PDA

View Full Version : login script "user data not found"



jimo
01-13-2007, 04:58 AM
Hi,

I'm using a free login script I got on the Internet. It seems to work fine, except after registering the login "cannot find user data" in the database.

I don't know where the problem is, with the registration script or with the login script. So I'm posting both in the hope that someone can help me.

=========
Register.php
=========
<?php
// Connects to your Database
mysql_connect("mysql1030.servage.net", "jimmy4745", "jimola") or die(mysql_error());
mysql_select_db("jimmy4745") or die(mysql_error());

//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert);
?>

<!-- Now we let them know if their registration was successful -->
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>

<!-- This is what they see before they have registered -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php
}
?>

=======
Login.php
=======

<?php

// Connects to your Database
mysql_connect("mysql1030.servage.net", "jimmy4745", "jimola") or die(mysql_error());
mysql_select_db("jimmy4745") or die(mysql_error());


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check ))
{

if ($pass != $info['password'])
{

}

else
{
header("Location: members.php");

}

}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}


while($info = mysql_fetch_array( $check ))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: specialoffer.php");
}

}

} else {

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

thetestingsite
01-13-2007, 05:47 AM
For one, don't post your database information on a public forum like this.

Second, there are a few things that I can see wrong with both scripts. The first noticable thing I see is in the if-else conditionals. When using the or ( || ) operator, you should have two "|" or one "or". (For example: if !$user || !pass.)

The other thing that I see that might be causing your error is the following (in login.php)



$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());


Change the above in red to the following:



$check = mysql_query("SELECT * FROM users WHERE username = $_POST['username']")or die(mysql_error());


Notice how I took out the seperator ( ".$var." ) in the sql statement.

Hope this helps for now.

jimo
01-13-2007, 03:56 PM
Thanks "thetestingside" I'll apply your suggestions.

And I sincerely regret having displayed my database info. If this doesn't help do you perhaps know where I can find another working login script?

Jimo

Twey
01-13-2007, 04:06 PM
And I sincerely regret having displayed my database info.Well you should. We don't care about it, of course, but anyone can now access your database, unless of course it only accepts local connections (which isn't nearly as common a setup as it should be), in which only people on the same server can access it.

jimo
01-13-2007, 04:36 PM
Well you should. We don't care about it, of course, but anyone can now access your database, unless of course it only accepts local connections (which isn't nearly as common a setup as it should be), in which only people on the same server can access it.

So you know of another good working login script I can use?

alexjewell
01-13-2007, 04:40 PM
Twey has a good one on his site: http://www.twey.co.uk/?q=loginscript

thetestingsite
01-13-2007, 04:41 PM
So you know of another good working login script I can use?

What Twey was reffering to is not that of the login script, but that of the Server setup that your mysql database is on. Most servers by default (or at least all the ones that I've setup) only allow connections to the database from localhost, or the same server/computer. Administrators can change this setting to allow connections from anywhere or limit them to certain ip addresses/domain names. So when posting code on a forum such as this (where anyone can view it), it is a very bad idea to post your database login information. The login script itself (the one you are working on) is fine, you could either improve on it, or leave it the way it is.

Hope this helps.

jimo
01-13-2007, 05:06 PM
What Twey was reffering to is not that of the login script, but that of the Server setup that your mysql database is on. Most servers by default (or at least all the ones that I've setup) only allow connections to the database from localhost, or the same server/computer. Administrators can change this setting to allow connections from anywhere or limit them to certain ip addresses/domain names. So when posting code on a forum such as this (where anyone can view it), it is a very bad idea to post your database login information. The login script itself (the one you are working on) is fine, you could either improve on it, or leave it the way it is.

Hope this helps.

That point was well understood and appreciated.

I was just asking if he knows of a good working login script that I can use.

thetestingsite
01-13-2007, 05:38 PM
As posted above,


Twey has a good one on his site: http://www.twey.co.uk/?q=loginscript

Check out that link and try out the script.

jimo
01-13-2007, 05:57 PM
Thanks, I've downloaded the script.

But how do I install it? It's just one script and there doesn't seem to be any instructions on how to install it.

Twey
01-13-2007, 07:10 PM
Installation instructions are under the huge white heading that reads "Instructions."
Create your database table:
create table users (id int auto_increment, nick text, password text, email text, primary key(id));Alter the database login details at the top; modify the bits in plain HTML to match your site design; save to a file; include at the top of any PHP-enabled page you wish to protect. Having anything (DOCTYPE, HTML, HEAD, whitespace...) before the opening <?php tag of the block containing the include statement will cause the script to fail.