Login and join up page

Can you help me i can't get this to work here's the php scripts

login.php:

PHP Code:

<?php // start session session_start(); include("connect.php"); include("join.php"); function checkLogin() {     // convert username and password from _GET to _SESSION     if($_GET){       $_SESSION['username']=$_GET["username"];       $_SESSION['passwort']=$_GET["passwort"];       }          $username = $_SESSION['username'];     $passwort = $_SESSION['passwort'];          $username = addslashes($username);     $passwort = addslashes($passwort);          $sql = "SELECT * FROM sys_user WHERE username = '$username' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('$passwort'))";          $result=mysql_query($sql);     if (!$_SESSION['verified'])     {         if (( $num = mysql_num_rows($result) ) and ($passwort != ""))         {             if ($num != 0)             {                 $_SESSION['ERROR'] = "";                 $_SESSION['verified'] = 1;                                  // lets get their e-mail alias.                 $sql = "SELECT user_email FROM isp_isp_user WHERE user_name='$username'";                 $result = mysql_query($sql);                 $_SESSION['email'] = mysql_result($result,0,"user_email");             }         }         else         {             $_SESSION['ERROR'] = "login is WRONG!!";         }     }          if ($_SESSION['verified'] != 1) $_SESSION['ERROR'] = "Login Failed. <br />"; } ////////////////////////// // Main Bit Starts Here // ////////////////////////// // if ($_SESSION['verified'] != 1 and $_GET['action'] == "login")     checkLogin();      if ($_GET['action'] == "logout") {     $_SESSION = array();     session_destroy();     $_SESSION['ERROR'] = "You have successfully logged out. <BR />"; }      if ($_SESSION['verified'] != 1) {     // User is NOT logged in, so lets give him a login form...     echo("");     echo("<font color='red'>");     echo($_SESSION['ERROR']);     $_SESSION['ERROR'] = ""; // reset the error message if there is one.     echo("</font><br />");     echo("<form method=\"GET\" action=\"");     echo($_SERVER['PHP_SELF']);     echo("\">");     echo("Username: <br /><input type=\"text\" name=\"username\" size=\"15\" /><br />");     echo("Password: <br /><input type=\"password\" name=\"passwort\" size=\"15\" /><br />");     echo("<input type=\"hidden\" name=\"action\" value=\"login\" />");     echo("<p><input type=\"submit\" value=\"Login\" /></p>");     echo("</form>");     echo("");     } else {     // if the user IS logged in, give him options here.          // Javascript to make POST data submittable thru link...     // Web Admin Panel     echo("<script language='JavaScript' type='text/javascript'>\n");     echo("\n");          // Mail     //echo("<script language='JavaScript' type='text/javascript'>\n");     echo("\n");          // PhpMyAdmin     //echo("<script language='JavaScript' type='text/javascript'>\n");     echo("\n");     echo("</script>\n");     ////////////////////////////////////////////////////////////////////     // Note: Newlines are required, else it screws up the javascript  //     ////////////////////////////////////////////////////////////////////          echo("<B>Control Panel: </B><BR />");          echo("<form method='POST' target=_blank action='http://www.glorf.com:81/login/login.php' name='loginform'>\n");     echo("<input type=\"hidden\" name=\"username\" value=\"");     echo($_SESSION['username']);     echo("\"><input type=\"hidden\" name=\"passwort\" value=\"");     echo($_SESSION['passwort']);     echo("\">");     echo("</form>");     echo("<a href='javascript: submit()'>Website Admin Panel</a>\n");     echo("<form method='POST' target=_blank action='http://www.glorf.com:81/webmail/msglist.php' name='loginform1'>\n");     echo("<input type=\"hidden\" name=\"f_email\" value=\"");     echo($_SESSION['email']);     echo("@glorfy.com\"><input type=\"hidden\" name=\"f_pass\" value=\"");     echo($_SESSION['passwort']);     echo("\">");     echo("</form>");     echo("<a href='javascript: submit1()'>Web Mail</a><br />\n");               echo("<BR /><B>Databases: </B><BR />");          // Now lets get the database names...     // first that means we need to link the username to a web_id.     $email = $_SESSION['email'];     $sql = "SELECT web_id FROM isp_fakt_record WHERE notiz= '$email'";     $result = mysql_query($sql);     $_SESSION['web_id'] = mysql_result($result,0,"web_id");     $web_id = $_SESSION['web_id'];          // now we need to use that to grab all the DB names for displaying.     $sql = "SELECT datenbankuser FROM isp_isp_datenbank WHERE web_id = '$web_id'";     $result = mysql_query($sql);     // now lets loop the results and store them into an array for later display purposes.     global $dbs, $num_db;     $num_db = mysql_num_rows($result);     $dbs = array(30); // a user can't have more than 30 databases :)     for ($i=0; $i < $num_db; $i+=1)     {         $dbs[$i] = mysql_result($result,$i,"datenbankuser");         echo("<a href=\"http://");         echo($dbs[$i]);         echo(":");         echo($_SESSION['passwort']);         echo("@www.glorf.com:81/phpmyadmin/index.php");         echo("\">");         echo($dbs[$i]);         echo("</a><br />");     }          ///////////////////////////////////////     echo("<hr />");     echo("<a href=\"");     echo($_SERVER['PHP_SELF']);     echo("?action=logout\">logout<br></a>"); } mysql_close(); ?>

connect.php:

PHP Code:

<?php // db info $hostname="localhost"; $mysql_login="jarodco_lg1"; $mysql_password="lg1"; $database="jarodco_board"; if (!($db = mysql_connect($hostname, $mysql_login , $mysql_password))){   die("Can't connect to mysql.");     }else{   if (!(mysql_select_db("$database",$db)))  {     die("Can't connect to db.");   } } ?>

join.php:

PHP Code:

<?php include("connect.php"); ?> <html>    <head>        <title>Registration</title>    </head>    <body>        <form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post">            Username: <input type="text" name="username">            Password: <input type="password" name="password">            <input type="submit" value="Register">        </form>    </body> </html>

Please Help

which part are you having trouble with? can you describe what's not happening correctly, please?

related stuff: you should remove the comment and the whitespace from before your "session_start()" line, so nothing but the php tag comes before:

PHP Code:

<?php session_start(); // correct ?> ######################## <?php //not correct! //this will cause problems! session_start(); ?>

I would also avoid using $_GET for your login function. It is a security risk.
The way it's written now, you're taking the user input, assigning it a $_SESSION variable and plugging it straight into your database -without even looking at it first. You need to validate it first, or at least apply something like stripslashes().

The join.php page it does not create a new user can you help?

Login and Join up Page:Re:

Is This Better

PHP Code:

<?php session_start(); include("connect.php"); include("join.php"); function checkLogin() { // convert username and password from _GET to _SESSION if($_GET){ $_SESSION['username']=$_GET["username"]; $_SESSION['passwort']=$_GET["passwort"]; } $username = $_SESSION['username']; $passwort = $_SESSION['passwort']; $username = addslashes($username); $passwort = addslashes($passwort); $sql = "SELECT * FROM sys_user WHERE username = '$username' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('$passwort'))"; $result=mysql_query($sql); if (!$_SESSION['verified']) { if (( $num = mysql_num_rows($result) ) and ($passwort != "")) { if ($num != 0) { $_SESSION['ERROR'] = ""; $_SESSION['verified'] = 1; // lets get their e-mail alias. $sql = "SELECT user_email FROM isp_isp_user WHERE user_name='$username'"; $result = mysql_query($sql); $_SESSION['email'] = mysql_result($result,0,"user_email"); } } else { $_SESSION['ERROR'] = "login is WRONG!!"; } } if ($_SESSION['verified'] != 1) $_SESSION['ERROR'] = "Login Failed. <br />"; } if ($_SESSION['verified'] != 1 and $_GET['action'] == "login") checkLogin(); if ($_GET['action'] == "logout") { $_SESSION = array(); session_destroy(); $_SESSION['ERROR'] = "You have successfully logged out. <BR />"; } if ($_SESSION['verified'] != 1) { // User is NOT logged in, so lets give him a login form... echo(""); echo("<font color='red'>"); echo($_SESSION['ERROR']); $_SESSION['ERROR'] = ""; // reset the error message if there is one. echo("</font><br />"); echo("<form method=\"GET\" action=\""); echo($_SERVER['PHP_SELF']); echo("\">"); echo("Username: <br /><input type=\"text\" name=\"username\" size=\"15\" /><br />"); echo("Password: <br /><input type=\"password\" name=\"passwort\" size=\"15\" /><br />"); echo("<input type=\"hidden\" name=\"action\" value=\"login\" />"); echo("<p><input type=\"submit\" value=\"Login\" /></p>"); echo("</form>"); echo(""); } else { echo("<script language='JavaScript' type='text/javascript'>\n"); echo("\n"); echo("<script language='JavaScript' type='text/javascript'>\n"); echo("\n"); echo("<script language='JavaScript' type='text/javascript'>\n"); echo("\n"); echo("</script>\n"); echo("<B>Control Panel: </B><BR />"); echo("<form method='POST' target=_blank action='http://www.glorf.com:81/login/login.php' name='loginform'>\n"); echo("<input type=\"hidden\" name=\"username\" value=\""); echo($_SESSION['username']); echo("\"><input type=\"hidden\" name=\"passwort\" value=\""); echo($_SESSION['passwort']); echo("\">"); echo("</form>"); echo("<a href='javascript: submit()'>Website Admin Panel</a>\n"); echo("<form method='POST' target=_blank action='http://www.glorf.com:81/webmail/msglist.php' name='loginform1'>\n"); echo("<input type=\"hidden\" name=\"f_email\" value=\""); echo($_SESSION['email']); echo("@glorfy.com\"><input type=\"hidden\" name=\"f_pass\" value=\""); echo($_SESSION['passwort']); echo("\">"); echo("</form>"); echo("<a href='javascript: submit1()'>Web Mail</a><br />\n"); echo("<BR /><B>Databases: </B><BR />"); $email = $_SESSION['email']; $sql = "SELECT web_id FROM isp_fakt_record WHERE notiz= '$email'"; $result = mysql_query($sql); $_SESSION['web_id'] = mysql_result($result,0,"web_id"); $web_id = $_SESSION['web_id']; $sql = "SELECT datenbankuser FROM isp_isp_datenbank WHERE web_id = '$web_id'"; $result = mysql_query($sql); purposes. global $dbs, $num_db; $num_db = mysql_num_rows($result); $dbs = array(30); // a user can't have more than 30 databases :) for ($i=0; $i < $num_db; $i+=1) { $dbs[$i] = mysql_result($result,$i,"datenbankuser"); echo("<a href=\"http://"); echo($dbs[$i]); echo(":"); echo($_SESSION['passwort']); echo("@www.glorf.com:81/phpmyadmin/index.php"); echo("\">"); echo($dbs[$i]); echo("</a><br />"); } echo("<hr />"); echo("<a href=\""); echo($_SERVER['PHP_SELF']); echo("?action=logout\">logout<br></a>"); } mysql_close(); ?>

well, kind of related to the $_GET issue...

your join page form is using the POST method, but your login page is trying to get the information via GET. Change one or the other (preferably change GET to POST).

you try making a account then trying to login it does not work:

http://jarodco.me.uk/login/login.php

I get the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30 when logging in.

I think what's happening is that you have an incorrect sql query syntax, causing mysql_num_rows(x); to have a null value.

You;re using $_SESSION to get a result, but if there's no session [via the conversion from GET to SESSION, it will have a null result of course.

Try replacing that area of code w/this:

PHP Code:

// convert username and password from _GET to _SESSION if($_POST){ $_SESSION['username']=$_POST["username"]; $_SESSION['passwort']=$_POST["passwort"]; }

Replace all GET with POST, that's basically it.

HTH :)

Have you tried it out?

Also,

Quote:

// db info
$hostname="localhost";
$mysql_login="jarodco_lg1";
$mysql_password="lg1";
$database="jarodco_board";

it's best not to post your DB info in public. I'd recommend changing your details now (especially your password).

Re:

yes i did try it out

I'm not sure. Have you looked in your database and verified that the new users are being registered?

I'm not a MySQL buff, but the error message I get

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30

suggests that your query didn't return a valid result. This may be something as simple as a typo, or something worse. I'd suggest you try adding some error checking to your query and see where things go wrong.

There are simpler ways to make a login/register form using $_SESSION ...

can you try to separate this?

here: if (( $num = mysql_num_rows($result) ) and ($passwort != ""))

allow $num to hold the arguments.
then apply this to an if condition

$num = mysql_num_rows($result);
if ( ( $num ) and ($passwort != "") )

Re:{topic}

I think i got something to do with Database

Quote:

Originally Posted by JShor

I get the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30 when logging in.

I think what's happening is that you have an incorrect sql query syntax, causing mysql_num_rows(x); to have a null value.

You;re using $_SESSION to get a result, but if there's no session [via the conversion from GET to SESSION, it will have a null result of course.

Try replacing that area of code w/this:

PHP Code:

// convert username and password from _GET to _SESSION if($_POST){ $_SESSION['username']=$_POST["username"]; $_SESSION['passwort']=$_POST["passwort"]; }

Replace all GET with POST, that's basically it.

HTH :)

I try that but i make it a bit more made

Quote:

Originally Posted by jarodco.me.uk

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 2

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/join.php on line 3
Username: Password:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 33
Login Failed.

Username:

Password:

Quote:

Originally Posted by rm_dynamicdrive

can you try to separate this?

here: if (( $num = mysql_num_rows($result) ) and ($passwort != ""))

allow $num to hold the arguments.
then apply this to an if condition

$num = mysql_num_rows($result);
if ( ( $num ) and ($passwort != "") )

try this:

after this line you add:
$result=mysql_query($sql);
$num=mysql_num_rows($result);

if($num=0) {

} else { et.......

or check your query.

$sql = "SELECT * FROM sys_user WHERE username = '$username' AND passwort = '".md5($passwort)."' OR passwort = PASSWORD($passwort))";

how?

1. after that command put die($sql); okay.
2. when php reach the die command the query string appear on your screen.
3. use your mysql command line or any mysql software copy/paste the result and you will see what will happen.