[jesusfreak101]

ok so ive got my sessions all set up for my login stuff and im good to go. But i need to test my login&password. Apparently i wasnt able to create a registration page due to the tutorial i was following didnt have one.

im still a newbie to php, but i set up my tables in phpMyAdmin and was wondering how would i create a new username and password manually in phpMyAdmin. what kind of SQL Query would i use? I attached a screenshot of my tables. i set up a registration page, and my user is registered but it still wont let me in. so i want to create a user manually and see if the problem is within the code and not the tables.

much much much help appreciated, you guys are awesome a DT thnx

[bluesage]

Quote:

so i want to create a user manually and see if the problem is within the code and not the tables.

??

post some of your php code, would be more helpful.

To add a user in your table using phpymadmin, you dont need to use sql queries, you can simply click the "insert" tab.

[jesusfreak101]

This is my manage-check.php which is linked from the login form

PHP Code:

<?php
session_start();
include('db.php');
if(isset($_POST['submit'])) :
   // Username and password sent from signup form
   // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash
   $username = strip_tags($_POST['username']);
   $password = sha1(strip_tags($_POST['password']));
   // Make the query a wee-bit safer
   $query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
   $result = mysql_query($query);
   if(1 != mysql_num_rows($result)) :
       // MySQL returned zero rows (or there's something wrong with the query)
       header('Location: index.php?msg=login_failed');
   else :
       // We found the row that we were looking for
       $row = mysql_fetch_assoc($result);
       // Register the user ID for further use
       $_SESSION['member_ID'] = $row['ID'];
       header('Location: members-only.php');
   endif;
endif;
?>

[MadHat]

Make a new doc in notepad and put this code in

PHP Code:

<?php
//First connect to your database
$connect = mysql_connect("localhost", "YOUR_DATABASE_USERNAME_HERE", "YOUR_DATABASE_PASSWORD_HERE") or die ("Tis fooked m'lord");
//Now select your database (youve blurred the first part so WHATEVER_members)
mysql_select_db("YOUR_DATABASE_NAME_HERE");

//this will insert a username called test and password test
$insert = "INSERT INTO members (ID, username, user_password) ". 
"VALUES (1, 'test', 'test')";
$results = mysql_query($insert) or die (mysql_error());
echo "user added";
?>

Save the file as testuser.php and run it.

then try logging in. That should work. Also try checking over your registration code, you may be using an out-dated tutorial that assums register_globals is on

[MadHat]

Also an easy way to check if any INSERT queries have worked is to go into phpMyAdmin table and click "BROWSE" then you can see all entries in there

[jesusfreak101]

well i know the registered users are there because it has the username and password shown (psswd coded) and so when i try to log in it tells me to login again

heres the tutorial

[jesusfreak101]

Quote:

Originally Posted by MadHat

Also an easy way to check if any INSERT queries have worked is to go into phpMyAdmin table and click "BROWSE" then you can see all entries in there

well it looks like the registration DID go through. Test is even in there. so now this means my coding is done wrong.

anyway, here are some files that i use:

manage-check.php

PHP Code:

<?php
session_start();
include('db.php');
if(isset($_POST['submit'])) :
   // Username and password sent from signup form
   // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash
   $username = strip_tags($_POST['username']);
   $password = sha1(strip_tags($_POST['password']));
   // Make the query a wee-bit safer
   $query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
   $result = mysql_query($query);
   if(1 != mysql_num_rows($result)) :
       // MySQL returned zero rows (or there's something wrong with the query)
       header('Location: index.php?msg=login_failed');
   else :
       // We found the row that we were looking for
       $row = mysql_fetch_assoc($result);
       // Register the user ID for further use
       $_SESSION['member_ID'] = $row['ID'];
       header('Location: members-only.php');
   endif;
endif;
?>

functions.php

PHP Code:

<?php
function user_info($field='') {
   // If $field is empty
   if(empty($field))
       return false;
   // Check to see if we're allowed to query the requested field.
   // If we add other fields, such as name, e-mail etc, this array
   // will have to be extended to include those fields.
   $accepted = array('username', 'user_password');
   if(!in_array($field, $accepted))
       return false;
   // Poll the database
   $result = mysql_query("SELECT ". $field ." FROM members WHERE ID = ". $_SESSION['member_ID'] .";");
   // If we don't find any rows
   if(1 != mysql_num_rows($result)) :
       return false;
   else :
       // We found the row that we were looking for
       $row = mysql_fetch_assoc($result);
       // Return the field
       return $row[$field];
   endif;
} // end user_info
?>

members-only.php

PHP Code:

<?php
// Start a session
session_start();
// Sends the user to the login-page if not logged in
if(!session_is_registered('member_ID')) :
   header('Location: index.php?msg=requires_login');
endif;
// Include database information and connectivity
include 'db.php';
// We store all our functions in one file
include 'functions.php';
?>
<html>...........

db.php

PHP Code:

<?php
define('SQL_USER', '*******');
define('SQL_PASS', '*******');
define('SQL_DB',  '*******');
// Create a link to the database server
$link = mysql_connect('localhost', SQL_USER, SQL_PASS);
if(!$link) :
   die('Could not connect: ' . mysql_error());
endif;
// Select a database where our member tables are stored
$db = mysql_select_db(SQL_DB, $link);
if(!$db) :
   die ('Can\'t connect to database : ' . mysql_error());
endif;
?>

[jesusfreak101]

i found my problem. in my registration form i was encrypting the password by md5 and in my login form i was making sure it was sha1

one last question, i have a table called ID and all of the new registered users go to 0 by default. Is this something i should look into or it isn't really necessary? cause i know the ID is for the sessions, but should all be 0?

[arb]

Edit the ID field in phpMyAdmin and set extra to auto_increment.

[pgo]

An ID column is usually used to assign a unique number to each user account. This is how you target them when performing queries. It also serves as the table's primary key.