Unable to login
dbConfig.php
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die;
$dbname = 'charitydatabase';
mysql_select_db($dbname);
echo("Successfully Connected to ". $dbname . " !");
mysql_query($sql);
?&开发者_开发技巧gt;
register.php
<?php
// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
include ("dbConfig.php");
//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO `dbuser` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);
// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if
//The thank you page
elseif ( $_GET["op"] == "thanks" )
{
echo "<h2>Thanks for registering!</h2>";
}
//The web form for input ability
else
{
echo "<form action=\"?op=reg\" method=\"POST\">\n";
echo "Username: <input name=\"username\" MAXLENGTH=\"16\"><br />\n";
echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n";
echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";
echo "<input type=\"submit\">\n";
echo "</form>\n";
}
// EOF
?>
login.php
<?php
session_start();
// dBase file
include "dbConfig.php";
if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide a username and password.");
}
// Create query
$q = "SELECT * FROM `dbuser` "
."WHERE `username`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: member.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>
Problem 1: Able to add user to database. But i get an error msg after debug the code:
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Login\dbConfig.php:4) in C:\xampp\htdocs\Login\register.php on line 49
Problem 2: and error saving the password field in database.
Problem3:
failed to login.
Please help me solve the above question, tq!
Remove the echo from the dbConfig.php, you cannot use the header() function after an echo. (the header us used to redirect in register.php)
SOLUTION
- use
ob_start()at the top of the page where u writeheader(''); - dont use mysql function
PASSWORD(), USEmd5()or any other decoded function of php - to store password into database set
datatypeof password filed tovarcharand length255
what this means
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide a username and password.");
}
write instead
if (empty($_POST["username"]) || empty($_POST["password"]) )
{
die("You need to provide a username and password.");
}
and take care of mysql injection
加载中,请稍侯......
精彩评论