Hi,
i can register and login without fail.
However i notice that my inputs are not record into the database.
I do not know the reason.
Can someone guide me into login and register.
Actually im quite confuse with the codings
login.php - <?php
-
session_start ();
-
$HOST = 'localhost';
-
$USERNAME = 'root';
-
$PASSWORD = '';
-
$DB = 'c203';
-
$username = $_POST['username'];
-
$password = $_POST['password'];
-
-
$link = mysqli_connect ($HOST,$USERNAME,$PASSWORD,$DB)or die(mysqli_connect_error());
-
$sql = "SELECT username,password FROM login WHERE username='".$USERNAME."' AND password = SHA1('".$PASSWORD."')";
-
$result = mysqli_query($link,$sql) or die (mysqli_error($link));
-
-
if (mysqli_num_rows($result) == 1) {
-
$row = mysqli_fetch_array($result);
-
$_SESSION['username'] = $row['username'];
-
$_SESSION['password'] = $row['password'];
-
$msg = '<p><i>You are logged in as '.$SESSION['username'].'<br/><a href="index.php">Home</p>';
-
-
} else {
-
$msg = '<p class ="error"> Sorry, you must enter a valid username and password to log in. <a href ="index.php">Back</a></p>';
-
}
-
-
?>
-
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-
<head>
-
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
<title>StarGazer - Login</title>
-
<link rel="stylesheet" type="text/css" href="style.css" />
-
</head>
-
<body>
-
<h3>StarGazer - Login</h3>
-
<?php
-
-
echo $msg
-
-
?>
-
</body>
-
</html>
loginPage.php - <?php
-
session_start();
-
if(isset($_SESSION['user_id'])) {
-
echo"<p>You are already logged in ...<a href=\"index.php\">Back</a></p>";
-
-
exit;
-
}
-
?>
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-
<head>
-
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
<title>StarGazer!</title>
-
<link rel="stylesheet" type="text/css" href="style.css" />
-
</head>
-
<body>
-
<h3>StarGazer- Login</h3>
-
<form method="post" action="login.php">
-
<fieldset>
-
<legend>Login</legend>
-
<table>
-
<tr>
-
<td><label for="username">Username:</label></td>
-
<td><input type="text" id="username" name="userName"/></td>
-
</tr>
-
<tr>
-
<td><label for="password">Password:</label></td>
-
<td><input type="password" id="password" name="password"/></td>
-
</tr>
-
</table>
-
</fieldset>
-
<input type="submit" value="Login" name="submit"/>
-
</form>
-
</body>
-
</html>
-
register.php - <?php
-
if(isset($_POST)){
-
//retrieve form data
-
$name = $_POST['name'];
-
$gender = $_POST['gender'];
-
$birthdate = $_POST['birthdate'];
-
$username = $_POST['username'];
-
$password1 = $_POST['password1'];
-
-
//connect to database
-
$HOST = 'localhost';
-
$USERNAME = 'root';
-
$PASSWORD = '';
-
$DB = 'c203';
-
-
$link = mysqli_connect($HOST,$USERNAME,$PASSWORD,$DB);
-
$query = "INSERT INTO register(name,gender,birthdate,username,password) VALUES ('".$name."','".$gender."','".$birthdate."','".$username."',SHA1('".$password1."'))";
-
$status = mysqli_query($link,$query) or die(mysqli_error($link));
-
-
//insert new record
-
if($status){
-
$message = '<p>Your new account has been successfully created. You are now ready to <a href="index.php">Login</a>.</p>';
-
$message .= '<p><a href="index.php">Home</a>';
-
}
-
mysqli_close($link);
-
}else {//form not posted
-
$message = '<p class="error">You must enter all of the sign-up data.<a href="register.html">Back</a></p>';
-
}
-
?>
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-
<head>
-
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
<title>StarGazer - Register</title>
-
<link rel="stylesheet" type="text/css" href="style.css" />
-
</head>
-
<body>
-
<h3>StarGazer - Register</h3>
-
<?php
-
echo $message;
-
?>
-
</body>
-
</html>
1  1933   Atli 5,058
Expert 4TB
Hey.
I assume you mean that your database is filled with empty rows?
There are two things in your registration script that could/would cause this: - You can not verify that a form has been submitted by checking if the $_POST array is set. It is always set, regardless of whether it has any data.
-
// This is ALWAYS true. Do not do this
-
// to check if a form has been posted
-
if(isset($_POST)) { //... }
-
-
// Instead, check the actual fields.
-
if(issset($_POST['field1'], $_POST['field2'] /* etc.. */)) { ... }
-
-
// ... And yes, you should check ALL fields that
-
// should be present.
-
- Which brings me to me second point: Validating the data.
You should always make sure your data is in fact what it is supposed to be. As it is, your script doesn't so much as check whether the fields have any data. Which means - coupled with what I discussed earlier - your script inserts a row with empty data every time somebody opens your registration script to see the form.
Never trust the user to insert valid data. Always assume the user is trying to manipulate your system to do something harmful to your site, and code accordingly.
Look up the phrase "SQL Injection". You could start by reading the chapter on it in the PHP manual.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: neilphan |
last post by:
Hi Guys,
Please HELP! I'm new to PHP and would like to get your professional
help!
I"m writing simple and small login app using php session variable. I
have 3 php scripts. The first is just a...
|
by: Yvonne |
last post by:
Hi!
I have a problem and wonder if anyone can help me with that. I am trying
to make a community in php/mysql to work but it don't. I hope you can
help me even if the community is in swedish.
...
|
by: Nicola Marchiori |
last post by:
Hi
I need some help.
I am developing a Web App in one PC running IIS.
I am trying to connect to to MSDE on another PC,
but it's not working.
This is the message i got
Login failed for user...
|
by: Richard Clark |
last post by:
I have an ASP 2.0 secured website that works fine.
My problem is that I need to run this "mini site" inside a frame.
We have a domain hosted website and I'm redirecting the frame contents to...
|
by: Richard Clark |
last post by:
I have an ASP 2.0 secured website that works fine.
My problem is that I need to run this "mini site" inside a frame.
We have a domain hosted website and I'm redirecting the frame contents to...
|
by: casper christensen |
last post by:
Hi
I run a directory, where programs are listed based on the number of
clicks they have recieved. The program with most clicks are placed on
top and so on. Now I would like people to be apple to...
|
by: AppleBag |
last post by:
I'm having the worst time trying to login to myspace through code. Can
someone tell me how to do this? Please try it yourself before replying,
only because I have asked this a couple of times in...
|
by: Mai Le |
last post by:
Hello Experts.
Coul you please help me to fix my program.
I created a login from with 2 levels. Admin an User.
If Admin login will open A form
and If User login will open B form
I had table...
|
by: satishknight |
last post by:
Hi,
Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it...
|
by: Apostle |
last post by:
Hi all, after thinking for sometimes, I thought it will be great opportunity to learn if I will start from scratch and build my own register/login system. Here is the thread that I will be posting...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
