Why does these 2 scripts not work?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • SirChick
    Sergeant

    • Jun 2007
    • 24

    Why does these 2 scripts not work?

    I been creating a login and register page, and have asked hundreds of php forums and no one can help, alot of them are quite rude about it.

    I have done alot of work on this but it just wont work lol. The login page doesn't login, nor does it check if the username and password match or if the username even exists in the database.

    Even some guru's had an attempt and made things worse than i did lol ! But im desperate to get this working! :/ So any help would be appreciated.. possibly test it on a page of your own see if it works...


    Login Code:

    PHP Code:
    <?php
    if (isset($_POST['Login'])) {

    $Username mysql_real_escape_string($_POST['Username']); 
    $Password mysql_real_escape_string($_POST['Password']);

    mysql_connect("localhost""root""private") or die (mysql_error());
    mysql_select_db("civilian") or die (mysql_error());
    $chkUSERNAME mysql_query("SELECT * FROM `userregistration` WHERE `Username` = '".$_POST['Username']."'");
     
    $getUSERNAME mysql_fetch_object($chkUSERNAME);
     if(
    $_POST['Username'] != $getUSERNAME->Username) {
      die(
    'Username or password is incorrect, please check your spelling!');

    $chkPASSWORD mysql_query("SELECT * FROM `userregistration` WHERE `Password` = '".$_POST['Password']."'");
     
    $getPASSWORD mysql_fetch_object($chkPASSWORD);
     if(
    $_POST['PASSWORD'] != $getPASSWORD->Password) {
      die(
    'Username or password is incorrect, please check your spelling!');

    header("Location: success.php");
    }}}
    ?>
    Now the registration code doesn't input the data from the form neither does my captcha security image validate weather it matches what the user inputted and on top of that, the checkbox for "i agree to terms of service".

    This is the code i am using for the registration page:
    PHP Code:
    <?php
    error_reporting
    (E_ALL); 

    if(!
    mysql_connect("localhost""root""private")){
    echo 
    mysql_error();
    exit;
    }
    else{
        
    mysql_select_db("civilian") or die (mysql_error());
        if (isset(
    $_POST['RegistrationSubmission'])) {
            
    session_start();
            
            
       if((
    $_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
          
    // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. 
            
    $Username mysql_real_escape_string($_POST['Username']); 
            
    $Password mysql_real_escape_string($_POST['Password']); 
            
    $Password2 mysql_real_escape_string($_POST['Password2']);
            
    $Email mysql_real_escape_string($_POST['EmailRegistration']);
            
    $Country mysql_real_escape_string($_POST['CountryChoice']);
            
    $ip $_SERVER["REMOTE_ADDR"];
            
    $Gender $_POST['Gender'];
            
    $TermsOfService $_POST['TermsOfService'];
            
    $jump2 1;
          if (
    $Password != $Password2) {
                echo 
    "Passwords did not match";
                    if (
    $TermsOfService == "off") {
                        echo 
    "You must agree to the terms of service before registering!";
                        
    $jump2 0;
                    }
                }
                if (
    $jump2 ==1){
                    
    $chkUSERNAME mysql_query("SELECT * FROM `userregistration` WHERE `Username` = '".$_POST['Username']."'");
                    
    $getUSERNAME mysql_fetch_assoc($chkUSERNAME);
                     if(
    $_POST['Username'] == $getUSERNAME['Username']) {
                          die(
    'Username already registered, please choose a different username!');
                     }
                    
    $chkEmail mysql_query("SELECT * FROM `userregistration` WHERE `Email` = '".$_POST['EmailRegistration']."'");
                    
    $getEmail mysql_fetch_assoc($chkEmail);
                    if(
    $_POST['EmailRegistration'] == $getEmail['Email']) {
                          die(
    'Email already registered, please choose a different username!');
                    }
                 if (
    $Password == $Password2) {
                    
    $query "INSERT INTO `userregistration` (Username,Password,Email,Country,IP,Gender) 
                              Values ('
    $Username', '$Password', '$Email', '$Country', '$ip', '$Gender')";
                    
    mysql_query($query) or die(mysql_error());
          unset(
    $_SESSION['security_code']);
          
    header("Location: success.php");
       } 
          
    // Insert your code for showing an error message here
          
    If ($_SESSION['security_code'] != $_POST['security_code']){
          die(
    'Your security code input did not match the generated image, please try again!');
          }}
        }
        }
        }


    ?>

    This is the second part of the code which provides the security image for captcha on the registration page:

    PHP Code:
    <?php
    session_start
    ();
     
    /*
    * File: CaptchaSecurityImages.php
    * Author: Simon Jarvis
    * Copyright: 2006 Simon Jarvis
    * Date: 03/08/06
    * Updated: 07/02/07
    * Requirements: PHP 4/5 with GD and FreeType libraries
    * Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php

    * This program is free software; you can redistribute it and/or 
    * modify it under the terms of the GNU General Public License 
    * as published by the Free Software Foundation; either version 2 
    * of the License, or (at your option) any later version.

    * This program is distributed in the hope that it will be useful, 
    * but WITHOUT ANY WARRANTY; without even the implied warranty of 
    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
    * GNU General Public License for more details: 
    * http://www.gnu.org/licenses/gpl.html
    *
    */
     
    class CaptchaSecurityImages {
     
       var 
    $font 'monofont.ttf';
     
       function 
    generateCode($characters) {
          
    /* list all possible characters, similar looking characters and vowels have been removed */
          
    $possible '23456789bcdfghjkmnpqrstvwxyz';
          
    $code '';
          
    $i 0;
          while (
    $i $characters) { 
             
    $code .= substr($possiblemt_rand(0strlen($possible)-1), 1);
             
    $i++;
          }
          return 
    $code;
       }
     
       function 
    CaptchaSecurityImages($width='120',$height='40',$characters='6') {
          
    $code $this->generateCode($characters);
          
    /* font size will be 75% of the image height */
          
    $font_size $height 0.75;
          
    $image imagecreate($width$height) or die('Cannot initialize new GD image stream');
          
    /* set the colours */
          
    $background_color imagecolorallocate($image255255255);
          
    $text_color imagecolorallocate($image2040100);
          
    $noise_color imagecolorallocate($image100120180);
          
    /* generate random dots in background */
          
    for( $i=0$i<($width*$height)/3$i++ ) {
             
    imagefilledellipse($imagemt_rand(0,$width), mt_rand(0,$height), 11$noise_color);
          }
          
    /* generate random lines in background */
          
    for( $i=0$i<($width*$height)/150$i++ ) {
             
    imageline($imagemt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
          }
          
    /* create textbox and add text */
          
    $textbox imagettfbbox($font_size0$this->font$code) or die('Error in imagettfbbox function');
          
    $x = ($width $textbox[4])/2;
          
    $y = ($height $textbox[5])/2;
          
    imagettftext($image$font_size0$x$y$text_color$this->font $code) or die('Error in imagettftext function');
          
    /* output captcha image to browser */
          
    header('Content-Type: image/jpeg');
          
    imagejpeg($image);
          
    imagedestroy($image);
          
    $_SESSION['security_code'] = $code;
       }
     
    }
     
    $width = isset($_GET['width']) && $_GET['height'] < 600 $_GET['width'] : '120';
    $height = isset($_GET['height']) && $_GET['height'] < 200 $_GET['height'] : '40';
    $characters = isset($_GET['characters']) && $_GET['characters'] > $_GET['characters'] : '6';
     
    $captcha = new CaptchaSecurityImages($width,$height,$characters);
     
    ?>
  • Karen Mac
    General

    • Apr 2006
    • 8332

    #2
    Re: Why does these 2 scripts not work?

    What are you using to generate the form, and.. what are you trying to install it to. Could simply be compatibility issues.

    Karen

    VodaHost

    Your Website People!
    1-302-283-3777 North America / International
    02036089024 / United Kingdom
    291916438 / Australia

    ------------------------

    Top 3 Best Sellers

    Web Hosting - Unlimited disk space & bandwidth.

    Reseller Hosting - Start your own web hosting business.

    Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


    Comment

    • Watdaflip
      Major General

      • Sep 2005
      • 2116

      #3
      Re: Why does these 2 scripts not work?

      I'll tinker with in in a little bit once I get something done.

      Register/Login Script
      Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

      Comment

      • Watdaflip
        Major General

        • Sep 2005
        • 2116

        #4
        Re: Why does these 2 scripts not work?

        Ok, heres the login page. I made an assumption that you wanted to distinguish if the error logging in was because of a bad username or bad password. If you just have a plain "Login Failed" message if either of the two are wrong you can simplify the script a little more... but here it is

        PHP Code:
        <?php
        session_start
        ();
        if(isset(
        $_POST['Login'])) 
        {    
            
        $mysql_connection mysql_connect("localhost""db_user""db_pass") or die (mysql_error());
            
        mysql_select_db("db_name") or die (mysql_error());
            
            
        $username mysql_real_escape_string($_POST['Username']); 
            
        $password md5(mysql_real_escape_string($_POST['Password']));

            
            
        // Both username and password check can be done in one query,
            // but I'm guessing you want to have an error based on exactly whats wrong
            // If you do it this way you need a third query to check if the username corresponds with the password
            
        $chkUSERNAME mysql_query("SELECT * FROM userregistration WHERE Username = '$username'");
            
        $getUSERNAME mysql_num_rows($chkUSERNAME);
            
            
        $chkPASSWORD mysql_query("SELECT * FROM userregistration WHERE Password = '$password'");
            
        $getPASSWORD mysql_num_rows($chkPASSWORD);
            
            
        $chkLOGIN mysql_query("SELECT * FROM userregistration WHERE Username='$username' && Password='$password'");
            
        $getLOGIN mysql_num_rows($chkLOGIN);
            
            
        // check if username is correct
            
        if($getPASSWORD == 0
            {
                echo 
        'Username is incorrect, please check your spelling!';
            }
            elseif(
        $getPASSWORD == 0
            {
                echo 
        'Password is incorrect, please check your spelling!';
            }
            elseif(
        $getLOGIN != 1)
            {
                echo 
        'Username and password do no correspond';
            }
            else
            {
                
        // set session
                
        $_SESSION['username'] = $username;
                
        $_SESSION['password'] = $password;
            }
            
            
        // close database
            
        mysql_close($mysql_connection);
            
            if(
        $getLOGIN == 1)
            {
                
        header("Location: success.php");
            }
        }
        ?>
        Heres the register page
        PHP Code:
        <?php
        session_start
        ();
        error_reporting(E_ALL); 

        if (isset(
        $_POST['RegistrationSubmission']))
        {
            if((
        $_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) 
            {
            
                
        $mysql_connect mysql_connect("localhost""db_user""db_pass") or die(mysql_error());
                
        mysql_select_db("db_name") or die (mysql_error());

                
        // posted variables
                
        $Username mysql_real_escape_string($_POST['Username']); 
                
        $Password mysql_real_escape_string($_POST['Password']); 
                
        $Password2 mysql_real_escape_string($_POST['Password2']);
                
        $Email mysql_real_escape_string($_POST['EmailRegistration']);
                
        $Country mysql_real_escape_string($_POST['CountryChoice']);
                
        $ip $_SERVER["REMOTE_ADDR"];
                
        $Gender mysql_real_escape_string($_POST['Gender']);
                
        $TermsOfService $_POST['TermsOfService'];
                
                
        $chkUSERNAME mysql_query("SELECT * FROM userregistration WHERE Username='$Username'");
                
        $getUSERNAME mysql_num_rows($chkUSERNAME);
                
        $chkEmail mysql_query("SELECT * FROM userregistration WHERE Email='$Email'");
                
        $getEmail mysql_num_rows($chkEmail);

                if (
        $Password != $Password2)
                {
                    echo 
        "Passwords did not match";
                }
                elseif(
        $TermsOfService != TRUE
                {
                    echo 
        "You must agree to the terms of service before registering!";
                    
                }
                elseif(
        $getUSERNAME != 0)
                {
                    echo 
        'Username already registered, please choose a different username!';
                }
                elseif(
        $getEmail != 0
                {
                    echo 
        'Email already registered, please choose a different username!';
                }
                else
                {
                    
        $encrypt_password md5($Password);
                    
        $query "INSERT INTO userregistration (Username,Password,Email,Country,IP,Gender) 
                    VALUES ('
        $Username', '$encrypt_password', '$Email', '$Country', '$ip', '$Gender')";
                    
        $register mysql_query($query) or die(mysql_error());
                    unset(
        $_SESSION['security_code']);
                }
                
                
        mysql_close($mysql_connect);
                if(
        $register)
                {
                    
        header("Location: success.php");
                }
            }
            else
            {
                die(
        'Your security code input did not match the generated image, please try again!');
            }
        }
        ?>
        Basically there were a bunch of login errors in the code, and a couple security issues (most related to the login errors).

        The passwords are now encrypted when stored in the database (This is a must, make sure you always encrypt passwords).

        You might have to change your form depending on what you have the value set for the checkbox if they agree to the terms and conditions. The value needs to be set to "TRUE".

        And you never actually logged the user in, you just checked if the information was correct. I added a session to remember the login. You will want to run a check on every page that requires the user to be logged in. Something like

        PHP Code:
        <?
        session_start();
        mysql_connect("localhost", "db_user", "db_pass");
        mysql_select_db("db_name");
        $login_check = mysql_query("SELECT * FROM userregistration WHERE Username='".$_SESSION['Username']."' && Password='".$_SESSION['Password']."'");
        if(mysql_num_rows($login_check != 1) die("You are not logged in");
        ?>
        Also always make sure you close your mysql connections with mysql_close();

        Register/Login Script
        Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

        Comment

        • navaldesign
          General & Forum Moderator

          • Oct 2005
          • 12080

          #5
          Re: Why does these 2 scripts not work?

          I did not have the time to check the script. I can only say that if you actually encrypt the password, you need to add a "Reset Password" routine, as it will not any longer be possible to send the user his Password using a "Forgot Password" routine. This routine should also have an auxiliary column in the database for this new password (that should be randomly / automatically generated) and should be able to mail the user the new password, together with an "activation" link to activate the new pass.
          After he clicks on the activation link, he gets redirected on your site where the new pass is placed in the correct column.

          The user could then login (if you have a Edit Pass page" and change it again to whatever he likes.
          Navaldesign
          Logger Lite: Low Cost, Customizable, multifeatured Login script
          Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
          DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
          Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

          Comment

          Working...
          X