); }else{ echo "Their Was {$count} Error's In The Form" . "<br />"; echo "<b>"; print_r(implode(", ", $errors)); echo "</b>"; } } }else{ /* The Form Has Not Yet Been Submitted */ $username = ""; $password = ""; } ?> <html> <head> <title>Register</title> </head> <body> <form action="register.php" method="post"> Username : <input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /><br /> Password : <input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /><br /> Confirm Password: <input type="password" name="confirmpass" maxlength="30" value="" /><br /><br /> <input type="submit" name="submit" value="Register" /><br /> </form> <p>Already have a account? login here <a href="login.php">here!</a></p> </body> </html> Once you have done that and you have a file called "register.php" you will need to perform the final step which will be changing the database details once again on the second file ("register.php"). Thanks, Bcooperz. Please tell me if this works Similar TutorialsHi can someone pls help, im tryin a tutorial but keep getting errors, this is the first one i get after registering. You Are Registered And Can Now Login Warning: Cannot modify header information - headers already sent by (output started at /home/aretheyh/public_html/nealeweb.com/regcheck.php:43) in /home/aretheyh/public_html/nealeweb.com/regcheck.php on line 46 Hello, im very green to php and I am having trouble creating a simple log in script. Not sure why this is not working, maybe a mysql_query mistake? I am not receiving any errors but nothing gets updated in the members table and my error message to the user displays. any help is appreciated! here is my php: <?php session_start(); $errorMsg = ''; $email = ''; $pass = ''; if (isset($_POST['email'])) { $email = ($_POST['email']); $pass = ($_POST['password']); $email = stripslashes($email); $pass = stripslashes($pass); $email = strip_tags($email); $pass = strip_tags($pass); if ((!$email) || (!$pass)) { $errorMsg = '<font color="#FF0000">Please fill in both fields</font>'; }else { include 'scripts/connect_db.php'; $email = mysql_real_escape_string ($email); $pass = md5($pass); $sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$pass'"); $log_check = mysql_num_rows($sql); if ($log_check > 0) { while($row = mysql_fetch_array($sql)) { $id = $row["id"]; $_SESSION['id']; $email = $row["email"]; $_SESSION['email']; $username = $row["username"]; $_session['username']; mysql_query("UPDATE members SET last_logged=now() WHERE id='$id' LIMIT 1"); }//Close while loop echo "You are logged in"; exit(); } else { $errorMsg = '<font color="#FF0000">Incorrect login data, please try again</font>'; } } } ?> and the form: <?php echo $errorMsg; ?> <form action="log_in.php" method="post"> Email:<br /> <input name="email" type="text" /><br /><br /> Password:<br /> <input name="password" type="password" /><br /><br /> <input name="myBtn" type="submit" value="Log In" /> </form> I've tried Googling this for a long time but I only find complete member systems with ugly code, not something i'm looking for. What I am looking for is just a simple tutorial or commented code to make a admin login. What it's going to do is just: Loading a MD5 salt hasched password from my MYSQL database. You'll get to fill in one field: Password. If it validates with the MYSQL password it'll show the hidden content; if not it'll just give a "not correct error". That's basicly it. I have only one page of secret admin stuff so yeah.. it would be awesome to have the ability to logout and I of curse want to have everything in sessions! It would be to big help! I'm very new to PhP and one of my asignments in class is to create a simple login using php and mysql. I made a simple page using html, php, and mysql and i keep getting errors. Here is my code so far: This is my index.php page: <html> <form action = 'login.php' method='POST'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br> <input type='submit' value='Log in'> </form> </html> This is my login.php page: <?php $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { &connect = mysql_connect("localhost", "root", " ") or die ("Couldnt connect"); mysql_selct_db("phplogin") or die("Couldn't find db"); } else die ("Please enter a username and password"); ?> mySql file is very basic: 3 columns, id, username, password I dont think my problem is with the mySQL page that was the easiest to make but everytime I hit login in the index.php, the entire script for login.php gets outputted on screen. I would appreciate all the help. I have a form on my website which actions login.php. The login.php code is below: <?php include('includes/classes.php.inc'); session_start(); $link = new BaseClass(); $data = $link->query("SELECT * FROM logins"); $pass_accepted = false; if($_REQUEST['username'] && $_REQUEST['password']){ $username = $_REQUEST['username']; $password = $_REQUEST['password']; while($row = mysql_fetch_array($data)){ if(($row['username']==$useranme)&&($row['password']==$password){ echo 'Password correct!'; $_SESSION['loggedin']=true; $pass_accepted = true; } } } else { echo 'You did not enter a username or password!'; } if(!$pass_accepted){ echo 'Your password is incorrect'; } echo '<br>Please <a href="index.php">click here</a> to return to page'; ?> I have checked that my references are all correct however even when I enter the correct password it returns saying the password is incorrect. Any idea on why this could be? I am happy to answer any follow up questions. Regards Hi there, I have a simple login script written but I get an error with it. It does work but shows an error on some pages. Let me explain. Three Files: Admin.php Login.html checklogin.php When the user has logged in they go to checklogin.php. If the username and password match 1 row in the database then it forwards the user to admin.php fine. Except I keep getting mysql warning messages: Warning: Cannot modify header information - headers already sent by (output started at /home/wormste1/public_html/tilburywebdesign/shop/templates/template1/admin/updatescompanyinformation.php:3) in /home/wormste1/public_html/tilburywebdesign/shop/templates/template1/admin/companyinfoupdated.php on line 3 At the start of each page I want password protected I put the following code: <? session_start(); if(!session_is_registered(myusername)){ header("location:login.html"); } ?> I can't work out why I am getting this error. Many Thanks, Ian Hi Everyone, Just wondered if someone could quickly help me out, im building a simple login system for my website but having a little bit of trouble, the error i keep getting is: Quote Cannot modify header information - headers already sent by (output started at /home/sites/cuju8.com/public_html/include.php:18) in /home/sites/cuju8.com/public_html/login.php on line 12 I have done some research but cant find the answer to this, my login script is as follows: Code: [Select] <?php require_once('include.php'); $error = ''; $form = $_POST['submit']; $email = $_POST['email']; $password = $_POST['password']; if( isset($form) ) { if( isset($email) && isset($password) && $email !== '' && $password !== '' ) { $sql = mysql_query("SELECT * FROM `usersystem` WHERE email='$email' and password='$password';"); if( mysql_num_rows($sql) != 0 ) { //success $_SESSION['logged-in'] = true; [b]header('Location: members.php');[/b] exit; } else { $error = "Incorrect login info"; } } else { $error = 'All information is not filled out correctly';} } ?> I think its the header location code thats causing the problem but im not sure where to move it too. If anyone could help i would really appreciate it. Cheers ok..ive done this a million times..i have a working example here and i copied it and amended it for this new project but for some reason i cant get a form to post data to another page. this is the error message i get Notice: Undefined index: username in C:\wamp\www\uni\fyp\site\mobile\login.php on line 16 Notice: Undefined index: password in C:\wamp\www\uni\fyp\site\mobile\login.php on line 17 here is my form code: <form method="post" action="login.php"> <table align="center" cellpadding="0" cellspacing="0"> <tr> <td style="vertical-align:top;">Username: </td><td><input type="text" name="username" value="" /></td> </tr> <tr> <td style="vertical-align:top;">Password: </td><td><input type="password" name="password" value="" /><br /><input type="submit" id="submit" value="Login" /></td> </tr> </table> </form> and here is the code within the login.php where the form should post to $username = $_POST['username']; $password = $_POST['password']; // Help protect against MySQL injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); // Selecting data from database where correct username and password are found $sql="SELECT * FROM customer WHERE username='$username' and password='$password'"; $result=mysql_query($sql) or die(mysql_error()); i cant see anything wrong..been looking for hours...please please help me My issue is that I cannot get my user information to (1) upload to the database, and (2) if I manually put information in the data base I cannot retrive it when trying to log in.. I assume its a connection issue, but I cannot seem to find it. Thanks in advance for the help! This is my "init.inc.php" script... Code: [Select] <?php session_start(); $exceptions = array('register','login'); $page = substr(end(explode('/',$_SERVER['SCRIPT_NAME'])),0,-4); if(in_array($page, $exceptions) === false){ if(isset($SESSION['username']) === false){ header('Location: login.php'); die(); } } mysql_connect('localhost','root',''); mysql_select_db('newlogin'); $path = dirname(__FILE__); include("{$path}/inc/user.inc.php"); ?> This is my "user.inc.php" script... Code: [Select] <?php // check is the given username exisits in the table function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT('user_id') FROM 'user_tbl' WHERE 'user_name' = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } // checks is the username and password are valid function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT('user_id') FROM 'user_tbl' WHERE 'user_name' = '{$user}' AND 'user_password' = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } //adds user to the database function add_user($user, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $pass = sha1($pass); mysql_query("INSERT INTO 'user_tbl' ('user_name', 'user_password') VALUES ('{$user}', '{$pass}')"); } ?> Finally this is my "register.php" Page... Code: [Select] <?php error_reporting(0); include('core/init.inc.php'); $errors = array(); if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){ if(empty($_POST['username'])){ $errors[] = "The username field cannot be empty!"; } if(empty($_POST['password']) || empty($_POST['repeat_password'])){ $errors[] = "The password fields cannot be empty!"; } if($_POST['password'] !== $_POST['repeat_password']){ $errors[] = "Password verification failed !"; } if(user_exists($_POST['username'])){ $errors[] = "That username has already been taken!"; } if(empty($errors)){ add_user($_POST['username'], $_POST['password']); $_SESSION['username'] = htmlentities($_POST['username']); header('Location: protected.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <div> <?php if( empty($errors) === false){ ?> <ul> <?php foreach($errors as $error){ echo "<li>{$error}</li>"; } ?> </ul> <?php } ?> </div> <form action="" method="post"> <p> <label for="username"> Username:</label> <input type="text" name="username" id="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" /> </p> <p> <label for="password"> Password:</label> <input type="password" name="password" id="password" /> </p> <p> <label for="repeat_password"> Repeat Password:</label> <input type="password" name="repeat_password" id="repeat_password" /> </p> <p> <input type="submit" value="Register" /> </p> </form> </body> </html> Hello everyone,i was trying to make a register/login pages on my own and well i got stuck..and my good friend google couldn't help me :S So well i came to ask proffesionals Okay here is it: First thing i don't get is about email activation that i wanted to use on my register page... I got do_reg.php file that looks like this: Code: [Select] <?php include 'connection.php'; //grab data from form $name = $_POST['username']; $pass = $_POST['password']; $pass_conf = $_POST['pass_conf']; $email = $_POST['email']; $ip = $_POST['ip']; //if else if($name == false || $pass == false || $pass_conf == false || $email == false){ echo "Please fill in all the required fields."; }; if($pass != $pass_conf){ echo "Blah..Passwords do not match."; }else{ //generate random code $code = rand(11111111,99999999); //send email $subject = "Activate your account"; $headers = "From: admin@mysite.com"; $body = "Hello $name,\n\nYou registered and need to activate your account. Click the link below or paste it into the URL bar of your browser\n\n http://localhot/login/activate.php?code=$code\n\nThanks!"; if (!mail($email,$subject,$body,$headers)) echo "Error,what a shame!"; else { $sql = mysql_query("INSERT INTO users (username,password,email,code,active,ip) VALUES('$name','$pass','$email','$code',0,'$ip')") or die(mysql_error()); $result = mysql_query($sql); echo "Thank you for registering! But your account is not still active :'( Please check your email ($email) for activation code! :)"; } }; ?>I went through thousands of erros and still couldn't make it work,i am using xampp localhost server for now and maybe that is the reason it wont work even if i tried to activate SMTP and that stuff in php.ini conf file (as my friend google told me).. So this is one of the errors: Quote Warning: mail() [function.mail]: SMTP server response: 550 relaying denied in C:\xampp\htdocs\login\do_reg.php on line 25 Error,what a shame! Now the next thing i couldn't understand is where is the error inside this script... (do_login.php) Code: [Select] <?php include 'connection.php'; $session_username = $_SESSION['username']; if($_POST['login']) { //get form data $username = $_POST['username']; $password = $_POST['password']; } if(!$username||!$password) echo "Username and password missing!"; else { //login $login = mysql_query("SELECT * FROM users WHERE username='$username'"); } if (mysql_query($login)==0) echo "No souch user!"; else { while ($login_row = mysql_fetch_assoc($login)) { $password_db = $login_row['password']; $password = md5($password); if ($password!=$password_db) echo "Incorect password!"; else { //check if active $active = $login_row['active']; $email = $login_row['email']; if ($active==0) echo "You haven't activated your account, please check your email ($email) for activation!"; else { $_SESSION['username']=$username; //assign session header("Location: index.php");//refresh } } } } ?> Thank you for your spent time and help.. Hello,
i got a problem with a part of my code :
<?php Hi, currently in my registration code, the userId allows only six digits as the user ID. I need help in performing the following task 1. Modify the account creation screen to allow users to enter EITHER a 6-digit ID OR a 9 character ID. Any 6-digit PLID will be stored with the perpended B11. 2.Modify the login utility for the users to allow them to use either the 6-digit or 9-character IDs which means you will need to prepend the B11 to any 6-digit PLID to find their record in the database. 3.Convert existing PLIDs in the database to the new format by prepending the B11. Any coding help will be greatly appreciated. If I wanted to create a custom CMS that will allow people to be able to upload files, register a new account, to be able to add to a blog article, edit one's article but not someone else's, edit one's profile, be able to leave comments, edit comments as well as edit their blog articles in something similar to this forum's post box (with Bold, Italic, etc options), how would I go about it? Hi there, I've just registered here and had a quick look around but couldn't find the answer I was looking for so I hope I'm posting this question in the right place. I want to write a PHP Login/Registration script that I can run on a website I am developing for a client but this website has more than one piece of software on it (each with it's own user-tables) and this is the first time I have had to integrate software before so I need a bit of help. When a user fills in the registration form, that data needs to be sent to the relevent user-tables for each application running on the website & when a user logs in, they need to be authenticated for each of the applications also so that we can have a one-click login process. I hop This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=313919.0 I'm sorry this code is a mess, this is my attempt at a online youtube tutorial http://www.youtube.com/user/phpacademy#p/c/9CC58D1B2A2D83D6/9/cBJZZlLrXGo The script runs with no parse errors but it does not the following: - present error messages when input is incorrect - enter correct input into the database - retain the user input in the form so the user does not need to re enter the information. I would just use another script but this is the 2nd part of a tutorial that will really help me learn so I need this to work . Any help appreciated. 1. 2. <?php 3. include("design/header.php"); 4. require("connect.php"); 5. 6. //register code 7. 8. 9. if(isset($POST['submit'])) 10. { 11. //grab submitted data 12. $firstname = $_POST['firstname']; 13. $lastname = $_POST['lastname']; 14. $username = $_POST['username']; 15. $password = $_POST['password']; 16. $password_repeat = $_POST['password_repeat']; 17. 18. $dob_year = $_POST['dob_year']; 19. $dob_month = $_POST['dob_month']; 20. $dob_day = $_POST['dob_day']; 21. 22. $gender = $_POST['gender']; 23. 24. if ( 25. $firstname&& 26. $lastname&& 27. $username&& 28. $password&& 29. $password_repeat&& 30. $dob_year&& 31. $dob_month&& 32. $dob_day&& 33. $gender 34. ) 35. { 36. 37. //validation 38. if(strlen($firstname)>25 || strlen($lastname)>25 || strlen($username)>25) 39. echo "Firstname, lastname and username must be no more than 25 characters."; 40. 41. 42. else 43. { 44. if (strlen($password)>25 || strlen($password)<6) 45. echo "Password must be between 6 and 25 characters."; 46. 47. else 48. { 49. if (is_numberic($dob_year)&&is_numberic($dob_month)&&is_numberic($dob_day)) 50. { 51. 52. if (strlen($dob_year)>4||strlen($dob_year)>2||strlen($dob_year)>2) 53. echo "Date of birth must be 4 characters, month and must be 2."; 54. else 55. { 56. if ($gender=="Male"||$gender=="Female") 57. { 58. //compare pass 59. if ($password==$password_repeat) 60. { 61. //check dob limits for month and day 62. if ($dob_month>12||$dob_day>31) 63. echo "Date of birth month or day is bigger than expected!"; 64. else{ 65. //check for existing user 66. $query =mysql_query("SELECT * FROM users WHERE username='$username'"); 67. if (mysql_num_rows($query)>=1) 68. echo "That username is already taken."; 69. else { 70. //success!! 71. $dob_db = "$dob_year-$dob_month-$dob_day"; 72. $password_db = md5($password); 73. 74. switch ($gender) 75. { 76. case "Male": 77. $gender_db = "M"; 78. break; 79. case "Female": 80. $gender_db = "F"; 81. break; 82. $register = mysql_query("INSERT INTO user VALUES ('','$firstname','$lastname','$username','$password_db','$dob_db','$gender_db')"); 83. echo "success!"; 84. } 85. } 86. } 87. } 88. else 89. {echo "Passwords must match"; 90. } 91. } 92. else 93. echo "Gender must be Male or Female."; 94. } 95. } 96. else 97. echo "Date of birth must be in number form. For example 1993/05/30"; 98. } 99. } 100. }else{ 101. echo "Please enter your details and click Register!"; 102. } 103. } 104. 105. ?> 106. 107. <p> 108. <form action='register.php' method='POST'> 109. 110. <table width='60%'> 111. <tr> 112. <td width='40%' align='right'> 113. <font size='2' face='arial'>Firstname: 114. </td> 115. <td> 116. <input type='text' value='<?php echo $firstname; ?>' name='firstname' maxlength='25'> 117. </td> 118. </tr> 119. <tr> 120. <td width='40%' align='right'> 121. <font size='2' face='arial'>Lastname: 122. </td> 123. <td> 124. <input type='text' value='<?php echo $lastname; ?>' name='lastname' maxlength='25'> 125. </td> 126. </tr> 127. <tr> 128. <td width='40%' align='right'> 129. <font size='2' face='arial'>Username: 130. </td> 131. <td> 132. <input type='text' value='<?php echo $username; ?>' name='username' maxlength='25'> 133. </td> 134. </tr> 135. <tr> 136. <td width='40%' align='right'> 137. <font size='2' face='arial'>Password: 138. </td> 139. <td> 140. <input type='password' name='password' maxlength='25'> 141. </td> 142. </tr> 143. <tr> 144. <td width='40%' align='right'> 145. <font size='2' face='arial'>Repeat Password: 146. </td> 147. <td> 148. <input type='password' name='password_repeat' maxlength='25'> 149. </td> 150. </tr> 151. <tr> 152. <td width='40%' align='right'> 153. <font size='2' face='arial'>Date of birth: 154. </td> 155. <td> 156. <input type='text' name='dob_year' maxlength='4' size='3' value='<?php if ($dob_year) echo $dob_year; else echo "YYYY";?>'> /<input type='text' name='dob_month' maxlength='2' size='1' value='<?php if ($dob_month) echo $dob_month; else echo "MM";?>'> / <input type='text' name='dob_day' maxlength='2' size='1' value='<?php if ($dob_day) echo $dob_day; else echo "DD";?>'> 157. </td> 158. </tr> 159. <tr> 160. <td width='40%' align='right'> 161. <font size='2' face='arial'>Gender: 162. </td> 163. <td> 164. <select name='gender'> 165. <option>Female</option> 166. <option>Male</option> 167. </select> 168. </td> 169. </tr> 170. 171. </table> 172. <div align='right'><input type='submit' name='submit' value='Register'> 173. </form> 174. 175. 176. <?php 177. include("design/footer.php"); 178. 179. ?> 180. Hey, so this is my register script
<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', 1);
require 'connect.php';
echo "<title> Register </title>";
if(isset($_POST['register'])) {
$username = trim($_POST['username']);
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$password = hash('sha512', $_POST['password']);
if(!$_POST['username'] OR !$_POST['password']) {
die("You must enter a username and password!");
}
$stmt = $con->prepare("INSERT INTO usrs_usr (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $username, $password);
$stmt->get_result();
var_dump($stmt);
$stmt->execute();
echo "New user has been created successfully";
$stmt->close();
$conn->close();
}
?>
Now the problem is i have done a variable dump which outputs nothing, and the only error i am getting is
Fatal error: Call to a member function bind_param() on a non-object Hi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works. I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'. All the variables match the column names in the database.
Here is the original working script
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
// some error checking
/*
if($_POST['reg']){
echo "form submitted";
}else{ echo "form not submitted"; }
*/
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){
// echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email'];
if( strlen( $_POST['user'] ) < 5 )
{
include('header.inc');
echo "Username Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('header.inc');
echo "Password Must Be 5 or More Characters.";
include('footer.inc');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('header.inc');
echo "Username And Password Can Not Be The Same.";
include('footer.inc');
}
elseif( $_POST['email'] == "" )
{
//More secure to use a regular expression to check that the user is entering a valid email
// versus just checking to see if the field is empty
include('header.inc');
echo "Email must be valid.";
include('footer.inc');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$email = mysqli_real_escape_string($con, $_POST['email'] );
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, email ) VALUES (
'". $username ."',
'". $password ."',
'". $email."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('header.inc');
echo "You Could Not Register Because Of An Unexpected Error.";
include('footer.inc');
}
else
{
/* Note: When using the header function, you cannot send output to the browser
* before the header function is called. IF you want to echo a message to the
* user before going back to your login page then you should use the HTML
* Meta Refresh tag. */
//echo "You Are Registered And Can Now Login";
//echo " $username"; //this is for error checking
header ('location: login.php');
// if using echo then use meta refresh
/*
*?>
*<meta http-equiv="refresh" content="2;url= login.php/">
*<?
*/
}
mysqli_free_result($result);
}
else
{
include('header.inc');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('footer.inc');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('header.inc');
echo "You Could Not Be Registered Because Of Missing Data.";
include('footer.inc');
}
?>
and here is my version
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] ) && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) {
if( strlen( $_POST['user'] ) < 5 )
{
include('includes/overall/header.php');
echo "Username Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( strlen( $_POST['pass'] ) < 5 )
{
include('includes/overall/header.php');
echo "Password Must Be 5 or More Characters.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass'] == $_POST['user'] )
{
include('includes/overall/header.php');
echo "Username And Password Can Not Be The Same.";
include('includes/overall/footer.php');
}
elseif( $_POST['pass_again'] == "" )
{
include('includes/overall/header.php');
echo "Passwords must match";
include('includes/overall/footer.php');
}
// CREATE BETTER EMAIL CHECK
elseif( $_POST['email'] == "" )
{
include('includes/overall/header.php');
echo "Email must be valid.";
include('includes/overall/footer.php');
}
elseif( $_POST['email_again'] == "" )
{
include('includes/overall/header.php');
echo "Emails must match.";
include('includes/overall/footer.php');
}
elseif( $_POST['address_1'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['address_2'] == "" )
{
include('includes/overall/header.php');
echo "Address cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['town'] == "" )
{
include('includes/overall/header.php');
echo "Town cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['county'] == "" )
{
include('includes/overall/header.php');
echo "County cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['postcode'] == "" )
{
include('includes/overall/header.php');
echo "Postcode cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['business'] == "" )
{
include('includes/overall/header.php');
echo "Business cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_registered'] == "" )
{
include('includes/overall/header.php');
echo "VAT Registered cannot be empty";
include('includes/overall/footer.php');
}
elseif( $_POST['vat_number'] == "" )
{
include('includes/overall/header.php');
echo "VAT number cannot be empty, please enter N/A if not VAT registered.";
include('includes/overall/footer.php');
}
else
{
require( 'database.php' );
$username = mysqli_real_escape_string($con, $_POST['user']);
//Remove md5() function if not using encryption i.e. $password = $_POST['pass'];
$password = mysqli_real_escape_string($con, md5( $_POST['pass']));
$password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again']));
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$email = mysqli_real_escape_string($con, $_POST['email'] );
$email_again = mysqli_real_escape_string($con, $_POST['email_again']);
$address_1 = mysqli_real_escape_string($con, $_POST['address_1']);
$address_2 = mysqli_real_escape_string($con, $_POST['address_2']);
$town = mysqli_real_escape_string($con, $_POST['town']);
$county = mysqli_real_escape_string($con, $_POST['county']);
$postcode = mysqli_real_escape_string($con, $_POST['postcode']);
$business = mysqli_real_escape_string($con, $_POST['business']);
$vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']);
$vat_number = mysqli_real_escape_string($con, $_POST['vat_number']);
$sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'";
//echo "$sqlCheckForDuplicate<br/>";
$result = mysqli_query($con, $sqlCheckForDuplicate);
if(mysqli_num_rows($result) == 0){
//echo "No Duplicates<br/>";
$sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES (
'". $username ."',
'". $password ."',
'". $password_again ."',
'". $firstname ."',
'". $lastname ."',
'". $email ."',
'". $email_again ."',
'". $address_1 ."',
'". $address_2 ."',
'". $town ."',
'". $county ."',
'". $postcode ."',
'". $business ."',
'". $vat_registered ."',
'". $vat_number."'
)";
//echo "$sqlRegUser<br/>";
if( !mysqli_query($con, $sqlRegUser ) )
{
include('includes/overall/header.php');
echo "You Could Not Register Because Of An Unexpected Error.";
include('includes/overall/footer.php');
}
else
{
header ('location: login.php');
}
mysqli_free_result($result);
}
else
{
include('includes/overall/header.php');
echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One.";
//echo " $username;" //this is for error checking
include('includes/overall/footer.php');
}
/* close connection */
mysqli_close($con);
}
}
else
{
include('includes/overall/header.php');
echo "You Could Not Be Registered Because Of Missing Data.";
include('includes/overall/footer.php');
}
?>
Error reporting is switched on, I just cant see the problem. Any help is much appreciated :)
The error is on line 101. Help please. Code: [Select] <?php //begin register script $submit = $_POST['submit']; //form data $username= strip_tags ($_POST['username']); $email= strip_tags($_POST['email']); $pwd= strip_tags($_POST['pwd']); $confirmpwd= strip_tags($_POST['confirmpwd']); $date = date("Y-m-d"); if ($submit) { //check for required form data if($username&&$pwd&&$confirmpwd&&$email) { //encrypt password $pwd = md5($pwd); $confirmpwd =md5($pwd); //check if passwords match if ($pwd==$confirmpwd) { //check length of username if (strlen($username)>25||strlen($username)>25) { echo "length of username is too long"; } else { //check password length if(strlen($pwd)>25||strlen($pwd)<6) { echo"password must be between 6 and 25 characters"; } else { //register the user } else echo "your passwords do not match"; } else echo "please fill in all fields"; } ?> here is my code: Code: [Select] function registerUser() { mysql_connect('localhost', 'user', 'password', 'table'); $rsPostCode = $_POST['rsPostCode']; $rsGender = $_POST['rsGender']; $rsUser = $_POST['rsUser']; $rsPass = $_POST['rsPass']; $rsEmail = $_POST['rsEmail']; $rsMobile = $_POST['rsMobile']; $rsAge = $_POST['rsAge']; $sql = "INSERT INTO members_copy (rsPostCode, rsGender, rsUser, rsPass, rsEmail, rsMobile, rsAge) VALUES ($rsPostCode, $rsGender, $rsUser, $rsPass, $rsEmail, $rsMobile, $rsAge);"; //echo $sql; mysql_query($sql); } When I write out my SQL this is the output: INSERT INTO members_copy (rsPostCode, rsGender, rsUser, rsPass, rsEmail, rsMobile, rsAge) VALUES (BN11, Male, jarv, mypassword, john@email.com, 07998989999, 08/11/1978); here is my register page: http://www.retroandvintage.co.uk/register.php |
|||||||