Basic form in PHP

[Proxybypass]

All of this work was done by me.

Ok so I've been creating a website from scratch, here is what I've gotten so far. Includes PHP/Mysql. Hosted on my Wamp server, using PHPmyadmin.
Please don't flame btw, its not really any advance code.
Feel free to use any/edit/give me pointers.

Index.php

<html>

  <Form action='login.php' method='POST'>
    Username: <input type='text' name='username'><br>
    Password: <input type='password' name-'password'><br>
    <input type='submit' value='Log in'>

    </form>   <p>

    a href='register.php'>Register here.</a>
  </html>

Login.php

<?Php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost","root",""); or die("Could not connect!");
mysql_select_db(phplogin); or die ("Could not find DB!");

$query = mysql_query("SELECT * FROM users WHERE username'=$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{

while ($row = mysql_fetch_assoc($query))

    $dbusername = $row['username'];
    $dbpassword = $row['password']
}

   if ($username==$dbusername&&md5($password)==$dbpassword)
    {

    echo "Password accepted! Click <a href='member.php'>here</a> to enter the members page.";
  $_SESSION ['username']=$username;
    }
  else
  echo "Incorrect password!";

else
  die("That user doesn't exist!");

echo $numrows;

}
 else
  die("Please enter your Username and Password.");

?>]

Logout.php

<?php

session_start();

session_destroy();

echo"You've been logged out. <a href='index'.php>Click here</a> to return."

?>

Member.php

<?php

session_start()

if ($_SESSION['username'])
echo "Welcome, ".$_SESSION['username']."!;<br><a href='logout.php'></a>";
  else
  die("You must be logged in!");

?>

Register.php

<?php
 Echo "<h1>Register</h1>";

 $submit =$_POST['submit'];
   //form data
 $fullname = strip_tags($_POST['fullname']);
 $username = strip_tags($_POST['username']);
 $password = strip_tags($_POST['password']));
 $repeatpassword = strip_tags($_POST['repeatpassword']));
 $date = date("Y-m-d");

 if ($submit)

 {

 if($fullname&&$username&&$password&&$repeatpassword);
  {

  if ($password==$repeatpassword)  {
   {

    if (strlen($username)>25||strlen($fullname)>25)
    {

    echo "Username or name is to long (25 char. limit)";
    }
    else
    {
  if (strlen($password)>25||strlen($password)<6)
  {
  echo "Password must be between 6-25 Chars.";
  }
  else
  {

  $password = md5 ($password);
  $repeatpassword = md5 ($repeatpassword);

  $connect = mysql_connect("localhost","root","");
  mysql_sql_db("phplogin");

  $queryreg= mysql_query("

  INSERT INTO users VALUES ('','$name','$username','$password','$date')

  ");

 die("You have been registered! <a href='index.php'>Return to the login page</a>

  }
  else
  echo "Your passwords do not match";

 }

  }
 else
  echo "Please fill in <b>all</b>fileds!<p>";
?>

<html>
   <p>
<form action='register.php' method='POST'>
  <table>
     <tr>
     <td>
     Your full name:
     </td>
     <td>
     <input type='text' name='fullname' value='<?php Echo $fullname; ?>'>
     </td>
     </tr>
     <tr>
     <td>
     Choose a Username:
     </td>
     <td>
     <input type='text' name='username' value='<?php echo $fullname; ?>'>
     </td>
     </tr>
    <tr>
     <td>
     Choose a password:
     </td>
     <td>
     <input type='password' name='password'
     </td>
     </tr>
    <tr>
     <td>
     Repeat your password:
     </td>
     <td>
     <input type='password' name='repeatpassword'
     </td>
     </tr>
     </table>
    <p>
    <input type='submit' name='submit' value='Register'>

     </form>

     </html>

 

[GAMEKINGZ_mybb_import1105]

RE: Basic forum in PHP

Thanks for sharing this , but where is the forum.php or dont we need that?

 

[Monetizer]

RE: Basic forum in PHP

I cannot comprehend this currently but I wish you the best of luck for this project.

 

[Proof_mybb_import11519]

RE: Basic forum in PHP

Isn't it best to do

<?php

session_start()

if ($_SESSION['username'])
echo "Welcome, ".$_SESSION['username']."!;<br><a href='logout.php'></a>";
  else
  die("You must be logged in!");

?>

AS

<?php

session_start()

if (isset($_SESSION['username']))
echo "Welcome, ".$_SESSION['username']."!;<br><a href='logout.php'></a>";
  else
  die("You must be logged in!");

?>

 

[Proxybypass]

RE: Basic forum in PHP

isset, is basically do the same function, just.. checking it.

 

[Mildly Legit]

RE: Basic forum in PHP

Forums are nothing without the ability to post.

 

[Proxybypass]

RE: Basic forum in PHP

It's a basic test forum I did a while back to teach my self PHP.
That's all.

 

[flAmingw0rm]

RE: Basic forum in PHP

Good job if you coded this yourself!

 

[w1nd]

RE: Basic forum in PHP

More of a login system than a forum. Seems good though, just skimmed the code.

 

[Proxybypass]

RE: Basic forum in PHP

Yes, flaming I coded it all my self.
Thank you every one.

 

[`P R O D I G Y]

RE: Basic forum in PHP

Very unsecured code, but good work!

 

[Proof_mybb_import11519]

RE: Basic forum in PHP

Very unsecured code, but good work!

I agree there are a lot of flaws, but it's decent to being with.

 

[Proxybypass]

RE: Basic forum in PHP

It's basically a log in system. All I do was make the user ids/passwords hashed. Didn't really add security

 

[Proof_mybb_import11519]

I edited the thread title for you, forum->form.

I wanted to add on to your code so...

For the record I would have done this pretty different but I am just fixing your code. It would never work.


Index.php

<html>
		<body>
  		<Form action='login.php' method='POST'>
    		Username: <input type='text' name='username'><br>
    		Password: <input type='password' name-'password'><br>
    		<input type='submit' name = "sub" value='Log in'>

    		</form>   

    	<center><a href='register.php'>Register here</a></center>
    
  </html>

Login.php

<?php
ob_start(); // headers
session_start(); // allow sessions
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == "yes"){
echo "<center>You are already logged in! /n/n Click <a href='member.php'>here</a> to enter the members page.</center>";	
	
}else{
if(isset($_POST['sub'])){
	if(!empty($_POST['username']) && (!empty($_POST['password']))){



$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);



$connect = mysql_connect("localhost","root","") or die("Could not connect!");
mysql_select_db(phplogin) or die ("Could not find DB!");

$query = mysql_query("SELECT * FROM `users` WHERE `username`= '$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{

while ($row = mysql_fetch_assoc($query)){

    $dbusername = $row['username'];
    $dbpassword = $row['password'];
}
}

   if ($username==$dbusername&&md5($password)==$dbpassword)
    {

    echo "Password accepted! Click <a href='member.php'>here</a> to enter the members page.";
  	$_SESSION ['username']=$username;
	$_SESSION ['loggedin'] = "yes";
  
    }
  else
  echo "Incorrect password!";




	}else{
		die("You did not fill in all the fields!");
}
}else{
	header("Location:index.php");	
}
}
?>

Logout.php

<?php

session_start();
unset($_SESSION['loggedin']);
session_destroy();

echo "You've been logged out. <a href='index'.php>Click here</a> to return."

?>

Member.php

<?php

session_start();

if(isset($_SESSION['username']) && ($_SESSION['loggedin'] == "yes")){
echo "Welcome, ".$_SESSION['username']."!;<br><a href='logout.php'></a>";
}
  else
  die("You must be logged in!");

?>

Register.php

<html>
<h1>Register</h1>  
<form action='' method='POST'>
  <table>
     	<tr>
     		<td>Your full name:</td> <td><input type='text' name='fullname' value='<?php echo $fullname ?>'></td>
     	</tr>
     	<tr>
     		<td>Choose a Username:</td> <td> <input type='text' name='username' value='<?php echo $username ?>'></td>
     	</tr>
    	<tr>
     	    <td>Choose a password:</td> <td><input type='password' name='password'></td>
     	</tr>
    	<tr>
     		<td>Repeat your password: </td><td><input type='password' name='repeatpassword'></td>
     	</tr>
 </table>
    
    <input type='submit' name='submit' value='Register'>

 </form>

</html>
     
<?php

if(isset($_POST['submit'])){
   
//form data
$fullname = mysql_real_escape_string($_POST['fullname']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$repeatpassword = mysql_real_escape_string($_POST['repeatpassword']);
$date = date("Y-m-d");



if($fullname&&$username&&$password&&$repeatpassword)
  {

  if ($password==$repeatpassword)  {
  		die("Your passowrds do not match");
  }

    if (strlen($username)>25||strlen($fullname)>25)
    {

    echo "Username and fullname is to long (25 char. limit)";
    }
    else
    {
  if (strlen($password)>25||strlen($password)<6)
  {
  echo "Password must be between 6-25 Chars.";
  }
  else
  {

  $password = md5($password);

  $connect = mysql_connect("localhost","root","") or die(mysql_error());
  mysql_sql_db("phplogin") or die(mysql_error());

  $queryreg= mysql_query("

  INSERT INTO users VALUES ('','$name','$username','$password','$date')

  ");

echo"You have been registered! <a href='index.php'>Return to the login page</a>";

  }
  
}

  }
else
  echo "Please fill in <b>all</b>fileds!<p>";
  }
?>

So much of this code was... just so messed up. You need to read over your script before posting.

I didn't test this but it should work.

 

[RAF]

Trashed: Basic form in PHP

This thread has been trashed, it will be moderated by the Administrators for a further opinion.

 

[RAF]

Trashed: Basic form in PHP

This thread has been verified to be a quality thread and has been moved back into the rightful forum section.

Please contact Management if this was wrongfully done.