User login script error

[Titan85]

I made a script for user login and registration, but when I try to register a new user it gives me the error that I need all fields to be filled in. I am pretty sure that I know what is causing the problem, but I don't know how to fix it. Here is my registration page script:

PHP Code:

<?php
    require("config.php");
    
if ($_POST['submit']) { //Check if form was submitted

    $username = clean($_POST['$username']);
    
    $password = clean($_POST['$password']);
    
    $password2 = clean($_POST['$password2']); //Password confirmation 
    
    $email = clean($_POST['email']);
    
    $ip = clean($_SERVER['REMOTE_ADDR']); //Get ip of user
    
    $signup = time(); //Time of registration

if (!$username | !$password | !$password2 | !$email) { //If any fields are empty
    echo'You must fill out every field! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else {

if ($password != !$password2) { //If passwords do not match
    echo'The passwords did not match! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else { //Test to see if username is in use
    $user_test = "SELECT * FROM `users` WHERE username = '$username'";
    $user_test = mysql_query($user_test);
    
    if (mysql_num_rows(username_test) == 1) { //If username is found
        echo'The username is already in use. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
    }
else {
    $md5pass = md5($password); //Encrypt password
    
    //Query to add data to table
    $add = "INSERT INTO `users VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup')";
    
    mysql_query($add); //Run query 
    
    echo'You have successfully registered! <br />';
    echo'Use this information to login: <br />';
    echo'Username: '.$username.' <br />';
    echo'Password: '.$password;
    
}
}
}
}
else { 
    require("register_form.php");
}    
?>

I think the specific part is the part that checks for empty fields:

PHP Code:

if (!$username | !$password | !$password2 | !$email) { //If any fields are empty
    echo'You must fill out every field! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
} 


I checked over everything to make sure that all the fields were filled in and names matched, but found no error. The form code that submits to this page is:

PHP Code:

<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
  Username:
      <br />
  <input type="text" name="username">
      <br />
  Password:
      <br />
  <input type="password" name="password">
      <br />
  Confirm Password:
      <br />
  <input type="password" name="password2">
      <br />
  E-mail:
      <br />
  <input type="text" name="email">
      <br />
  <input type="submit" name="submit" value="Register">
</form>

The error displayed is the one i specified for if a field is not filled in. I would appreciate any ideas on whats going wrong. thanks

[thetestingsite]

I think the specific part is the part that checks for empty fields:

PHP Code:

if (!$username | !$password | !$password2 | !$email) { //If any fields are empty
    echo'You must fill out every field! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
} 


You are right about this being the line that does the checks, and the problem is that you are not comparing anything. The above should actually look like any of the following variations:

Code:

if (!$username || !$password || !$password2 || !$email) { //If any fields are empty
	echo'You must fill out every field! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

or

Code:

if (!$username or !$password or !$password2 or !$email) { //If any fields are empty
	echo'You must fill out every field! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

That should fix the problem on that.
Hope this helps.

[Titan85]

I tried both of those ways, but i still get the same error, any more ideas?

[nikhil.deshmukh]

yes this should help

if (!$username || !$password || !$password2 || !$email) { //If any fields are empty
echo'You must fill out every field! <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}


if not check for

if (empty($username)) ... go on...{

[thetestingsite]

I have noticed this part in your code:

Code:

$username = clean($_POST['$username']);

do you have a function in config.php named clean? If so, what does it do? Try taking that part off and just have the following:

Code:

$username = $_POST['$username'];

If it works like that, then you know that it is a problem with that function.

Hope this helps.

[Titan85]

I took of the clean function and the error is still displayed. Anything else it could be?

[thetestingsite]

Something else that I have not noticed before was the following in red:

Code:

$username = clean($_POST['$username']);

Notice that you are not calling upon a form field but a variable. That IS the reason why you are recieving this message. It's so subtle that everyone viewing/replying to this thread (including myself) have just overlooked it.

This is in the username, password, and password2 variables.

Hope this helps.

[Titan85]

That was the error, fixed it and it works great . However, I ran into yet another issue. When I try to login, it just redisplays the login box and says/does nothing. I am really not sure what is causing it to do this, here is the code, hope someone knows:

PHP Code:

<?php
    require ("config.php");

if (empty($online['id'])){ //Check if already logged in

if ($_POST['login']) { //If form was submitted

$username = clean($_POST['username']);

$password = clean($_POST['password']);


if (!$username | !$password){ //If user or password is empty
echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else {

$pass = md5($pass); //Encrypt password

$query = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'";
$query = mysql_query($query) or die(mysql_error());


if (mysql_num_rows($query) == 1){ //If row exists

$expire = time() + (7*86400); //Cookie expire time

setcookie("username", $username, $expire); //Set username cookie

setcookie("password", $password, $expire); //Set password cookie

//Success
echo 'Success, you have been logged in!<br />';
echo '<a href="cpanel.php">Continue</a>...';

}
else { //User not found
echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

}

}
else { 
    require("form.php");
}

}
else { //Already logged in
    require("logged_in.php");
}
?>

Thanks for the help so far

[thetestingsite]

Could you post the code for form.php please. It could be just one little item not being submitted in the form that keeps causing it to redisplay the form, but to be sure we need the code.

Thanks.

EDIT: Actually, before you post the code, check to make sure you have a form field named "login" because that could be the problem.

[Titan85]

Sure, here it is:

PHP Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>

<body>

<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
    Username:
        <br />
    <input name="username" type="text" id="username" />
        <br />
    Password:
        <br />
    <input name="password" type="text" id="password" />
        <br /><br />
    <input name="submit" type="submit" id="login" value="Login" />
</form>

</body>
</html>