| 7alewi |
03-13-2011 05:09 PM |
[HELP] PHP Login Script
I am trying to create a simple php blog where the user can login and post stuff.
When testing this on localhost im getting an error. When I try to login with a registered user it tells me that the password is wrong.
The database is created on localhost (phpmyadmin). The table is "users" with columns (email, fname, lname, password).
(The login script uses cookies.)
Registration Script:
Code:
<?php
define('TITLE', 'Register');
require 'templates/header.html';
print '<h1>Welcome to PHP Blog</h1>
<p><b>Use the form below to Register gain access to various features on our blog.</b></p>';
// Connects to the Database and select it
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("myblog") or die(mysql_error());
// check if all filds are filled in
if (isset($_POST['submitted']) ) {
$problem = FALSE;
if (empty($_POST['first_name'])) {
$problem = TRUE;
print '<p class="error">Please enter your first name.</p>';
}
if (empty($_POST['last_name'])) {
$problem = TRUE;
print '<p class="error">Please enter your last name.</p>';
}
if (empty($_POST['email'])) {
$problem = TRUE;
print '<p class="error">Please enter your email address.</p>';
}
if (empty($_POST['password1'])) {
$problem = TRUE;
print '<p class="error">Please enter a password.</p>';
}
if ($_POST['password1'] != $_POST['password2']) {
$problem = TRUE;
print '<p class="error">Your password did not match your confirmed password.</p>';
}
// checks if the email is in use
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$emailcheck = $_POST['email'];
$check1 = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'") or die(mysql_error());
$check2 = mysql_num_rows($check1);
// show error if email exists
if ($check2 != 0) {
die('Sorry, this email '.$_POST['email'].' is already in use.');
}
// insert into database
$insert = "INSERT INTO users (email, fname, lname, password) VALUES
('".$_POST['email']."', '".$_POST['first_name']."', '".$_POST['last_name']."', '".$_POST['password1']."')";
$add_user = mysql_query($insert);
// if everything works, redirect the user to the welcome.php page and send an email with the details
if ($add_user = TRUE) {
header('Location:registered.php');
die();
// send an email with the details
$body = "Hello {$_POST['first_name']},
Thank you for registering with PHP Blog! Please find your login details below:
login email: '{$_POST['email']}'
Login password:'{$_POST['password1']}'
Please keep them safe!";
mail($_POST['email'], 'Registration Confirmation', $body, 'From: admin@localhost');
$_POST = array();
} else {
print '<p class="error">An error occured, please try again.</p>';
}
}
?>
<form action="register.php" method="post">
<p>First Name: <input type="text" name="first_name" size="20" value="<?php if (isset($_POST['first_name'])) { print htmlspecialchars($_POST['first_name']); } ?>" /></p>
<p>Last Name: <input type="text" name="last_name" size="20" value="<?php if (isset($_POST['last_name'])) { print htmlspecialchars($_POST['last_name']); } ?>" /></p>
<p>Email Address: <input type="text" name="email" size="20" value="<?php if (isset($_POST['email'])) { print htmlspecialchars($_POST['email']); } ?>" /></p>
<p>Password: <input type="password" name="password1" size="20" /></p>
<p>Confirm Password: <input type="password" name="password2" size="20" /></p>
<p><input type="submit" name="submit" value="Register!" /></p>
<input type="hidden" name="submitted" value="true" />
</form>
<?php
require 'templates/footer.html';
?>
Login Script:
Code:
<?php
define ('TITLE', 'Log in');
require 'templates/header.html';
?>
<?php
// Connect to the Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("myblog") or die(mysql_error());
// Check if there is a login cookie already
if(isset($_COOKIE['User_php_blog'])) {
//if there is a cookie, log the user in, directe them to the welcome page
$email = $_COOKIE['User_php_blog'];
$password1 = $_COOKIE['Pass_php_blog'];
$check = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error());
while($info = mysql_fetch_array($check)) {
if ($password1 != $info['password']) {
}
else
{
header("Location:welcome.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submitted'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['email'] || !$_POST['password1']) {
die ('<p><b>You did not fill in a required field</b></p>');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'") or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die ('<p><b>That user does not exist in our database. <a href=register.php>Click Here to Register</a></b></p>');
}
while($info = mysql_fetch_array($check)) {
$_POST['password1'] = stripslashes($_POST['password1']);
$info['password'] = stripslashes($info['password']);
$_POST['password1'] = md5($_POST['password1']);
//gives error if the password is wrong
if ($_POST['password1'] != $info['password']) {
die('<p><b>Incorrect password, please try again.</b></p>');
} else {
// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 3600;
setcookie(User_php_blog, $_POST['email'], $hour);
setcookie(Pass_php_blog, $_POST['password1'], $hour);
//then redirect them to the members area
header("Location:welcome.php"); }
}
}
else
{
// if they are not logged in show the form
?>
<h2>Login to access all features</h2>
<form action="login.php" method="post"
<p>Email: <input type="text" name="email" size="20" /></p>
<p>Password: <input type="password" name="password1" size="20" /></p>
<p><input type="submit" name="submit" value="Log in" /> | <a class="home" href="register.php">Not yet registered?</a></p>
<input type="hidden" name="submitted" value="true" />
</form>
<?php
}
?>
<?php
require 'templates/footer.html';
?>
Any idea of why its not being able to log the user in? Thank you. |
