PHP login/register form help

[Fsmvda]

Im trying to make this login/register form and now my site wont work at all here is the site http://fsgames.pcriot.com"
the code
this is the front page it is called index.php (I took out the actual page content because it is irrelevant)

PHP Code:

<?php

require 'db_connect.php';

if ($logged_in == 0) {
    ?>
<!--my site that you see when not logged in--!>

<?php
}
else {  ?>

<!--my site that you see when logged in--!>

<?php
}
?>

db_connect.php

PHP Code:

<?php

//require the PEAR::DB classes.

require_once 'DB.php';

$db_engine = '5.0.51a-community';
$db_user = 'members';
$db_pass = 'kW;5(d=uGa/N';
$db_host = 'PostgreSQL';
$db_name = 'fsmvda_members';

$datasource = $db_engine.'://'.
              $db_user.':'.
              $db_pass.'@'.
               $db_host.'/'.
                $db_name;

$db_object = DB::connect($datasource, TRUE);


if(DB::isError($db_object)) {
    die($db_object->getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

 
include('check_login.php');

?>

this is the register page(register.php)

PHP Code:

<?php
require('db_connect.php');    // database connect script.
?>

<html>
<head>
<title>Register an Account</title>
</head>
<body>

<?php

if (isset($_POST['submit'])) { // if form has been submitted
    /* check they filled in what they supposed to,
    passwords matched, username
    isn't already taken, etc. */

    if (!$_POST['uname'] || !$_POST['passwd'] ||
        !$_POST['passwd_again'] || !$_POST['email']) {
        die('You did not fill in a required field.');
    }

    // check if username exists in database.

    if (!get_magic_quotes_gpc()) {
        $_POST['uname'] = addslashes($_POST['uname']);
    }

    $qry = "SELECT username FROM users WHERE username = '".$_POST['uname']."'";
    $name_check = $db_object->query($qry);

    if (DB::isError($name_check)) {
        die($name_check->getMessage());
    }

    $name_checkk = $name_check->numRows();

    if ($name_checkk != 0) {
        die('Sorry, the username: <strong>'.$_POST['uname'].'</strong>'
          . ' is already taken, please pick another one.');
    }

    // check passwords match

    if ($_POST['passwd'] != $_POST['passwd_again']) {
        die('Passwords did not match.');
    }

    // check e-mail format

    if (!preg_match("/.*@.*..*/", $_POST['email']) ||
         preg_match("/(<|>)/", $_POST['email'])) {
        die('Invalid e-mail address.');
    }

    // no HTML tags in username, website, location, password

    $_POST['uname'] = strip_tags($_POST['uname']);
    $_POST['passwd'] = strip_tags($_POST['passwd']);
    $_POST['website'] = strip_tags($_POST['website']);
    $_POST['location'] = strip_tags($_POST['location']);

    // check show_email data

    if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) {
        die('Nope');
    }

    /* the rest of the information is optional, the only thing we need to
    check is if they submitted a website,
    and if so, check the format is ok. */

    if ($_POST['website'] != '' & !preg_match("/^(http|ftp):///", $_POST['website'])) {
        $_POST['website'] = 'http://'.$_POST['website'];
    }

    // now we can add them to the database.
    // encrypt password

    $_POST['passwd'] = md5($_POST['passwd']);

    if (!get_magic_quotes_gpc()) {
        $_POST['passwd'] = addslashes($_POST['passwd']);
        $_POST['email'] = addslashes($_POST['email']);
        $_POST['website'] = addslashes($_POST['website']);
        $_POST['location'] = addslashes($_POST['location']);
    }

    $regdate = date('m d, Y');

    $insert = "INSERT INTO users (
            username,
            password,
            regdate,
            email,
            website,
            location,
            show_email,
            last_login)
            VALUES (
            '".$_POST['uname']."',
            '".$_POST['passwd']."',
            '$regdate',
            '".$_POST['email']."',
            '".$_POST['website']."',
            '".$_POST['location']."',
            '".$_POST['show_email']."',
            'Never')";

    $add_member = $db_object->query($insert);

    if (DB::isError($add_member)) {
        die($add_member->getMessage());
    }

    $db_object->disconnect();
?>

<h1>Registered</h1>

<p>Thank you, your information has been added to the database,
you may now <a href="login.php" title="Login">log in</a>.</p>

<?php

} else {    // if form hasn't been submitted

?>
<h1>Register</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username*:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password*:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td>Confirm Password*:</td><td>
<input type="password" name="passwd_again" maxlength="50">
</td></tr>
<tr><td>E-Mail*:</td><td>
<input type="text" name="email" maxlength="100">
</td></tr>
<tr><td>Website:</td><td>
<input type="text" name="website" maxlength="150">
</td></tr>
<tr><td>Location</td><td>
<input type="text" name="location" maxlength="150">
</td></tr>
<tr><td>Show E-Mail?</td><td>
<select name="show_email">
<option value="1" selected="selected">Yes</option>
<option value="0">No</option></select>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>

<?php

}

?>
</body>
</html>

this is the check login file

PHP Code:

<?php

/* check login script, included in db_connect.php. */

session_start();

if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
    $logged_in = 0;
    return;
} else {

    // remember, $_SESSION['password'] will be encrypted.

    if(!get_magic_quotes_gpc()) {
        $_SESSION['username'] = addslashes($_SESSION['username']);
    }

    // addslashes to session username before using in a query.
    $qry = "SELECT password FROM users WHERE username = '".$_SESSION['username']."'";
    $pass = $db_object->query($qry);

    if(DB::isError($pass) || $pass->numRows() != 1) {
        $logged_in = 0;
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }

    $db_pass = $pass->fetchRow();

    // now we have encrypted pass from DB in
    //$db_pass['password'], stripslashes() just incase:

    $db_pass['password'] = stripslashes($db_pass['password']);
    $_SESSION['password'] = stripslashes($_SESSION['password']);

    //compare:

    if($_SESSION['password'] == $db_pass['password']) {
        // valid password for username
        $logged_in = 1; // they have correct info
                    // in session variables.
    } else {
        $logged_in = 0;
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }
}

// clean up
unset($db_pass['password']);

$_SESSION['username'] = stripslashes($_SESSION['username']);

?>

this is the login page

PHP Code:

<?php

// database connect script.

require 'db_connect.php';

if($logged_in == 1) {
    die('You are already logged in, '.$_SESSION['username'].'.');

}

?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php

if (isset($_POST['submit'])) { // if form has been submitted

    /* check they filled in what they were supposed to and authenticate */
    if(!$_POST['uname'] | !$_POST['passwd']) {
        die('You did not fill in a required field.');
    }

    // authenticate.

    if (!get_magic_quotes_gpc()) {
        $_POST['uname'] = addslashes($_POST['uname']);
    }

    $qry = "SELECT username, password FROM users WHERE username = '".$_POST['uname']."'";
    $check = $db_object->query($qry);

    if (DB::isError($check) || $check->numRows() == 0) {
        die('That username does not exist in our database.');
    }

    $info = $check->fetchRow();

    // check passwords match

    $_POST['passwd'] = stripslashes($_POST['passwd']);
    $info['password'] = stripslashes($info['password']);
    $_POST['passwd'] = md5($_POST['passwd']);

    if ($_POST['passwd'] != $info['password']) {
        die('Incorrect password, please try again.');
    }

    // if we get here username and password are correct,
    //register session variables and set last login time.

    $date = date('m d, Y');

    $qry = "UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'";
    $update_login = $db_object->query($qry);

    $_POST['uname'] = stripslashes($_POST['uname']);
    $_SESSION['username'] = $_POST['uname'];
    $_SESSION['password'] = $_POST['passwd'];
    $db_object->disconnect();
?>

<h1>Logged in</h1>
<p>Welcome back <?php echo $_SESSION['username']; ?>, you are logged in.</p>

<?php

} else {    // if form hasn't been submitted

?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
</body>
</html>

this is the page that you go to when you log out

PHP Code:

<?php

require 'db_connect.php';    // database connect script.

if ($logged_in == 0) {
    die('You are not logged in so you cannot log out.');
}

unset($_SESSION['username']);
unset($_SESSION['password']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy();   // destroy session.
header('Location:http://fsgames.pcriot.com');
// redirect them to anywhere you like.
?>

Edit:
please help as soon as possible
Edit:
solved

[Ainokea]

I'm really not too sure about php login scripts, but theres plenty examples on the web.
Try giving this website a try... compare your code.. see where you could edit or improve. Its what I usually do...
http://www.pixel2life.com/tutorials/...rship_scripts/

[xmakina]

Post again to explain how you solved the problem so future users don't have to ask