Fsmvda
New Member
- Messages
- 9
- Reaction score
- 0
- Points
- 0
Im trying to make this login/register form and now my site wont work at all here is the site http://fsgames.pcriot.com"
the code
this is the front page it is called index.php (I took out the actual page content because it is irrelevant)
db_connect.php
this is the register page(register.php)
this is the check login file
this is the login page
this is the page that you go to when you log out
Edit:
please help as soon as possible
Edit:
solved
the code
this is the front page it is called index.php (I took out the actual page content because it is irrelevant)
PHP:
<?php
require 'db_connect.php';
if ($logged_in == 0) {
?>
<!--my site that you see when not logged in--!>
<?php
}
else { ?>
<!--my site that you see when logged in--!>
<?php
}
?>
PHP:
<?php
//require the PEAR::DB classes.
require_once 'DB.php';
$db_engine = '5.0.51a-community';
$db_user = 'members';
$db_pass = 'kW;5(d=uGa/N';
$db_host = 'PostgreSQL';
$db_name = 'fsmvda_members';
$datasource = $db_engine.'://'.
$db_user.':'.
$db_pass.'@'.
$db_host.'/'.
$db_name;
$db_object = DB::connect($datasource, TRUE);
if(DB::isError($db_object)) {
die($db_object->getMessage());
}
$db_object->setFetchMode(DB_FETCHMODE_ASSOC);
include('check_login.php');
?>
PHP:
<?php
require('db_connect.php'); // database connect script.
?>
<html>
<head>
<title>Register an Account</title>
</head>
<body>
<?php
if (isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they supposed to,
passwords matched, username
isn't already taken, etc. */
if (!$_POST['uname'] || !$_POST['passwd'] ||
!$_POST['passwd_again'] || !$_POST['email']) {
die('You did not fill in a required field.');
}
// check if username exists in database.
if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$qry = "SELECT username FROM users WHERE username = '".$_POST['uname']."'";
$name_check = $db_object->query($qry);
if (DB::isError($name_check)) {
die($name_check->getMessage());
}
$name_checkk = $name_check->numRows();
if ($name_checkk != 0) {
die('Sorry, the username: <strong>'.$_POST['uname'].'</strong>'
. ' is already taken, please pick another one.');
}
// check passwords match
if ($_POST['passwd'] != $_POST['passwd_again']) {
die('Passwords did not match.');
}
// check e-mail format
if (!preg_match("/.*@.*..*/", $_POST['email']) ||
preg_match("/(<|>)/", $_POST['email'])) {
die('Invalid e-mail address.');
}
// no HTML tags in username, website, location, password
$_POST['uname'] = strip_tags($_POST['uname']);
$_POST['passwd'] = strip_tags($_POST['passwd']);
$_POST['website'] = strip_tags($_POST['website']);
$_POST['location'] = strip_tags($_POST['location']);
// check show_email data
if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) {
die('Nope');
}
/* the rest of the information is optional, the only thing we need to
check is if they submitted a website,
and if so, check the format is ok. */
if ($_POST['website'] != '' & !preg_match("/^(http|ftp):///", $_POST['website'])) {
$_POST['website'] = 'http://'.$_POST['website'];
}
// now we can add them to the database.
// encrypt password
$_POST['passwd'] = md5($_POST['passwd']);
if (!get_magic_quotes_gpc()) {
$_POST['passwd'] = addslashes($_POST['passwd']);
$_POST['email'] = addslashes($_POST['email']);
$_POST['website'] = addslashes($_POST['website']);
$_POST['location'] = addslashes($_POST['location']);
}
$regdate = date('m d, Y');
$insert = "INSERT INTO users (
username,
password,
regdate,
email,
website,
location,
show_email,
last_login)
VALUES (
'".$_POST['uname']."',
'".$_POST['passwd']."',
'$regdate',
'".$_POST['email']."',
'".$_POST['website']."',
'".$_POST['location']."',
'".$_POST['show_email']."',
'Never')";
$add_member = $db_object->query($insert);
if (DB::isError($add_member)) {
die($add_member->getMessage());
}
$db_object->disconnect();
?>
<h1>Registered</h1>
<p>Thank you, your information has been added to the database,
you may now <a href="login.php" title="Login">log in</a>.</p>
<?php
} else { // if form hasn't been submitted
?>
<h1>Register</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username*:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password*:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td>Confirm Password*:</td><td>
<input type="password" name="passwd_again" maxlength="50">
</td></tr>
<tr><td>E-Mail*:</td><td>
<input type="text" name="email" maxlength="100">
</td></tr>
<tr><td>Website:</td><td>
<input type="text" name="website" maxlength="150">
</td></tr>
<tr><td>Location</td><td>
<input type="text" name="location" maxlength="150">
</td></tr>
<tr><td>Show E-Mail?</td><td>
<select name="show_email">
<option value="1" selected="selected">Yes</option>
<option value="0">No</option></select>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>
<?php
}
?>
</body>
</html>
PHP:
<?php
/* check login script, included in db_connect.php. */
session_start();
if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
$logged_in = 0;
return;
} else {
// remember, $_SESSION['password'] will be encrypted.
if(!get_magic_quotes_gpc()) {
$_SESSION['username'] = addslashes($_SESSION['username']);
}
// addslashes to session username before using in a query.
$qry = "SELECT password FROM users WHERE username = '".$_SESSION['username']."'";
$pass = $db_object->query($qry);
if(DB::isError($pass) || $pass->numRows() != 1) {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
$db_pass = $pass->fetchRow();
// now we have encrypted pass from DB in
//$db_pass['password'], stripslashes() just incase:
$db_pass['password'] = stripslashes($db_pass['password']);
$_SESSION['password'] = stripslashes($_SESSION['password']);
//compare:
if($_SESSION['password'] == $db_pass['password']) {
// valid password for username
$logged_in = 1; // they have correct info
// in session variables.
} else {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
}
// clean up
unset($db_pass['password']);
$_SESSION['username'] = stripslashes($_SESSION['username']);
?>
PHP:
<?php
// database connect script.
require 'db_connect.php';
if($logged_in == 1) {
die('You are already logged in, '.$_SESSION['username'].'.');
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
if (isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
die('You did not fill in a required field.');
}
// authenticate.
if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$qry = "SELECT username, password FROM users WHERE username = '".$_POST['uname']."'";
$check = $db_object->query($qry);
if (DB::isError($check) || $check->numRows() == 0) {
die('That username does not exist in our database.');
}
$info = $check->fetchRow();
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);
if ($_POST['passwd'] != $info['password']) {
die('Incorrect password, please try again.');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
$qry = "UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'";
$update_login = $db_object->query($qry);
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object->disconnect();
?>
<h1>Logged in</h1>
<p>Welcome back <?php echo $_SESSION['username']; ?>, you are logged in.</p>
<?php
} else { // if form hasn't been submitted
?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
</body>
</html>
PHP:
<?php
require 'db_connect.php'; // database connect script.
if ($logged_in == 0) {
die('You are not logged in so you cannot log out.');
}
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
header('Location:http://fsgames.pcriot.com');
// redirect them to anywhere you like.
?>
please help as soon as possible
Edit:
solved
Last edited: