FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Why isn't this working

   Frihost Forum Index -> Scripting -> Php and MySQL
 


asim
i was working on a complete member system... that is registering a user -----. inserting the info in SQl database, then user logging in, got thru some refernces and came acros one..... but that is not working i mean its not inserting info to database and script keeps on giving error.

i divided them in three files : db_connection.php, registeration.php and login.php.
and also note that i am not using Apache server on my comp..... im using an application called WAMP i think al here are aware of it.

now the script of all file one by one.
1. db_connect.php
Code:
<?php
$database[dbserver]="localhost";
$database[dbuser]="root";
$database[dbname]="members";
$database[dbpass]="";
$table ="members_";

$connect = mysql_connect($database['dbserver'], $database['dbuser'], $database['dbpass']);

$select= mysql_select_db($database['dbname']);
?>


2. register.php
Code:
<?
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');

//SEE IF ALREADY LOGGED IN

 if($_SESSION['logged_in'] == 1)
    {
      //REDIRECT TO HOMEPAGE
      header('Location: http://' . $_SERVER['HTTP_HOST'] . '');
    } else {

 if(isset($HTTP_POST_VARS['submit']))
{

//BEGIN CHECKING USERNAME...

  if(!$_POST['username']) die('Alert: username field was blank.');

 //array of invalid characters
  $junk = array('.' , ',' , '/' , '\' , '`' , ';' , '[' ,  ']' , '-',
              '*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')',
           '|', '{', '}', '<', '>', '?', ':', '"', '=');
          
  //starting lenght of username
  $len = strlen($_POST['username']);
 
  //replace invalid characters
  $_POST['username'] = str_replace($junk, '', $_POST['username']);
  $test = $_POST['username'];
 
  //if lenghts are different ($len smaller), invalid characters found, so prompt error.
  if(strlen($test) != $len) {
     die('Username Error: Username contained invalid characters. You can only use A-Z, 0-9 and the

underscore (_).');
  }

//Check if username already exists...

 $q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$_POST['username']."'");
   $q3 = mysql_fetch_object($q2);
   
    if($q3-> username == $_POST['username']) {
   die('<BR><BR>Sorry, but the username "'.$q3->username.'" is taken, please choose another.');
}

//PASSWORD

if(!$_POST['password']) {
      die('Error: Password field was blank');
    }
  if(!$_POST['verify_password']) {
     die('Error: Verify Password field was blank.');
    }
  if($_POST['password'] != $_POST['verify_password']) {
      die('Error: The passwords do not match.');
    }
  if(strlen($_POST['password']) < 6 ) {
     die('Error: Your password is too short. Must be 6 or more characters in length.');
    }

//ADD NEW MEMBER

$insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$_POST['username']."',

'".md5($_POST['password'])."', '".$_POST['email']."')";
 
 $insert2 = mysql_query($insert);
   if(!$insert2) die(mysql_error());
 
echo('Registration Successful, Welcome new member! You can now login to your new account.');

 } else {
 ?>
  <table>
 <form name="signup" action="<? $_SERVER['PHP_SELF']; ?>" method="POST">
 <tr>
     <td>Username: <BR> (only A-Z, 0-9 and _ Allowed)<BR></td>
     <td><input type="text" id ="username" name="username" value="" maxlength="30"> <BR></td>
 </tr>
 <tr>
     <td>Password:</td>
     <td><input type="password" id="password" name="password" value="" maxlength="30"><BR> (minimum 6

characters)</td>
 </tr>
 <tr>
     <td>Verify Pass:</td>
     <td><input type="password" id="verify_password" name="verify_password" value="" maxlength="30"><BR>

</td>
 </tr>
 <tr>
     <td>Email:</td>
     <td><input type="text" id="email" name="email" value="" size="30"><br></td>
 </tr>
 <tr>
      <td>Click to Complete Signup:</td>
      <td><input type="submit" id="submit" name="submit" value="submit"></td>
 </tr>
 </form>
 </table>
<?
} //end not logged in
} //end submit not pressed
?>


Error i get when i run register.php

Quote:

username == $_POST['username']) { die('

Sorry, but the username "'.$q3->username.'" is taken, please choose another.'); } //PASSWORD if(!$_POST['password']) { die('Error: Password field was blank'); } if(!$_POST['verify_password']) { die('Error: Verify Password field was blank.'); } if($_POST['password'] != $_POST['verify_password']) { die('Error: The passwords do not match.'); } if(strlen($_POST['password']) < 6 ) { die('Error: Your password is too short. Must be 6 or more characters in length.'); } //ADD NEW MEMBER $insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$_POST['username']."', '".md5($_POST['password'])."', '".$_POST['email']."')"; $insert2 = mysql_query($insert); if(!$insert2) die(mysql_error()); echo('Registration Successful, Welcome new member! You can now login to your new account.'); } else { ?>


3. login.php
Code:
<?php
 ob_start();
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');

if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
       //REDIRECT TO USERS PROFILE...
      header("Location: http://www.yoursite.com");
} //end if logged in

//IF SUBMIT BUTTON PRESSED
if(isset($_POST['submit'])) {

   if(!$_POST['username']) die("Error: You must enter your username before logging in.");
   if(!$_POST['password']) die("Error: You must enter your password before logging in.");
   
 //set cookie if checked
   if(!empty($_POST['stay_in'])) { 
         $joined =''.$_POST['username'].'[]'.md5($_POST['password']).'';
         setcookie('login_cookie', $joined, 2147483647, '/', '.www.yoursite.com');   
    } //end if

//verify user...
$get_user = mysql_query("SELECT * FROM `members` WHERE username = '".$_POST['username']."' AND

user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
    if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.");

//set session variables
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
session_write_close();

header("Location: http://www.yoursite.com");

} else {
//show login form
?>
<form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
<table>
<tr>
  <td>Username:<input type="text" id="username" name="username"></td>
</tr>
<tr>
  <td>Password:<input type="password" id="password" name="password"></td>
</tr>
<tr>
  <td>Submit: <input type="submit" value="Submit" name="submit" id="submit"></td>
</tr>
<tr>
<td>Remember? <input type="checkbox" name="stay_in[]" checked="yes"></td>
</tr>
</table>
</form>
<?
}//end else
?>


Error i get when i run login.php

Quote:
Parse error: syntax error, unexpected $end in C:\wamp\www\member\login.php on line 59


please do tell me where i m wrong with complete discription as im going mad over it.
mathiaus
You need to use <?php at the start of register.php & near the bottom of login.php
asim
mathiaus wrote:
Quote:
You need to use <?php at the start of register.php & near the bottom of login.php


i did this and again got an error, in register.php
Quote:
Parse error: syntax error, unexpected '`', expecting ')' in C:\wamp\www\member\register.php on line 20
.

as said by you i added <?php in the start of the code.
the code is now like this:-
register.php

Code:
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');

//SEE IF ALREADY LOGGED IN

 if($_SESSION['logged_in'] == 1)
    {
      //REDIRECT TO HOMEPAGE
      header('Location: http://' . $_SERVER['HTTP_HOST'] . '');
    } else {

 if(isset($HTTP_POST_VARS['submit']))
{

//BEGIN CHECKING USERNAME...

  if(!$_POST['username']) die('Alert: username field was blank.');

 //array of invalid characters
  $junk = array('.' , ',' , '/' , '\' , '`' , ';' , '[' ,  ']' , '-',
              '*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')',
           '|', '{', '}', '<', '>', '?', ':', '"', '=');
          
  //starting lenght of username
  $len = strlen($_POST['username']);
 
  //replace invalid characters
  $_POST['username'] = str_replace($junk, '', $_POST['username']);
  $test = $_POST['username'];
 
  //if lenghts are different ($len smaller), invalid characters found, so prompt error.
  if(strlen($test) != $len) {
     die('Username Error: Username contained invalid characters. You can only use A-Z, 0-9 and the

underscore (_).');
  }

//Check if username already exists...

 $q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$_POST['username']."'");
   $q3 = mysql_fetch_object($q2);
   
    if($q3-> username == $_POST['username']) {
   die('<BR><BR>Sorry, but the username "'.$q3->username.'" is taken, please choose another.');
}

//PASSWORD

if(!$_POST['password']) {
      die('Error: Password field was blank');
    }
  if(!$_POST['verify_password']) {
     die('Error: Verify Password field was blank.');
    }
  if($_POST['password'] != $_POST['verify_password']) {
      die('Error: The passwords do not match.');
    }
  if(strlen($_POST['password']) < 6 ) {
     die('Error: Your password is too short. Must be 6 or more characters in length.');
    }

//ADD NEW MEMBER

$insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$_POST['username']."',

'".md5($_POST['password'])."', '".$_POST['email']."')";
 
 $insert2 = mysql_query($insert);
   if(!$insert2) die(mysql_error());
 
echo('Registration Successful, Welcome new member! You can now login to your new account.');

 } else {
 ?>
  <table>
 <form name="signup" action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
 <tr>
     <td>Username: <BR> (only A-Z, 0-9 and _ Allowed)<BR></td>
     <td><input type="text" id ="username" name="username" value="" maxlength="30"> <BR></td>
 </tr>
 <tr>
     <td>Password:</td>
     <td><input type="password" id="password" name="password" value="" maxlength="30"><BR> (minimum 6

characters)</td>
 </tr>
 <tr>
     <td>Verify Pass:</td>
     <td><input type="password" id="verify_password" name="verify_password" value="" maxlength="30"><BR>

</td>
 </tr>
 <tr>
     <td>Email:</td>
     <td><input type="text" id="email" name="email" value="" size="30"><br></td>
 </tr>
 <tr>
      <td>Click to Complete Signup:</td>
      <td><input type="submit" id="submit" name="submit" value="submit"></td>
 </tr>
 </form>
 </table>
<?
} //end not logged in
} //end submit not pressed
?>


Line 20 in register.php is
Code:

Line 20 - $junk = array('.' , ',' , '/' , '\' , '`' , ';' , '[' ,  ']' , '-',
Line 21    '*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')',
Line 22     '|', '{', '}', '<', '>', '?', ':', '"', '=');


and about login.php
Quote:

Notice: Use of undefined constant dbserver - assumed 'dbserver' in C:\wamp\www\member\db_connect.php on line 3

Notice: Use of undefined constant dbuser - assumed 'dbuser' in C:\wamp\www\member\db_connect.php on line 4

Notice: Use of undefined constant dbname - assumed 'dbname' in C:\wamp\www\member\db_connect.php on line 5

Notice: Use of undefined constant dbpass - assumed 'dbpass' in C:\wamp\www\member\db_connect.php on line 6


i guess everything is right in db_connection.php the code is below.

Code:
<?php

$database[dbserver]="localhost";
$database[dbuser]="root";
$database[dbname]="members";
$database[dbpass]="";
$table ="members_";

$connect = mysql_connect($database['dbserver'], $database['dbuser'], $database['dbpass']);

$select= mysql_select_db($database['dbname']);
?>
AftershockVibe
Having a quick look, I don't see anything outrageously wrong with that (although things are easy to miss when reading code on forums).

You might want to try escaping the "`" mark, so change it to "\`".

However, your checking isn't really a good way of doing things to begin with. You should really test for VALID characters, not invalid characters if you want only alphanumeric characters in your usernames. Especially since your invalid list is a little er... small. There are an awful lot of invalid characters that don't appear on the keyboard.

Really you should look at using the eregi() function for evaluating this sort of thing. Here's a quick libk, the examples at the bottom should give you more than enough information Wink

http://uk2.php.net/eregi
mathiaus
Use quotes in arrays.
ie. $database['dbserver']="localhost";
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.