Thread: [PHP] error with register and log in script
View Single Post
(#1 (permalink))
Old
mikofede mikofede is offline
Junior Member
mikofede is on a distinguished road
  
Posts: 8
Join Date: May 2012
Question [PHP] error with register and log in script - 05-20-2012, 11:29 PM
The first error I encounter is that whenever I create a new account and activate it, the password will be stored in the MySQL as '%password'. And if I try to log in (changing the password to something else) it wont allow me to log in, outputting back: 'Please enter a username.'

Here are the scripts..
php in register.php
Code:
<?php
session_start();
include("includes/connect.php");
include("includes/html_codes.php");

if(isset($_POST['submit'])){
	$error = array();
	
	//username
	if(empty($_POST['username'])){
		$error[] = "<font color=\"red\">Please enter a username.</font><br /> ";
	}else if(ctype_alnum($_POST['username'])){
		$username = $_POST['username'];
	}else{
		$error[] = "<font color=\"red\">Username must consist of letters and numbers only.</font><br /> ";
	}
	//email
    if(empty($_POST['email'])){
        $error[] = "<font color=\"red\">Please enter your email.</font><br /> ";
    }else if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['email'])){
		$email = mysql_real_escape_string($_POST['email']);
    }else{
		$error[] = "<font color=\"red\">Your e-mail address is invalid.</font><br /> ";
    }
	
	//password
	if(empty($_POST['password'])){
		$error[] = "<font color=\"red\">Please enter a password.</font><br /> ";
	}else{
		$password = mysql_real_escape_string($_POST['password']);
	}
	
	if(empty($error)){
		$result = mysql_query("SELECT * FROM users WHERE email ='$email' OR username='$username' ") or die(mysql_error());
		if(mysql_num_rows($result)==0){
			$activation = md5(uniqid(rand(), true));
			$result2 = mysql_query("INSERT INTO tempusers (user_id,username,email,password,activation) VALUES ('','$username','$email','%password','$activation')") or die(mysql_error());
			if(!$result2){
				die('Could not insert into database: '.mysql_error());
			}else{
				$message = "To activate your account, please click on the following link: \n\n";
				$message .= "http://fastpinto.netai.net".'/activate.php?email='.urlencode($email)."&key=$activation";
				mail($email, Registration at pintofede confirmation, $message);
				header('Location: prompt.php?x=1');
			}
		}else{
			header('Location: prompt.php?x=2');
		}
	}else{
		$error_message = '<span class="error">';
		foreach($error as $key => $values){
			$error_message.= "$values";
		}
		$error_message.="</span><br/><br/>";
	}
	
}
?>
activate.php
Code:
<?php
include("includes/connect.php");

if(isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])){
	$email = mysql_real_escape_string($_GET['email']);
}
if(isset($_GET['key']) && (strlen($_GET['key'])==32)){
	$key = mysql_real_escape_string($_GET['key']);
}
if(isset($email) && isset($key)){
	$result = mysql_query(" SELECT * FROM tempusers WHERE (email='$email' AND activation='$key') LIMIT 1") or die(mysql_error());
	while($row = mysql_fetch_array($result)){
		$user_id = mysql_real_escape_string($row['user_id']);
		$username = mysql_real_escape_string($row['username']);
		$email = mysql_real_escape_string($row['email']);
		$password = mysql_real_escape_string($row['password']);
	}
	$result1 = mysql_query("INSERT INTO users (user_id,username,email,password,role,credits) VALUES ('','$username','$email','$password','user',0)") or die(mysql_error());
	$result2 = mysql_query("DELETE FROM tempusers WHERE user_id='$user_id' ") or die(mysql_error());
	if(!$result1){
		echo "Oops your account could not be activated, please contact the system admin!";
	}else{
		header( 'Location:prompt.php?x=0' );
	}
}else{
	echo "Error, please contact the system admin!";
}
?>
php in login.php
Code:
<?php
session_start();
include("includes/connect.php");
include("includes/html_codes.php");
if( isset($_SESSION['user_id']) ){
	header('Location:account.php');
}
if(isset($_POST['submit'])){
	$error = array();
	
	//username
	if(empty($_POST['username'])){
		$error[] = 'Please enter a username. ';
	}else if(ctype_alnum($_POST['username'])){
		$username = $_POST['username'];
	}else{
		$error[] = 'Username must consist of letters and numbers only. ';
	}
	//password
	if(empty($_POST['password'])){
		$error[] = 'Please enter a password. ';
	}else{
		$password = mysql_real_escape_string($_POST['password']);
	}
	
	if(empty($error)){
			$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' ") or die(mysql_error());
			if(mysql_num_rows($result)==1){
				while($row = mysql_fetch_array($result)){
					$_SESSION['user_id'] = $row['user_id'];
					header('Location:account.php');
				}
		}else{
			$error_message = '<span class="error">Username or password is incorrect.</span><br /><br />';
		}
	}else{
		$error_message = '<span class="error">';
		foreach($error as $key => $values){
			$error_message.= "$values";
		}
		$error_message.="</span><br/><br/>";
	}
	
}
?>
I have no idea what is going wrong..
Reply With Quote
Sponsored Links