1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

created a login registration system and refuses to work

Discussion in 'Web Development & Web Hosting' started by mallet, Mar 27, 2008.

  1. mallet

    mallet Kilobyte Poster

    289
    6
    41
    I am in the process of creating a user base system for my website. So far it went well and learn some very basic sql along the way. The reason why I created it was so later on in the development, registered users can upload files.

    So, I managed to create a login system/registration system using php to link to the all the database info. and create a sql database.
    However, I keep getting this message when I want to register as a new user when I press the submit button:
    Could not connect: Access denied for user 'hp_*******login'@'192.168.0.***' (using password: YES)

    This is what I written in my register.php file:

    <?PHP

    //Database Information

    $dbhost = 'sql*****.******.com';
    $dbname = '****';
    $dbuser = 'hp_****_login';
    $dbpass = '*****';

    //Connect to database

    mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
    mysql_select_db($dbname) or die(mysql_error());


    $name = $_POST['name'];
    $email = $_POST['email'];
    $username = $_POST['username'];
    $password = md5($_POST['password']);

    // lets check to see if the username already exists

    $checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

    $username_exist = mysql_num_rows($checkuser);

    if($username_exist > 0){
    echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
    unset($username);
    include 'register.html';
    exit();
    }

    // lf no errors present with the username
    // use a query to insert the data into the database.

    $query = "INSERT INTO users (name, email, username, password)
    VALUES('$name', '$email', '$username', '$password')";
    mysql_query($query) or die(mysql_error());
    mysql_close();

    echo "You have successfully Registered";
    ?>

    I can give the rest of the html files if people want to know how it works?


    -Mallet
     
    Certifications: MCP
  2. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    First off i assume you have checked the db username and password spelling and case, also does the db user have the rights to connect to your database? also i noticed that your host isn't local, is remote access enabled for the user
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  3. mallet

    mallet Kilobyte Poster

    289
    6
    41
    thanks ThomasMc :thumbleft
    It took my hosting sometime but in the end what they did was assign me the correct info for Database Information and I also told them about enabling remote access enabled for the user. which they didnt have a foggiest idea :biggrin

    And so the database works and sends the user login details via email... cool.
    However, that I got users to assign login details how do I take the next step up and assign details on who can upload files onto the website? and also, how do I get a login system to fully function? As I tried setting one up, but it keep showing up as a blank page whenever you press the submit button for the login details.

    Its very frustrating as I look it up on google and cant seem to find much info on the login system. and when I do find it, it just doenst work :(


    -Mallet
     
    Certifications: MCP
  4. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    do you have some sort of login.php?
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  5. mallet

    mallet Kilobyte Poster

    289
    6
    41
    yep, I got a login.php file here:

    <?php

    //Database Information

    $dbhost = "*******.*****.com";
    $dbname = "hp_*******_login";
    $dbuser = "hp_********";
    $dbpass = "********";

    //Connect to database

    mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
    mysql_select_db($dbname) or die(mysql_error());

    session_start();
    $username = $_POST[‘username’];
    $password = md5($_POST[‘password’]);

    $query = “select * from users where username=’$username’ and password=’$password’”;

    $result = mysql_query($query);

    if (mysql_num_rows($result) != 1) {
    $error = “Bad Login”;
    include “login.html”;

    } else {
    $_SESSION[‘username’] = “$username”;
    include “memberspage.php”;
    }

    ?>

    the page goes to a blank screen after you press the submit button. doesnt show any errors after that.
    Iam not sure if thats suppose to happen :hhhmmm
    is there any books recommend in this sort of field that can make me understand it more clearer?


    -Mallet
     
    Certifications: MCP
  6. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    It may be a side effect of using something like Word, but the single quotes in your login.php are not consistent.

    Sometimes you use ‘’ and some times ’’ It should really be ''.

    This may also be an interaction with the Forum. Best to use a plain text editor like Notepad.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  7. mallet

    mallet Kilobyte Poster

    289
    6
    41
    thanks guys. got it working. the quotes were playing havoc. they were pretty much everywhere :eyecrazy

    I read up about the sql injection hack which Iam abit worried about if I get loads of users to sign up. Theres a function called: "mysql_real_escape_string" and wanted to know where abouts the code goes and when to use it?


    -Mallet
     
    Certifications: MCP
  8. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    This page here is pretty explicit on the subject! And includes examples.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  9. mallet

    mallet Kilobyte Poster

    289
    6
    41
    cheers Harry.
    Spent the weekend reading about it :biggrin

    This is what I written to get it secured:
    // Query
    $query = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",
    mysql_real_escape_string($username),
    mysql_real_escape_string($password));

    tested using the sql hack and seems to work. however, even before I used the mysql_real_escape_string it still woundt hack into my login system. it looks like its a success...... I think :blink
    Thanks again guys.

    -Mallet
     
    Certifications: MCP

Share This Page

Loading...