easy signup form [Archive] - Web Hosting Talk

0senjed0

05-24-2009, 09:28 AM

i have create very simple sign up form and 90% of my codes are work fine but after users signup in form then can't login with username and password on login form . my sql save username and password fine in phpmyadmin at localhost too .

my sql query :

create database mycontacts;

use mycontacts;

create table contacts(
id int(11) auto_increment PRIMARY KEY,
full_name varchar(200),
password varchar(50),
repassword text
);

please check my codes and fix it if you can

mwatkins

05-24-2009, 10:02 AM

How are passwords normally stored in your database? Are they in plain text or a hash of some sort (like MD5)? You appear to be saving the changes in plain text. Does that match what the rest of your system does and expects?

HivelocityDD

05-24-2009, 10:17 AM

0senjed0

05-24-2009, 10:40 AM

In your process_form.php

if($full_name and $password and $repassword)

This line of code is wrong

You need to write some thing like

if(isset($full_name) && isset($password) && isset($repassword)) {
// You can check for null values also
if(($full_name != "") && ($password != "") && $repassword != "")) {
$result=mysql_query("insert into contacts values('','$full_name','$password','$repassword')");
if(mysql_affected_rows()>0)
{
echo 'Register done';
}
else
{
echo 'Problem in register';
}

}
}

Hope this helps

Thanks for your help but first i still can't login yet and also when i want to create new user again it gives me error on line 10

Parse error: parse error in xampp\htdocs\process_form.php on line 10

if(($full_name != "") && ($password != "") && $repassword != "")) {
$result=mysql_query("insert into contacts values('','$full_name','$password','$repassword')");

mwatkins

05-24-2009, 12:13 PM

Sigh. I asked you about hashes and mentioned a common error - plaintext vs hash - and no response.

Here's your data after one entry via "form.php":

select * from contacts;
+----+-----------+----------+------------+
| id | full_name | password | repassword |
+----+-----------+----------+------------+
| 1 | foo | bar | bar |
+----+-----------+----------+------------+

Your process.php stores the password data in plain text (always a bad idea). Yet in your login.php you construct a salted hash and query based on that.

How in the world do you expect that to ever return a result? For the plain text password "bar", you'll be querying "e24dbd26e6aa8ba7d8a00ad626639d599dc50b72".

Do they match? Of course not.

I mention this first because mentioning the other glaring issue - you are selecting from the wrong table name:

$query = sprintf("select password from mycontacts where psw='%s';", $pwd);

Is wrong; you are trying to query the database not the table. This should be:

$query = sprintf("select password from contacts where psw='%s';", $pwd);

In addition you need to take more care as to how you construct your query strings; sql injection is a real threat to the code as written. As well your queries do not properly deal with the chance that two users have the same password, so the query should include both the password and the "full_name" column.

mwatkins

05-24-2009, 02:39 PM

0senjed0

05-28-2009, 03:47 AM

To the OP:

Rather than write the entire solution for you my preference is to nudge you along the way; you'll learn more in the process.

Why not try to adapt some of what this person has done:

http://www.swish-db.com/tutorials/view.php/tid/601

At least they are using hashed strings as password storage.

this form on login page gives me this error at localhost :
Parse error: parse error in C:\Downloads\xampp-win32-1.7.1\xampp\htdocs\login.php on line 19

and in my server gives me error :
Parse error: syntax error, unexpected T_STRING in /home/public_html/aa/login.php on line 19

line 19 is :
$query = “select * from users where username=’$username’ and password=’$password’”;

anybody can help me ?