i want to create easy signup form an my codes are : <form action="process_form.php" method="post"> <table width="79%" style="width: 100%"> <tr> <td width="9%"><span class="style5">Username : </span></td> <td width="91%"><input name="fullname" type="text" /> </td> </tr> <tr> <td><span class="style5" lang="fa" xml:lang="fa">Password : </span></td> <td><input name="password" type="text" /> </td> </tr> <tr> <td><span class="style5" lang="fa" xml:lang="fa">Retype Password : </span></td> <td><input name="repassword" type="text" /> </td> </tr> </table> <input name="Submit" type="submit" value="Submit" /> </form> Code (markup): now when i want to send my form in any status it just gives me error : please complete all fields please Help ! and <?php mysql_connect('localhost','root','') or die('MySQL connect error!'); mysql_select_db('mycontacts') or die('MySQL db select error!'); $full_name=$_POST['fullname']; $email=$_POST['password']; $message=$_POST['repasswrod']; if($fullname and $paqssword and $repassword) { $result=mysql_query("insert into contacts values('','$full_name','$password','$repassword')"); if(mysql_affected_rows()>0) { echo 'Register done'; } else { echo 'Problem in register'; } } else { echo 'please complete all fields'; } ?> Code (markup):
The variable names in your first conditional statement of the processing form are all screwed up. if($fullname and $paqssword and $repassword) $fullname should have an underscore $paqssword hasn't been defined in the script and probably contains a typo $repassword actually should work, but $_POST['repassword'] would be better After you get that fixed, probably the next hurdle you will face is unintended data going into the database. If you look at the top of your processing form you will see that you're $_POST data names don't match up with the variables name you assign in the script: $full_name=$_POST['fullname']; $email=$_POST['password']; $message=$_POST['repasswrod']; $email takes the value of the password, $message takes the value of the retyped password. Both of those values will go into your database. Which brings us to your next two issues. 1.--you never verify that the password and the retyped passwords are the same. 2. if they are to be the same, you don't need to insert them both into your database. Lastly and most importantly, you never sanitize your user's data, you just put it in an SQL statement and run it. If this is going to be on the web, open to the world, look up 'SQL injection' to see what you can do to protect that script.
now my form work fine but after signup i can't login with username and password .60% of this code is for me and %40 is for my friend so i have problem with some of part ! thanks if you help me to done it . my codes are : <html dir="rtl"> <head> <title>Save your contact!</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head> <body> <?php mysql_connect('localhost','root','') or die('MySQL connect error!'); mysql_select_db('mycontacts') or die('MySQL db select error!'); $full_name=$_POST['full_name']; $password=$_POST['password']; $repassword=$_POST['repassword']; if($full_name and $password and $repassword) { $result=mysql_query("insert into contacts values('','$full_name','$password','$repassword')"); if(mysql_affected_rows()>0) { echo 'Register done'; } else { echo 'Problem in register'; } } else { echo 'please complete all fields'; } ?> </body> </html> Code (markup): <?php require_once ('config.php'); if($_SESSION['try_count']>5) { echo 'Your time has been expired'; header('location:index.php'); session_unset(); session_destroy(); exit; } $_SESSION['try_count']++; $full_name=addslashes($_POST['full_name']); $password=sha1(SALT.trim($_POST['password']).SALT); $send=$_POST['send']; if($send==='Login' and isset($full_name) and isset($_POST['password'])) { if(dologin($password)) { $random_val=sha1(time()); setcookie('10243235212544298969611635091229896953',$random_val,time()+3600,'/'); echo '<center dir=ltr>Please wait...</center>'; session_unset(); $_SESSION['full_name']=$full_name; unset($send); header('location:admin.php'); } else echo '<center style="color:red;text-decoration:blink" dir="ltr"><br />Incorrect username and password<br /><br />ط´ظ…ط§ '.(7-$_SESSION['try_count']).' you can try it just </center>'; } function dologin($pwd) { $query = sprintf("select psw from users where psw='%s';", $pwd); $result=mysql_query($query); if(mysql_affected_rows()>0) return true; else return false; mysql_close(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Log in...</title> </head> <body> <form method="post"> <p>Username: <input name="full_name" type="text" id="textbox" /> <br /> Password: <input type="text" name="password" id="textbox" /> <br /> repassword: <input type="text" name="repassword" id="textbox2" /> </p> <p><br /> <input type="submit" value="Login" name="send" /> </p> </form> </body> </html> Code (markup): <?php session_start(); $server="localhost"; $user="root"; $pass=""; define('SALT','1$8TLEilAtn.vs3@MzAw'); $conn=mysql_connect($server,$user,$pass); if(!$conn) die("MySQL Connection Error!"); else {mysql_select_db("mycontacts",$conn);} ?> Code (markup): <?php require_once ('config.php'); if(isset($_SESSION['full_name']) && isset($_COOKIE['10243235212544298969611635091229896953'])) { echo ' <table style="width:100%"> <tr> <td><b> '.$_SESSION['username'].'</b>طŒWelcome</td> <td><a href="./login.php?exit=yes" title="Exit" class="main-link">Logout</a> </td> </tr> </table>'; } else die ('<div>ط´ظ…ط§ ط§ط¨طھط¯ط§ ط¨ط§ظٹط¯ ظˆط§ط±ط¯ ط³ط§ظٹطھ ط´ظˆظٹط¯ ...<br /><a href="login.php">ظˆط±ظˆط¯</a></div>'); //ظƒط¯ظ‡ط§ظٹ ط¨ط®ط´ ظ…ط¯ظٹط±ظٹطھ ط±ط§ ط§ظٹظ†ط¬ط§ ط¨ع¯ط°ط§ط±ظٹط¯ ?> Code (markup):
That's a lot of code I don't want to look through for an issue you have only generall described. First, check your database, make sure the data in it for each field is what you expect. Second, post the specific error message you are getting and the code snippet it relates to.