Comments on: Building Browsergames: The Registration Page (PHP)

By: Kismet

Kismet — Tue, 26 Jan 2010 11:19:44 +0000

Perfect Marius! It works! Thankyou so much for this.

I am baffled though, why didn't the original code 'work out of the box'? Is it something wrong with Wamp? Should I be using something else to do these tutorials with?

Thanks again.

By: Marius

Marius — Tue, 26 Jan 2010 00:28:05 +0000

Yeah, delete the following two lines:

list($count) = mysql_fetch_row($result);
if($count >= 1) { ?>

Move the following line:

Error: that username is taken.

to go inside my if block:

if($result) { ?>
Error: that username is taken.

Notice that you now have two "else" blocks, delete the one closest to the if, the one which have no code inside the { }:

else {
}

-----------------
The code should then look like this:
.....
$query = sprintf("SELECT * FROM users WHERE username = '%s'",
mysql_real_escape_string($_POST['username']));
$result = mysql_query($query);
if($result) { ?>
Error: that username is taken.
$query = sprintf("INSERT INTO users(username,password) VALUES ('%s','%s');",
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string(md5($password)));
mysql_query($query);
?>
Congratulations, you registered successfully!
}
}
}
?>

By: Kismet

Kismet — Mon, 25 Jan 2010 21:44:02 +0000

Thankyou so much Marius. I've tried to implement your new code as best I can. And this is what my register.php looks like now:

--------------------------------
if($_POST) {
$password = $_POST['password'];
$confirm = $_POST['confirm'];
if($password != $confirm) { ?>
Error: Passwords do not match!
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'BBG';
require_once 'config.php';
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
or die ('Error connecting to mysql');
mysql_select_db($dbname);
$query = sprintf("SELECT * FROM users WHERE username = '%s'",
mysql_real_escape_string($_POST['username']));
$result = mysql_query($query);
if($result) {
} else {
}
list($count) = mysql_fetch_row($result);
if($count >= 1) { ?>
Error: that username is taken.
$query = sprintf("INSERT INTO users(username,password) VALUES ('%s','%s');",
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string(md5($password)));
mysql_query($query);
?>
Congratulations, you registered successfully!
}
}
}
?>

------------------------------

The error message has changed, now it says 'Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:wampwwwBBGregister.php on line 22'.

Line 22 is this one: list($count) = mysql_fetch_row($result);

I know I've done something wrong, but I feel I'm very close to getting this working. Can you see where I've messed up?

By: Marius

Marius — Mon, 25 Jan 2010 13:46:11 +0000

Yeah, I dropped the "count" approach and did this instead:

$query = sprintf("SELECT * FROM users WHERE username = '%s'", mysql_real_escape_string($_POST['username'])));
$result = mysql_fetch_array(mysql_query($isuser));

Then I use a simple if statement to check if I got any data or not:
if($result) {
// User already exists
} else {
// User does not exist, safe to register if all input validates
}

$result is an array, and if the user exists in the DB I have data there and the if check returns true, if no data enters the array is empty and the if check returns false and runs the else statement instead.

By: Luke

Luke — Mon, 25 Jan 2010 12:32:19 +0000

I couldn't say what's breaking for you, and you'll want to look at the
line just before the one where the error's being thrown – somehow,
your $result variable is being set to a boolean value instead of a
mysql resource.

By: Kismet

Kismet — Mon, 25 Jan 2010 10:23:10 +0000

Duh! I'm so dumb! You're right Luke, I needed to change the configuration file to match my Wamp info:

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'db_name';
?>

Now it's working, but I'm getting a new error:

Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:wampwwwBBGregister.php on line 19

This is line 19: list($count) = mysql_fetch_row($result);

I see that Marius had the same problem and managed to solve it, but he didn't post his solution .

Anybody have any ideas?

By: Luke

Luke — Mon, 25 Jan 2010 00:25:15 +0000

That error message means that your PHP script is unable to connect to
your MySQL database – try making sure all of your credentials are
correct, and then continuing from there.

By: Kismet

Kismet — Sun, 24 Jan 2010 13:07:08 +0000

I get this error when I try to register:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'user'@'localhost' (using password: YES) in C:wampwwwBBGregister.php on line 12
Error connecting to mysql

I'm very new to this, so I'm not sure what I've done wrong.

This is what I've done so far, I'm using Wamp, so I created a new project folder in C:wampwww called BBG.

In phpMyAdmin I've created 3 tables "items, users and user_inventory".

I'm using ConTEXT as my editor so I copied and pasted the whole code into it and saved it as register.php.

But I get the above error message when I try to register. What have I done wrong?

By: Red

Red — Sat, 16 Jan 2010 14:50:41 +0000

Thanks for the reply Maruz. Interesting stuff!

By: Maruz

Maruz — Thu, 14 Jan 2010 13:45:29 +0000

If you use a random salt value, you'd have to store that value to later validate the password. It can't be random each time the user tries to log in, then he will never be able to log in again.

A random salt could be the md5 value of a random number.

$salt = md5(rand(11111, 99999));
$password = md5($password.$salt);

Be sure to store the $salt value in your db for later use, and to match the users password using that same salt every time.

For better security (as you store the random salt probably next to each user in your db) you could also have a fixed $salt2 stored in a non-accessible php file, and add that to every password:

include "non-accessible php file";
$salt2 = "some-random-salt";

$password = md5($password.$salt.$salt2);