User Login Registration

Hello again!

The few tutorials I saw for user registrations / logins were extremely helpful. But again I’m stuck. I’m working on my localhost server to create a basic table database login.

For some reason I can’t login with a created user unless I put in the encrypted password and not the actual one. I know I must have encrypted something wrong.

Below is my code for the register (it works, creates a user / password etc) I got the code from PHPAcademy up on YouTube, it’s been a great help, but this issue has my stumped.

Thanks in advance!

<?php
echo “<h1>Please Register</h1>”;

$submit = $_POST[‘submit’];

//form data
$fullname = strip_tags($_POST[‘fullname’]);
$username = strip_tags($_POST[‘username’]);
$password = strip_tags($_POST[‘password’]);
$repeatpassword = strip_tags($_POST[‘repeatpassword’]);
$date = date(“Y-m-d”);

if ($submit)
{
//check for existing using
if($fullname&&$username&&$password&&$repeatpassword)
{

	if ($password==$repeatpassword)
	{
		//check character length
		if (strlen($username)>25||strlen($fullname)>25)
		{
			echo "Username / Full Name is too long!";	
		}
		else
		{
			//check password
			if(strlen($password)>25||strlen($password)<5)
			{
				echo "Password must between 5 and 25 characters!";	
			}
			else
			{
			//register user
			
			
			//encryption
				$password = md5($password);

				//open database
				$connect = mysql_connect("localhost","root","root");
				mysql_select_db("phplogin");//selectdatabase
				
				$queryreg = mysql_query("
				
				INSERT INTO users VALUES ('','$fullname','$username','$password','$date')										
				
				");
				
				die ('"You have been registered! <a href="index.php">Click Here</a> to continue"');
									
			}
			
		}
			
		
	}
	else
		echo "Your passwords do not match!";

}
else
	echo "Please fill in <b>all</b> fields!";

}

?>

<!–do not touch below this line–>
<html>
<p>
<form action=‘register.php’ method=“POST”>
<table>
<tr>
<td>
Your fullname:
</td>
<td>
<input type=‘text’ name=‘fullname’ value=“<?php echo $fullname ?>”>
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type=‘text’ name=‘username’ value=“<?php echo $username ?>”>
</td>
</tr>
<tr>
<td>
Your Password:
</td>
<td>
<input type=‘password’ name=‘password’>
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type=‘password’ name=‘repeatpassword’>
</td>
</tr>
</table>
<p>
<input type=‘submit’ name=‘submit’ value=“Register”>
</form>
</html>

This is the login form

<?php

session_start();

$username = $_POST[‘username’];
$password = $_POST[‘password’];

if($username&&$password)
{
$connect = mysql_connect(“localhost”,“root”,“root”) or die(“Couldn’t Connect!”);
mysql_select_db(“phplogin”) or die(“Couldn’t find db”);

$query = mysql_query("SELECT * FROM users WHERE username ='$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{
	// code to login
	while ($row = mysql_fetch_assoc($query))
	{
		$dbusername = $row['username'];
		$dbpassword = $row['password'];	
	}
	
	// check to see if they match
	if ($username==$dbusername&&md5($password)==$dbpassword)
	{
		echo "your in! <a href='member.php'>Clck here</a> to enter member page";
		$_SESSION['username']=$dbusername;
	}
	else
		echo "Incorrect password!";
}
else
	die ("That user doesn't exist");

}
else
die(“Please enter username and password!”);
?>

the ./ shouldnt matter, mostly that was to make sure you hadnt typo’d your field names.

This one is stumping me at the moment. The code, from what i can see, -should- work. (not the most efficient code ever, but…)

Just for sake of argument, try putting the {} 's around the else clauses? Only thing i can think of.

I removed the ./ from the index.php file, and for some reason it works. guess it was calling to a different login.php file i had outside.

Learning experience, I’m not really that much of a PHP guy, the most I know is wordpress PHP, but at least I have a wireframe / template to do login-forms now.

I’ll make sure to triple check everything from here on out. I"ll see if adding the {} around the else statements works too.

First time coding PHP so I had really no clue what I was doing.

Thanks for all your help!

Here is the screen shot after I ran the query.

Hope that helps…

… an orange box? Unfortunately that doesnt mean anything to me. Are you perhaps able to screenshot it (along with the query)?

Running the query on the database shows an orange box around the user name, nothing on the password hash tag.

I even recreated the database but didn’t work.

I can login only with the md5 string still.

Oh. That’s okay then… and that IS showing the correct password.
So…

1. the password is correct in the database.
2. the query is correct (assuming you got it out of the echo)
3. the query is correctly retrieving the row.

So…

if ($numrows!=0) {
 echo "your in! <a href='member.php'>Clck here</a> to enter member page";
 $_SESSION['username']=$username;
}
else
echo "Incorrect password!";

This code somehow returns “Incorrect Password”?
(PS: I personally would wrap that else in brackets. Just a personal preference for trying to keep track of my brackets)

just tried it. still comes up with the wrong password…

its a test site so right now its 12345

and the db md5 password is encrypted at

827ccb0eea8a706c4c34a16891f84e7b

I echo to make sure both md5passwords are correct. I think it’s an issue with the login something isn’t being converted.

StarLion, only one user in the table so far, password is still coming up incorrect.

SpacePhoenix, changed the line still showing the incorrect password. If I try to login with the unencrypted password shows up as wrong password, same with the encrypted.

Thanks for the help guys!

What’s the password you’re using, and what is the password your database has?

Change this line

$query = mysql_query("SELECT * FROM users WHERE username ='$username'");  

to

$sql="SELECT * FROM users WHERE username ='$username' AND password=md5('$password')";

echo "<p>The SELECT query being passed to the database is<br />$sql</p>";

$query = mysql_query($sql);  

By writing the SQL to a variable, it allows you to echo the query to make sure that it is as you expect it to be.

Your query was only checking to see if the username matched. With the change to the above query it will check the username and password. You have two options for the results.

mysql_num_rows which your already using or you could instead make the SELECT * into:

SELECT COUNT(*) AS matched_users

and get from result set the number of user records which matched the supplied combination. If it’s 0 then there was no match, if it’s 1 then there was a match and if you find that there is more then one then you would have duplicates in the users table.

Are you sure you’re getting the username correct when you try and login? Cause… if there’s no $dbpassword, something’s gone wrong in your SELECT.

ok. It’s showing the password, md5 code, no dbpassword.

As of right now there is only one user. I know I have to modify the code to login, so there wouldn’t be multiple user names, but i’d like to address and debug the issue before hand.

Right… those are the field names… but how many records are in the table? (If thinking of it as a grid… the field names are the columns. There are how many rows?)

Try adding this line to your code before the “check to see if they match” part.

echo $password." ".md5($password)." ".$dbpassword;

The first should be the plaintext password. The second should be an MD5 string. The third should be what your database is expecting. Which of the three match up?

Sorry about that, I wasn’t aware we could do that with the PHP code tags. My apologizes and I did put the “root”,“root” in the code to replace the password.

There are only 5 areas in my database. Only the Password field has the MD5 String.

ID / Fullname / Username / Password / Date

Thanks again!

This is the Register

<?php
echo "<h1>Please Register</h1>";


$submit = $_POST['submit'];

//form data
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
$date = date("Y-m-d");

if ($submit)
{
//check for existing using
if($fullname&&$username&&$password&&$repeatpassword)
{

if ($password==$repeatpassword)
{
//check character length
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Username / Full Name is too long!";	
}
else
{
//check password
if(strlen($password)>25||strlen($password)<5)
{
echo "Password must between 5 and 25 characters!";	
}
else
{
//register user


//encryption
$password = md5($password);

//open database
$connect = mysql_connect("localhost","root","root");
mysql_select_db("phplogin");//selectdatabase

$queryreg = mysql_query("

INSERT INTO users VALUES ('','$fullname','$username','$password','$date')	

");

die ('"You have been registered! <a href="index.php">Click Here</a> to continue"');

}

}


}
else
echo "Your passwords do not match!";

}
else
echo "Please fill in <b>all</b> fields!";
}

?>



<!--do not touch below this line-->
<html>
<p>
<form action='register.php' method="POST">
<table>
<tr>
<td>
Your fullname:
</td>
<td>
<input type='text' name='fullname' value="<?php echo $fullname ?>">
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type='text' name='username' value="<?php echo $username ?>">
</td>
</tr>
<tr>
<td>
Your Password:
</td>
<td>
<input type='password' name='password'>
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type='password' name='repeatpassword'>
</td>
</tr> 
</table>
<p>
<input type='submit' name='submit' value="Register">
</form>
</html>

Login Form

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if($username&&$password)
{
$connect = mysql_connect("localhost","root","root") or die("Couldn't Connect!");
mysql_select_db("phplogin") or die("Couldn't find db");

$query = mysql_query("SELECT * FROM users WHERE username ='$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{
// code to login
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];	
}

// check to see if they match
if ($username==$dbusername&&md5($password)==$dbpassword)
{
echo "your in! <a href='member.php'>Clck here</a> to enter member page";
$_SESSION['username']=$dbusername;
}
else
echo "Incorrect password!";
}
else
die ("That user doesn't exist");
}
else
die("Please enter username and password!");
?>

Sure.

here it is in it’s original form

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if($username&&md5($password))
{
	$connect = mysql_connect("localhost","root","root") or die("Couldn't Connect!");
	mysql_select_db("phplogin") or die("Couldn't find db");
	
	$query = mysql_query("SELECT * FROM users WHERE username ='$username'");
	
	$numrows = mysql_num_rows($query);
	
	if ($numrows == 1)
	{
		// code to login
		while ($row = mysql_fetch_assoc($query))
		{
			$dbusername = $row['username'];
			$dbpassword = $row['password'];	
		}
		
		// check to see if they match
		if ($username==$dbusername&&md5($password)==$dbpassword)
		{
			echo "your in! <a href='member.php'>Clck here</a> to enter member page";
			$_SESSION['username']=$dbusername;
		}
		else
			echo "Incorrect password!";
	}
	else
		die ("That user doesn't exist");
}
else
	die("Please enter username and password!");
?>

Can you post the whole code for the login form as it as atm?

thanks for the input, but it didn’t work, still get an invalid password.

Wondering what I missed at this point. I emailed the developer of the tutorial with my questions, but I haven’t heard back.

Ok, looking at the code from the line after the mysql_num_rows line

if ($numrows == 1) {
    // code to login
    while ($row = mysql_fetch_assoc($query)) {
        $dbusername = $row['username'];
        $dbpassword = $row['password'];
    }
    echo "your in! <a href='member.php'>Clck here</a> to enter member page";
    $_SESSION['username']=$dbusername;
} else {
    echo 'Sorry, the username and password combination is not valid. Please enter a valid username and password';
}

That will log the user in if exactly 1 match was found in the users table otherwise they are denied entry.