why WHY wont it work?? (php/db) - HTML Forums

huwey · 10-14-2009, 03:05 PM

ok i have 4 different sets of coding here that is possibly the problem (from what little i know anyhow)

here is the register page

HTML Code:

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>

<body>

<form action="process_registration.php" method="post">
<p>username: <input name="username" size="13"></p>
<p>email: <input type="text" name="email" size="13"></p>
<p>confirm your email: <input type="text" name="cemail" size="13"></p>
<p>password: <input type="password" name="password" size="13"></p>
<p>confirm your password: <input type="password" name="cpassword" size="13"></p>
<input type="submit" name="Register" value="Register"> <input type="reset" name="Reset" value="Reset">
</form>

</body>

</html>

here is the registration php file

PHP Code:


			
<?php

    require_once 'handler.php';

    $username = cleanString($_POST['username']);

    $password = $_POST['password'];

    $cpassword = $_POST['cpassword'];

    $email = cleanString($_POST['email']);

    $cemail = cleanString($_POST['cemail']);

    $errors = array(); 

    $sql = mysql_query("SELECT * FROM users WHERE username = '$username'");

    if(mysql_num_rows($sql) != 0){

        $errors[] = "That username is already in use.";

    }  

    if($password != $cpassword){

        $errors[] = "Your passwords do not match.";

    }

    if($email != $cemail){

        $errors[] = "Your email addresses do not match.";

    }  

    if(strlen($password) > 16 || strlen($password) < 6){

        $errors[] = "Your password must be between 6 and 16 characters. All characters are allowed.";

    }  

    if(!preg_match("/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i", $email)){

        $errors[] = "You need to enter a valid e-mail address.";            

    }  

    if(count($errors) > 0){

        echo 'There were some problems with submitting your registration:<br /><ul>';

        foreach($errors as $error){

            echo '<li>' . $error . '</li>';

            echo"<META HTTP-EQUIV=\"Refresh\" Content=\"10;URL=register.html\">\n"; 

        }

        echo '</ul>';

    }  

    else{

        mysql_query("INSERT INTO b18_4043037_users.users (username, password, email) VALUES ('$username', '" . md5($password) . "', '$email')");

        echo 'You have successfully registered. You can now log in.';

        echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n"; 

    }

?>

the sign in page is as follows

HTML Code:

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>

<body>

<form action="login.php" method="post">
<p>username: <input type="text" name="username" size="13"></p>
<p>password: <input type="password" name="password" size="13"></p>
<input type="submit" name="Login" value="Login"> <input type="reset" name="Reset" value="Reset">
</form>

Not registered then click <a href="register.html">here</a> to register

</body>

</html>

and the login.php is

PHP Code:


			
<?php

    require_once 'handler.php';

    $username = cleanString($_POST['username']);

    $password = md5($_POST['password']); 

    if(empty($username) || empty($password)){

        echo 'You must enter a username and password!';

        echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n";

    }  

    else{

        $sql = mysql_query("SELECT * FROM users WHERE username='$username'");

        if(mysql_num_rows($sql) < 1){

            echo 'That username does not exist.';

            echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n";

        } 

        else{

            $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

            if(mysql_num_rows($sql2) < 1){

                echo 'Your password is incorrect.';

                echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n"; 

            }  

            else{

                $_SESSION['username'] = $username;

                $_SESSION['password'] = $password;

                echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=index2.php\">\n";

            }

        }

    }

?>

if anyone could telll me why i keep getting "Your password is incorrect. " when i try to log in

if any more info is needed to help resolve this issue let me know

thanks

Vege · 10-14-2009, 03:34 PM

echo those queries out.
Does the query have the values your expecting and are those values in database?

Sidenote, for more security inform wrong password and username together, so people guessing passwords don't know which one they got wrong.

Also, here is little cheatsheet for inserting data into database
My preferred login information would be:
username: us€rnam€
password: ä'"&€"åäö\/☻
Does the login work with this?

huwey · 10-14-2009, 06:39 PM

Quote:

Originally Posted by Vege

username: us€rnam€
password: ä'"&€"åäö\/☻
Does the login work with this?

this wont let me register this

i get the between 6 - 16 characters error

also how exactly would i get it to show the user/password?

sorry i know this may sound like a dumb question but 99% of what you seen in the coding i found and changed what i needed to to fit my needs

Vege · 10-14-2009, 07:50 PM

Quote:

Originally Posted by huwey

this wont let me register this

Check this out for some pointers
http://www.htmlforums.com/serverside...on-100193.html
http://www.htmlforums.com/serverside...ets-91299.html
Magic quotes only apply to ' and ", rest of those characters need a correct charset and php connection parameters.
It's some confusing stuff (and my "tutorials" (more like flow of mind) are not the best to describe those problems), BUT they are things everyone building a database driven website should know by hart.

Quote:

Originally Posted by huwey

also how exactly would i get it to show the user/password?

I mean that you only tell that "Your password or username was wrong, please try again.". Don't do "your password is wrong" or "your username is wrong"

Quote:

sorry i know this may sound like a dumb question but 99% of what you seen in the coding i found and changed what i needed to to fit my needs

I thought Copy Paste was something that belongs to your CV?

huwey · 10-14-2009, 08:34 PM

Quote:

Originally Posted by Vege

I mean that you only tell that "Your password or username was wrong, please try again.". Don't do "your password is wrong" or "your username is wrong"

I thought Copy Paste was something that belongs to your CV?

ok i changed the code already to:

PHP Code:


			
<?php

    require_once 'handler.php';

    $username = cleanString($_POST['username']);

    $password = md5($_POST['password']); 

    if(empty($username) || empty($password)){

        echo 'You must enter a username and password!';

        echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n";

    }  

    else{

        $sql = mysql_query("SELECT * FROM users WHERE username='$username'");

        if(mysql_num_rows($sql) < 1){

            echo 'That username does not exist.';

            echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n";

        } 

        else{

            $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

            if(mysql_num_rows($sql2) < 1){

                echo 'The username and password combination you have used does not match our records please try again.<br>';

                echo 'You will be taken back in a couple seconds.';

                echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=login.html\">\n"; 

            }

            else{

                $_SESSION['username'] = $username;

                $_SESSION['password'] = $password;

                echo"<META HTTP-EQUIV=\"Refresh\" Content=\"5;URL=index2.php\">\n";

            }

        }

    }

?>

and the code i'm using is what i am using but i found a tutorial on making one and i placed it all together and changed a few things for what i'm using.

and what's "CV"?

huwey · 10-14-2009, 09:52 PM

ok i looked at the 2 threads you recommended and with the magic_quotes the server is showing this

magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase Off

and the charset is latin1_swedish_ci should i change that to latin1_general_ci

huwey · 10-15-2009, 04:02 PM

ok i figured out the problem...and didn't realize it had to be this way

i had changed the length on the db from 32 to 16 and didn't know it had to be set as 32 with it getting the md5 function on it

changed it back to 32 and now it's working just fine

but thanks for the info that you posted for me as well

scoutt · 10-22-2009, 08:49 AM

if you are using md5() on the password I would make the field as large as 100. 32 seems very small to me

Vege · 10-22-2009, 10:42 AM

Quote:

Originally Posted by scoutt

if you are using md5() on the password I would make the field as large as 100. 32 seems very small to me

scoutt?
md5 string is always 32 chars.