Tweet
Im trying to set up a register page on my website, i have setup a mySQL DB and user, I have completed the code, however, when the form is submitted i get these two errors
Warning: mysql_connect() [function.mysql-connect]: Access denied for user '*****bid_admin'@'127.0.0.1' (using password: YES) in /home/*****bid/public_html/register.php on line 110
Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/*****bid/public_html/register.php on line 111
line 110 and 111 are
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
the rest of the code is below(DB PW replaced with *********)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>*****Bidz.com</title>
<meta http-equiv="Page-Enter" content="blendTrans(Duration=1)">
<meta name="GENERATOR" content="Created by BlueVoda">
<style type="text/css">
div#container
{
position: absolute;
left: 50%;
top: 50%;
width: 1385px;
height: 716px;
margin-top: -358px;
margin-left: -692px;
}
</style>
<?PHP
//session_start();
//if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
//header ("Location: account.php");
//}
//set the session variable to 1, if the user signs up. That way, they can use the site straight away
//do you want to send the user a confirmation email?
//does the user need to validate an email address, before they can use the site?
//do you want to display a message for the user that a particular username is already taken?
//test to see if the u and p are long enough
//you might also want to test if the users is already logged in. That way, they can't sign up repeatedly without closing down the browser
//other login methods - set a cookie, and read that back for every page
//collect other information: date and time of login, ip address, etc
//don't store passwords without encrypting them
$uname = "";
$pword = "";
$cpword = "";
$email = "";
$fname = "";
$lname = "";
$errorMessage = "";
$num_rows = 0;
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//================================================== ==================
// GET THE CHOSEN U AND P, AND CHECK IT FOR DANGEROUS CHARCTERS
//================================================== ==================
$uname = $_POST['username'];
$pword = $_POST['password'];
$cpword = $_POST['cpassword'];
$email = $_POST['email'];
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);
//================================================== ==================
// CHECK TO SEE IF U AND P ARE OF THE CORRECT LENGTH
// A MALICIOUS USER MIGHT TRY TO PASS A STRING THAT IS TOO LONG
// if no errors occur, then $errorMessage will be blank
//================================================== ==================
$uLength = strlen($uname);
$pLength = strlen($pword);
if ($uLength >= 10 && $uLength <= 20) {
$errorMessage = "";
}
else {
$errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
}
if ($pLength >= 8 && $pLength <= 16) {$errorMessage = "";}
else {$errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
}
if ($pword == $cpword){$errorMessage = "";}
else {$errorMessage = $errorMessage . "Your passwords do not match" . "<BR>";}
//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
//================================================== ==================
// Write to the database
//================================================== ==================
if ($errorMessage == "") {
$user_name = "*****bid_admin";
$pass_word = "*********";
$database = "*****bid_usersdb";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$uname = quote_smart($uname, $db_handle);
$pword = quote_smart($pword, $db_handle);
$email = quote_smart($email, $db_handle);
$fname = quote_smart($fname, $db_handle);
$lname = quote_smart($lname, $db_handle);
//================================================== ==================
// CHECK THAT THE USERNAME IS NOT TAKEN
//================================================== ==================
$SQL = "SELECT * FROM usersdb WHERE UN = $uname";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
$errorMessage = "Username already taken";
}
else {
$SQL = "INSERT INTO usersdb (UN, PW, EM, FN, LN) VALUES ($uname, md5($pword), $email, $fname, $lname)";
$result = mysql_query($SQL);
mysql_close($db_handle);
//================================================== ===============================
// START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
// SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
//================================================== ===============================
session_start();
$_SESSION['login'] = "1";
header ("Location: account.php");
}
}
else {
$errorMessage = "Database Not Found";
}
}
}
?>
<style type="text/css">
img { behavior: url("pngfix.***"); }
</style>
</head>
<body bgcolor="#D5DEFD" text="#000000" <?PHP print $errorMessage;?>>
<div id="container">
<div id="bv_Shape2" style="position:absolute;left:253px;top:206px;widt h:886px;height:2542px;z-index:0;" align="center">
<img src="images/bv01041.gif" id="Shape2" align="top" alt="" title="" border="0" width="886" height="2542"></div>
<img src="images/bv01003.png" align="top" alt="" border="0" width="383" height="158" style="position:absolute;left:502px;top:14px;width :383px;height:158px;z-index:1">
<div id="bv_Html1" style="position:absolute;left:557px;top:289px;widt h:271px;height:309px;z-index:2;" align="left">
<FORM NAME ="register" METHOD ="POST" ACTION ="register.php">
First Name: <INPUT TYPE = 'TEXT' Name ='firstname' value="<?PHP print $fname;?>"> <br><br>
Last Name: <INPUT TYPE = 'TEXT' Name ='lastname' value="<?PHP print $lname;?>" ><br><br>
Email:         <INPUT TYPE = 'TEXT' Name ='email' value="" ><br><br>
Username (20 Characters max): <INPUT TYPE = 'TEXT' Name ='username' value="" maxlength="20"><br><br>
Password (16 Characters max): <INPUT TYPE = 'TEXT' Name ='password' value="" maxlength="16"><br><br>
Confirm Password: <INPUT TYPE = 'TEXT' Name ='cpassword' value="" maxlength="16"><br><br>
<P>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Register">
<input type="reset" id="regclear" name="regclear" value="Clear"
<?PHP print $errorMessage;?>
</FORM></div>
</div>
</body>
</html>
Warning: mysql_connect() [function.mysql-connect]: Access denied for user '*****bid_admin'@'127.0.0.1' (using password: YES) in /home/*****bid/public_html/register.php on line 110
Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/*****bid/public_html/register.php on line 111
line 110 and 111 are
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
the rest of the code is below(DB PW replaced with *********)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>*****Bidz.com</title>
<meta http-equiv="Page-Enter" content="blendTrans(Duration=1)">
<meta name="GENERATOR" content="Created by BlueVoda">
<style type="text/css">
div#container
{
position: absolute;
left: 50%;
top: 50%;
width: 1385px;
height: 716px;
margin-top: -358px;
margin-left: -692px;
}
</style>
<?PHP
//session_start();
//if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
//header ("Location: account.php");
//}
//set the session variable to 1, if the user signs up. That way, they can use the site straight away
//do you want to send the user a confirmation email?
//does the user need to validate an email address, before they can use the site?
//do you want to display a message for the user that a particular username is already taken?
//test to see if the u and p are long enough
//you might also want to test if the users is already logged in. That way, they can't sign up repeatedly without closing down the browser
//other login methods - set a cookie, and read that back for every page
//collect other information: date and time of login, ip address, etc
//don't store passwords without encrypting them
$uname = "";
$pword = "";
$cpword = "";
$email = "";
$fname = "";
$lname = "";
$errorMessage = "";
$num_rows = 0;
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//================================================== ==================
// GET THE CHOSEN U AND P, AND CHECK IT FOR DANGEROUS CHARCTERS
//================================================== ==================
$uname = $_POST['username'];
$pword = $_POST['password'];
$cpword = $_POST['cpassword'];
$email = $_POST['email'];
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);
//================================================== ==================
// CHECK TO SEE IF U AND P ARE OF THE CORRECT LENGTH
// A MALICIOUS USER MIGHT TRY TO PASS A STRING THAT IS TOO LONG
// if no errors occur, then $errorMessage will be blank
//================================================== ==================
$uLength = strlen($uname);
$pLength = strlen($pword);
if ($uLength >= 10 && $uLength <= 20) {
$errorMessage = "";
}
else {
$errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
}
if ($pLength >= 8 && $pLength <= 16) {$errorMessage = "";}
else {$errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
}
if ($pword == $cpword){$errorMessage = "";}
else {$errorMessage = $errorMessage . "Your passwords do not match" . "<BR>";}
//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
//================================================== ==================
// Write to the database
//================================================== ==================
if ($errorMessage == "") {
$user_name = "*****bid_admin";
$pass_word = "*********";
$database = "*****bid_usersdb";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$uname = quote_smart($uname, $db_handle);
$pword = quote_smart($pword, $db_handle);
$email = quote_smart($email, $db_handle);
$fname = quote_smart($fname, $db_handle);
$lname = quote_smart($lname, $db_handle);
//================================================== ==================
// CHECK THAT THE USERNAME IS NOT TAKEN
//================================================== ==================
$SQL = "SELECT * FROM usersdb WHERE UN = $uname";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
$errorMessage = "Username already taken";
}
else {
$SQL = "INSERT INTO usersdb (UN, PW, EM, FN, LN) VALUES ($uname, md5($pword), $email, $fname, $lname)";
$result = mysql_query($SQL);
mysql_close($db_handle);
//================================================== ===============================
// START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
// SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
//================================================== ===============================
session_start();
$_SESSION['login'] = "1";
header ("Location: account.php");
}
}
else {
$errorMessage = "Database Not Found";
}
}
}
?>
<style type="text/css">
img { behavior: url("pngfix.***"); }
</style>
</head>
<body bgcolor="#D5DEFD" text="#000000" <?PHP print $errorMessage;?>>
<div id="container">
<div id="bv_Shape2" style="position:absolute;left:253px;top:206px;widt h:886px;height:2542px;z-index:0;" align="center">
<img src="images/bv01041.gif" id="Shape2" align="top" alt="" title="" border="0" width="886" height="2542"></div>
<img src="images/bv01003.png" align="top" alt="" border="0" width="383" height="158" style="position:absolute;left:502px;top:14px;width :383px;height:158px;z-index:1">
<div id="bv_Html1" style="position:absolute;left:557px;top:289px;widt h:271px;height:309px;z-index:2;" align="left">
<FORM NAME ="register" METHOD ="POST" ACTION ="register.php">
First Name: <INPUT TYPE = 'TEXT' Name ='firstname' value="<?PHP print $fname;?>"> <br><br>
Last Name: <INPUT TYPE = 'TEXT' Name ='lastname' value="<?PHP print $lname;?>" ><br><br>
Email:         <INPUT TYPE = 'TEXT' Name ='email' value="" ><br><br>
Username (20 Characters max): <INPUT TYPE = 'TEXT' Name ='username' value="" maxlength="20"><br><br>
Password (16 Characters max): <INPUT TYPE = 'TEXT' Name ='password' value="" maxlength="16"><br><br>
Confirm Password: <INPUT TYPE = 'TEXT' Name ='cpassword' value="" maxlength="16"><br><br>
<P>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Register">
<input type="reset" id="regclear" name="regclear" value="Clear"
<?PHP print $errorMessage;?>
</FORM></div>
</div>
</body>
</html>
in /home/*****bid/public_html/register.php on line 147
Comment