Dear readers, i have recently been trying to figure out my problems i've been having with my new register/login system, i have upgraded my PHP to intermediate firstly, and i am quite new to SQL and PHP so i have been messing around with the files and database to try and get things working, right now the main problem i'm having is with the database, it seems that all my files are working, except something with the database isn't right, but i am not 100% sure, i have put all the files in the public_html directory, and have edited the config to connect to my database, i can load the pages for registration and login fine, but when i go to create an account i get this error:
Code:
Warning: Cannot modify header information - headers already sent by (output started at /home/sexylist/public_html/config.php:16) in /home/sexylist/public_html/register_process.php on line 61
In my SQL database i have a table called 'users' and 3 columns called 'users' 'password' and 'emailaddy'.
I am not sure if this is correct, but i will post the php code i am using for each file.
config.php
PHP Code:
<?php
$config[1] = 'localhost'; // Leave this as localhost. This is important.
$config[2] = 'myusername'; // Place your username in between the ' '
$config[3] = 'mypassword'; // Place your password between the ' '
$config[4] = 'mydatabase'; // Place the name of your database here. It normally begins with a prefix which is your cpanel username.
// Creates a connection to the database
$connect = mysql_connect($config[1], $config[2], $config[3])
or die ('Cannot connect to the server because '. mysql_error());
// This selects the database
$select = mysql_select_db($config[4], $connect)
or die ('Cannot select the database because '. mysql_error());
?>
register.php
PHP Code:
<?php
// Start the session
session_start();
// Require once the DB script
require_once ($_SERVER['DOCUMENT_ROOT']. '/config.php');
// If user is logged in, show message stating that. If not, display login box.
if ($_SESSION['site_username']) {
echo 'Welcome '. $_SESSION['site_username'] .' You cannot register a new account as you are already logged in!';
echo '<br />';
if (strtolower($_SESSION['site_username']) == 'admin') {
echo '<a href="ap">Admin Panel</a> <br />';
}
echo '<a href="logout.php">Logout</a>';
}
else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>ZenCMS :: Login </title>
</head>
<body>
<form action="register_process.php" method="post">
<table width="85%" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="35%">Pick a Username:</td>
<td width="65%"><input type="text" name="username" size="40" /></td>
</tr>
<tr>
<td>Pick a Password: </td>
<td><input type="password" name="password" size="40" /></td>
</tr>
<tr>
<td>Please Repeat your Password: </td>
<td><input type="password" name="passrept" size="40" /></td>
</tr>
<tr>
<td>Enter Your Email Address: </td>
<td><input name="emailaddy" type="text" id="emailaddy" size="40" /></td>
</tr>
<tr>
<td><a href="login.php">Login here </a></td>
<td><input name="submit" type="submit" value="Sign Up" /></td>
</tr>
</table>
</form>
</div>
</body>
</html>
<?php
}
?>
register_process.php
PHP Code:
<?Php
session_start();
if (isset($_POST['submit'])) {
// Require once the DB script
require_once ($_SERVER['DOCUMENT_ROOT']. '/config.php');
// declaring the variables
$username = $_POST['username'];
$password = md5($_POST['password']);
$passrept = $_POST['passrept'];
$email = $_POST['emailaddy'];
// stripping HTML tags from the info entered
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$passrept = strip_tags($_POST['passrept']);
$email = strip_tags($_POST['emailaddy']);
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$passrept = stripslashes($_POST['passrept']);
$email = stripslashes($_POST['emailaddy']);
// Checking a username is not already taken
$q = mysql_query("SELECT * FROM users WHERE users = '$username'") or die(mysql_error());
if(mysql_num_rows($q) > 0)
{
echo '<script>alert("The username you entered is already in use, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
else {
// Checking the two passwords match each other
if ($password != $passrept) {
echo '<script>alert("The passwords did not match.");</script>';
echo '<Script>history.back(1);</script>';
exit;
}
// Checking the format of the email address
if (!preg_match("/.*@.*..*/", $email) || preg_match("/(<|>)/", $email)) {
echo '<script>alert("Invalid Email Address");</script>';
echo '<script>history.back(1);</script>';
exit;
}
// inserting the data into the db
$insert = mysql_query("INSERT INTO users VALUES ('". $_POST['username'] ."', '". $_POST['password'] ."', '". $_POST['emailaddy'] ."') ")
or die("Could not insert data because ".mysql_error());
$_SESSION['site_username'] = $username;
$_SESSION['site_password'] = $password;
header( 'Location: success.php' ) ;
}
}
?>
success.php
PHP Code:
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<div align="center">
<form action="login.php" method="post">
<table width="85%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td>
Your registration was successfully completed. <br /> The username you chose was <?php $_SESSION['site_username']; ?> <br />
<a href="members">Click here to proceed to members area </a> </td>
</tr>
</table>
</form>
</div>
</body>
</html>
login.php
PHP Code:
<?php
session_start();
// Require once the DB script
require_once ($_SERVER['DOCUMENT_ROOT']. '/config.php');
if ($_POST['loginSubmit']) {
// You *always!* need to validate user-supplied data when using it in MySQL queries!!
// This isn't 100% secure, but it's definitely better than having nothing and being vulnerable to SQL injection.
if(get_magic_quotes_gpc()) {
if(ini_get('magic_quotes_sybase')) {
$username = str_replace("''", "'", $_POST['username']);
$password = str_replace("''", "'", $_POST['password']);
} else {
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
}
} else {
$username = $_POST['username'];
$password = $_POST['password'];
}
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$check = mysql_query("SELECT * FROM `users` WHERE `users` = '$username' and `password` = '$password' LIMIT 1");
// Counting the table row
// If the result is matched then $username, $password must be row 1
$count = @mysql_num_rows($check);
// Logged in!
if ($count == (int) 1) {
$_SESSION['site_username'] = $username;
$_SESSION['site_password'] = $password;
echo '
<div align="center">
<table width="90%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td>
Welcome '. $_SESSION['site_username'] .'. You are now logged in!<br /><a href="members">Click Here to Continue</a><br /><a href="logout.php">Click here to logout if you want to now!</a>
</td>
</tr>
</table>
</div>
';
$_GET['do'] = 'manualUnset';
// Do whatever ?
}
else {
echo 'Error: Wrong username or password specified. <br />';
}
}
// If $_GET['do'] is set to 'manualUnset', do not show login form, user already logged in.
switch ($_GET['do']) {
case 'manualUnset':
break;
default:
?>
<div align="center">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table width="90%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td>Username:</td>
<td>Password:</td>
</tr>
<tr>
<td><input type="text" name="username" /></td>
<td><input type="password" name="password" /> <input name="loginSubmit" type="submit" value="Login" class="button" />
</tr>
<tr>
<td>
<?php
break;
}
?>
</td>
</tr>
</table>
</form>
</div>
That is all the files i am using, in config.php i have changed the mypassword, myusername and mydatabase to match the 3 SQL database username, password and database name.
Is there anything that is obviously wrong?
Thanks in advance.
Kind Regards, HeLLshEEp.
Edit:
Oh, also i here that get_magic_quotes_gpc isn't that secure, is this true? If so, what else could i implement that would make it more secure?
Edit:
I don't know if you're allowed to bump topics or not, but i'm still having this problem, i'd appreciate it if anyone could please help me out.
LinkBack URL
About LinkBacks
Reply With Quote
