I'll start off by admitting that while I have no issues with html and css, I have a very basic understanding of php. I haven't used MySQL, but I am fairly comfortable with Microsoft SQL Server 2005 and don't think the issue is with the database.
I do not believe my log-in code is wrong, but I am including it as well, I think the whole issue is with my registration code. It seems to work partially, allowing a user name to be passed through into the table, but it looks like the password takes the username as the input value. I have an id field that is a simple integer field set to automatically increase as entries are added and that seems to work as well.
The php page I have with the forms that call the login and registration to run are all pretty much straight up html/css and based on previous use of forms I think there is nothing wrong with them since both my own scouring through the code and dreamweaver found nothing wrong with them andthe ids match the ones being referenced.
The email field and the display field both seem to be dropped from the insert portion if it reaches that point in the code. As I mentioned before, I believe that the user is being inserted into both the user field and the password field in the database.
I'll stop my babble now and show you the two pages of code, the only thing I edited before copying them over was the variable names since I can already connect to the database.:
Registration - code
Login - code
I'm sure I missed something stupidly obvious, and would like to thank everyone who replies in advance for the help
I do not believe my log-in code is wrong, but I am including it as well, I think the whole issue is with my registration code. It seems to work partially, allowing a user name to be passed through into the table, but it looks like the password takes the username as the input value. I have an id field that is a simple integer field set to automatically increase as entries are added and that seems to work as well.
The php page I have with the forms that call the login and registration to run are all pretty much straight up html/css and based on previous use of forms I think there is nothing wrong with them since both my own scouring through the code and dreamweaver found nothing wrong with them andthe ids match the ones being referenced.
The email field and the display field both seem to be dropped from the insert portion if it reaches that point in the code. As I mentioned before, I believe that the user is being inserted into both the user field and the password field in the database.
I'll stop my babble now and show you the two pages of code, the only thing I edited before copying them over was the variable names since I can already connect to the database.:
Registration - code
PHP:
<?
//Initializing registration
//Set up variables
$host = "localhost";
$user = "username";
$pass = "password";
$db = "database";
$tbl = "table";
//Connect to server
mysql_connect("$host", "$user", "$pass") or trigger_error('Could not connect to server');
//Connect to user table
mysql_select_db("$db")or trigger_error('Could not access required database on server');
//Pass through new user info
$newuser = $_POST['newuser'];
$newpass = $_POST['newpass'];
$newpass2 = $_POST['conpass'];
$newmail = $_POST['newemail'];
$newdisp = $_POST['newdisplay'];
//Protect MySQL Injection
$newuser = stripslashes($myuser);
$newpass = stripslashes($mypass);
$newpass2 = stripslashes($mypass2);
$newmail = stripslashes($mymail);
$newdisp = stripslashes($mydisp);
$newuser = mysql_real_escape_string($myuser);
$newpass = mysql_real_escape_string($mypass);
$newpass2 = mysql_real_escape_string($mypass2);
$newmail = mysql_real_escape_string($mymail);
$newdisp = mysql_real_escape_string($newdisp);
//check password
if ($newpass == $newpass2)
{
//encrypt and set up final variables before insertion
$passfinal = $newpass;
$npass = md5($passfinal);
$user = md5($newuser);
$mail = $newmail;
$disp = $newdisp;
}
else
{
echo "Passwords do not match";
exit;
}
//Verify user is not registered already
$sql = "SELECT * FROM $tbl WHERE User='$user'";
$pull = mysql_query($sql);
$count = mysql_num_rows($pull);
if ($count > 1)
{
echo "User already exists";
exit;
}
else
{
//Add user to user table
$insert = "INSERT INTO users (User, Password, Email, Display) VALUES ('$user', '$npass', '$mail', '$disp')";
mysql_query($insert);
echo "User created. Please go back to <a href='http://mysticfate.co.cc'>MysticFate</a>";
}
?>
PHP:
<?
//Initializing login portion of script
//Set up variables
$host = "localhost";
$user = "username";
$pass = "password";
$db = "database";
$tbl = "table";
//Connect to server
mysql_connect("$host", "$user", "$pass") or trigger_error('Could not connect to server');
//Connect to user table
mysql_select_db("$db")or trigger_error('Could not access required database on server');
//Pass through user name and password
$myuser = $_POST['myuser'];
$mypass = $_POST['mypass'];
//Protect MySQL Injection
$myuser = stripslashes($myuser);
$mypass = stripslashes($mypass);
$myuser = mysql_real_escape_string($myuser);
$mypass = mysql_real_escape_string($mypass);
//Encrypt fields
$encryptuser = md5($myuser);
$encryptpass = md5($mypass);
//SQL statement selecting user passed through
$sql="SELECT * FROM $tbl WHERE User='$encryptuser' and Password='$encryptpass'";
$result = mysql_query($sql);
//Counting table rows
$count = mysql_num_rows($result);
//Verifying only one row exists and if succesful redirect to succesful login page
if ($count==1)
{
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else
{
echo "Wrong Username/Password or not registered";
}
?>I'm sure I missed something stupidly obvious, and would like to thank everyone who replies in advance for the help
