How do I keep...

[salukigirl]

How do I keep my verify script from letting users get to the registration page? It won't let them to it because they are not logged in. But they can't log in if they cannot create an account...

<?php

session_start();

include("sql_connect.php");

$username = $_POST['username'];
$password = $_POST['password'];

if ( ! isset( $username ) )
{
die('You must enter in a username.');
}

if ( ! isset( $password ) )
{
die('You must enter in a password.');
}

$user_query = mysql_query("SELECT * FROM user WHERE username='".$username."'");
$num_users = mysql_num_rows( $user_query );

if ( $num_users == 0 )
{
die('User does not exist.');
}
else
{
while ( $user = mysql_fetch_array( $user_query ) )
{
if ( $password == $user["password"] )
{
session_register("loggedIn");
session_register("username");

$_SESSION['loggedIn'] = true;
$_SESSION['username'] = $username;

echo '<meta http-equiv="refresh" content="3; URL=user.php" />';
echo 'You have successfully logged in as '.$username.'<br />';
echo 'Redirecting to the user page';
}
else
{
echo 'Password does not match.';
}
}
}

?>

 

[The_Magistrate]

I'm not sure what you're asking. Do you want people to not be able to access the registration page or not? Putting the registration page behind an authentication page is pointless as you already pointed out.

If you're talking about not letting users register at all, simply modify the registration page to not allow users to enter and submit information.

The code snippet you submitted is part of the authentication system, and not the registration system. The code you have above has some security issues in it, but that's another problem.

 

[jayant]

Your question is not clear. please explain it technically.
May i can help you
:happysad:

 

[salukigirl]

Sorry. On my front page there is a place where players can register. But when they click the are stopped by the verify script. I don't know why. I didn't put it in my front page or registration page. It only happens when they click the button, if you put/register.php at the end of my url the verify thing like isn't there or something...

 

[The_Magistrate]

What is the URL to your site? Are you using a Content Management System? If so, do you accidentally have it set to not allow public registration?

 

[salukigirl]

It is www.furryfriends.elementfx.com/index.php

I don't know how that could have happened if that is the case...

 

[The_Magistrate]

You are using a form button to forward users to the registration page. This button is part of the login page. The problem that you're seeing is correct for the way you have the site setup.

You may want to remove the 'Register' button and make it a link instead. Use this:

<a href="http://furryfriends.elementfx.com/register.php" title="Click here to Register">Register!</a>

Detailed explanation: The register button you have on the site now will perform the action on the form before the action on the button. That is why the authentication script is being run and not the register script.

 

[salukigirl]

Oh thanks so much!