i am new in php/mysql and sorry if my question is silly. I am trying to make a register/login/logout system with php and mysql. My skills are not good and i am not a programmer, so i tried to change a script that i found on the web. It contains files, index.php, activate php. login.php, logout.php, register.php.
It worked great when I tried the example given, but i changed the code quite a bit because I wanted the user to add more values in register like first name, last name etc and not just username, password and email. So I changed the code and added more columns on the mysql database. Now it won t work, it says that can ‘t find user when i try to activate and i also can ‘t log in.
index.php: is a very simple file that has an html form and asks unknown user if he wants to login or register and also starts a session
logout.php: simply unsets session
login.php:
<?php session_start(); ?>
<html>
<body>
<?php
if(isset($_POST["user"])){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myapp", $con);
$sql = "SELECT * FROM `users` WHERE `user` LIKE '". mysql_real_escape_string($_POST["user"])
."' AND ".
"`pass` LIKE MD5('". mysql_real_escape_string($_POST["pass"])
."') AND ".
"`active` = 'DONE'";
$result = mysql_query($sql);
$found = 0;
while ($row = mysql_fetch_array($result)) {
if ($row[1]==$_POST["user"]) {
$found = 1;
}
}
if ($found) {
$_SESSION["USER"] = $_POST["user"];
?>Thank you for logging in<?
}
else {
?>User/Pass is wrong!<?
}
mysql_close($con);
}
else {
?>
Please log-in:<br/>
<form action="login.php" method="POST">
User: <input type="text" name="user"><br />
Pass: <input type="password" name="pass"><br />
<input type="submit" />
</form>
<?php
}
?>
register.php:
<?php session_start(); ?>
<html>
<body>
<?php
if(isset($_POST["user"])){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myapp", $con);
$random = rand();
$sql = "INSERT INTO `myapp`.`users` (`id`, `user`, `pass`, `active`, `firstname`, `lastname`, `mail`) ".
" VALUES (NULL, '". mysql_real_escape_string($_POST["user"])
."', MD5('".mysql_real_escape_string($_POST["pass"])
."'), '".mysql_real_escape_string($random)
."'), '".mysql_real_escape_string($_POST["firstname"])
."'), '".mysql_real_escape_string($_POST["lastname"])
."')'".mysql_real_escape_string($_POST["mail"])
."');";
mysql_query($sql);
mysql_close($con);
$message = "Please put this url http://localhost/mypage/activate.php?active=" . $random . " in your browser to activate your account.";
@mail($_POST["mail"], 'Thank you for registering', $message);
?>Thank you <?php echo $_POST["user"]; ?> we send you a confirmation e-mail in <?php echo $_POST["mail"]; ?><?php
echo $message;
}
else {
?>
Please register:<br/>
<form action="register.php" method="POST">
User: <input type="text" name="user"><br />
Pass: <input type="password" name="pass"><br />
firstname:<input type="text" name="firstname"><br />
lastname:<input type="text" name="lastname"><br />
mail: <input type="text" name="mail"><br />
<input type="submit" />
</form>
<?php
}
?>
activate.php:
<?php session_start(); ?>
<html>
<body>
<?php
if(isset($_GET["active"])){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myapp", $con);
$sql = "SELECT * FROM `users` WHERE `active` LIKE '".
mysql_real_escape_string($_GET["active"])."'";
$result = mysql_query($sql);
$found = 0;
while ($row = mysql_fetch_array($result)) {
$found = 1;
}
if ($found) {
$sql = "UPDATE `users` SET `active` ='DONE'";
$result = mysql_query($sql);
?>Thank you for activating<?
}
else {
?>Can't find user!<?
}
mysql_close($con);
}
else {
?>Invalid activation<?php
}
?>
</body>
</html>
any help would be welcome, thank you and sorry for the long post!! ^_^
In register.php, you have an error in the SQL syntax, you have too many closed parentheses.
Replace this part like this: