login script "user data not found"

[jimo]

Hi,

I'm using a free login script I got on the Internet. It seems to work fine, except after registering the login "cannot find user data" in the database.

I don't know where the problem is, with the registration script or with the login script. So I'm posting both in the hope that someone can help me.

=========
Register.php
=========
<?php
// Connects to your Database
mysql_connect("mysql1030.servage.net", "jimmy4745", "jimola") or die(mysql_error());
mysql_select_db("jimmy4745") or die(mysql_error());

//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert);
?>

<!-- Now we let them know if their registration was successful -->
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>

<!-- This is what they see before they have registered -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php
}
?>

=======
Login.php
=======

<?php

// Connects to your Database
mysql_connect("mysql1030.servage.net", "jimmy4745", "jimola") or die(mysql_error());
mysql_select_db("jimmy4745") or die(mysql_error());


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check ))
{

if ($pass != $info['password'])
{

}

else
{
header("Location: members.php");

}

}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}


while($info = mysql_fetch_array( $check ))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: specialoffer.php");
}

}

} else {

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

[thetestingsite]

For one, don't post your database information on a public forum like this.

Second, there are a few things that I can see wrong with both scripts. The first noticable thing I see is in the if-else conditionals. When using the or ( || ) operator, you should have two "|" or one "or". (For example: if !$user || !pass.)

The other thing that I see that might be causing your error is the following (in login.php)

Code:

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

Change the above in red to the following:

Code:

$check = mysql_query("SELECT * FROM users WHERE username = $_POST['username']")or die(mysql_error());

Notice how I took out the seperator ( ".$var." ) in the sql statement.

Hope this helps for now.

[jimo]

Thanks "thetestingside" I'll apply your suggestions.

And I sincerely regret having displayed my database info. If this doesn't help do you perhaps know where I can find another working login script?

Jimo

[Twey]

And I sincerely regret having displayed my database info.

Well you should. We don't care about it, of course, but anyone can now access your database, unless of course it only accepts local connections (which isn't nearly as common a setup as it should be), in which only people on the same server can access it.

[jimo]

Well you should. We don't care about it, of course, but anyone can now access your database, unless of course it only accepts local connections (which isn't nearly as common a setup as it should be), in which only people on the same server can access it.

So you know of another good working login script I can use?

[alexjewell]

Twey has a good one on his site: http://www.twey.co.uk/?q=loginscript

[thetestingsite]

So you know of another good working login script I can use?

What Twey was reffering to is not that of the login script, but that of the Server setup that your mysql database is on. Most servers by default (or at least all the ones that I've setup) only allow connections to the database from localhost, or the same server/computer. Administrators can change this setting to allow connections from anywhere or limit them to certain ip addresses/domain names. So when posting code on a forum such as this (where anyone can view it), it is a very bad idea to post your database login information. The login script itself (the one you are working on) is fine, you could either improve on it, or leave it the way it is.

Hope this helps.

[jimo]

What Twey was reffering to is not that of the login script, but that of the Server setup that your mysql database is on. Most servers by default (or at least all the ones that I've setup) only allow connections to the database from localhost, or the same server/computer. Administrators can change this setting to allow connections from anywhere or limit them to certain ip addresses/domain names. So when posting code on a forum such as this (where anyone can view it), it is a very bad idea to post your database login information. The login script itself (the one you are working on) is fine, you could either improve on it, or leave it the way it is.

Hope this helps.

That point was well understood and appreciated.

I was just asking if he knows of a good working login script that I can use.

[thetestingsite]

As posted above,

Twey has a good one on his site: http://www.twey.co.uk/?q=loginscript

Check out that link and try out the script.

[jimo]

Thanks, I've downloaded the script.

But how do I install it? It's just one script and there doesn't seem to be any instructions on how to install it.