data not inserted into 1 sql so couldn't login, registration worked but table not updated

74 views Asked by At

I don't know what is the problem with the code, because there's no error or anything, accept that when I register, the data already inserted into the logins table, but when I try to login, nothing happens.

= login.php?error=1.

I don't have problems logging in with already inserted data in the table, but I would like to create the registration.php to register new users. Can someone at least tell me why does it only inserted one sql but not both, plus in the table, the customer_id column is 0 which mean the data are not inserted according to the 1st sql.

[]

registration.php

<?php
    session_start();
    require_once("config.php");
    /* Checking if user is logged in, if not redirecting to the main page */
    if(isset($_SESSION['SESS_LOGGEDIN']) == TRUE) {
        header("Location: " . $config_basedir);
    }

    if($_POST['register'])
    {
        $loginchecksql = "SELECT * FROM logins
        WHERE username = '" . $_POST['userBox'] . "'";
        $logincheckres = mysql_query($loginchecksql);
        $loginchecknumrows = mysql_num_rows($logincheckres);
        if($loginchecknumrows == 1)
        {
        header("Location: http://" . $localhost . "$login.php . ?error=3");
        }
        else{
        if(empty($_POST['forenameBox']) ||
                    empty($_POST['surnameBox']) ||
                    empty($_POST['add1Box']) ||
                    empty($_POST['postcodeBox']) ||
                    empty($_POST['phoneBox']) ||
                    empty($_POST['userregBox']) ||
                    empty($_POST['passregBox']) ||
                    empty($_POST['emailBox']))
                {
                    header("Location: " . $basedir . "login.php?error=2");
                    exit;
                }

                $addsql = "INSERT INTO customers(forename, surname, address, postcode, phone, email, registered)
                            VALUES('"
                            . strip_tags(addslashes($_POST['forenameBox'])) . "', '"
                            . strip_tags(addslashes($_POST['surnameBox'])) . "', '"
                            . strip_tags(addslashes($_POST['add1Box'])) . "', '"
                            . strip_tags(addslashes($_POST['postcodeBox'])) . "', '"
                            . strip_tags(addslashes($_POST['phoneBox'])) . "', '"
                            . strip_tags(addslashes($_POST['emailBox'])) . "',
                            1)";

                mysql_query($addsql);
                $customer_id = mysql_insert_id(); // Gets The id Of Last MySql INSERT Query 
                $insert_query = 'INSERT INTO logins (
                    username,
                    password,
                    customer_id
                    ) 
                    VALUES
                    (
                    "' . $_POST['userregBox'] . '", 
                    "' . md5($_POST['passregBox']) . '",
                    "' . $customer_id . '"
                    )';
                mysql_query($insert_query);
                header("Location: " . $basedir . "login.php?ok=1");
        }
    }
    else
    {
        require_once("header.php");
?>
    <?php 

    if(isset($_GET['ok']) == 1) {
        $ok = $_GET['ok'];

           echo "<b>Your registration was succesfull</b><p>Start shopping now</p>";
    }
    else
    {
    ?>
    <?php 
        if(isset($_GET['error']) == 1) {
            $error = $_GET['error'];

            echo "<b>Incorrect details, please try again</b>";
        }
    ?>
        <?php 
        if(isset($_GET['error']) == 2) {
            $error = $_GET['error'];
            echo "<b>Please fill all fields</b>";
        }
    ?>
    <?php 
        if(isset($_GET['error']) == 3) {
            $error = $_GET['error'];
            echo "<b>User name exist</b>";
        }
    ?>
    <div style="width:50%;float:right;">
    <fieldset style="width:95%;background:#fff; ">
    <legend>Register</legend>
    <form action"<?php $_SERVER['SCRIPT_NAME']; ?>" method="POST">
        <ul>
            <li>
                <fieldset>
                    <legend>Username</legend>
                    <div>
                        <input type="textbox" name="userregBox" class="text" />
                    </div>
                    <p class="guidelines">Please enter your username</p>
                </fieldset>
            </li>
            <li>
                <fieldset>
                    <legend>Password</legend>
                    <div>
                    <input type="password" name="passregBox" class="text" />
                    </div>
                    <p class="guidelines">Please enter your password</p>

                </fieldset>
            </li>
            <li>
                <fieldset>
                    <legend>Delivery details</legend>
                    <table style="width:99%;">
        <tr>
            <td>Forename</td>
            <td><input type="text" name="forenameBox" class="text"></td>
        </tr>
        <tr>
            <td>Surname</td>
            <td><input type="text" name="surnameBox" class="text"></td>
        </tr>
        <tr>
            <td>House Number, Street</td>
            <td><input type="text" name="add1Box" class="text"></td>
        </tr>
        <tr>
            <td>Postcode</td>
            <td><input type="text" name="postcodeBox" class="text"></td>
        </tr>
        <tr>
            <td>Phone</td>
            <td><input type="text" name="phoneBox" class="text"></td>
        </tr>
        <tr>
            <td>Email</td>
            <td><input type="text" name="emailBox"class="text"></td>
        </tr>

        </table>
                </fieldset>
            </li>
            <li>
                <button type="submit" name="register" value="Register">Register</button>
            </li>
        </ul>
    </form>
    </fieldset>
    </div>



<?php
    }
    }
    require_once("footer.php");
?>

login.php

if(isset($_POST['submit']))
{
$loginsql = "SELECT * FROM logins WHERE username = '" . $_POST['userBox']. "' AND password = '" . sha1($_POST['passBox']) . "'";
$loginres = mysql_query($loginsql);
$numrows = mysql_num_rows($loginres);
if($numrows == 1)
{

$loginrow = mysql_fetch_assoc($loginres);
session_start("SESS_LOGGEDIN");
session_start("SESS_USERNAME");
session_start("SESS_USERID");
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " . $_SESSION['SESS_USERID'] . " AND status < 2"; $orderres = mysql_query($ordersql); $orderrow = mysql_fetch_assoc($orderres); session_start("SESS_ORDERNUM"); $_SESSION['SESS_ORDERNUM'] = $orderrow['id']; header("Location: ".$config_basedir);
}
else {
header("Location: http://" .$_SERVER['HTTP_HOST']. $_SERVER['SCRIPT_NAME'] . "?error=1");
}
}
else {
require("header.php");
?>
<h1>Customer Login</h1>

Please enter your username and password to log into the websites. If you do not have an account, you can get one for free by <a href="registration.php">registering</a>.


<form action="<?php $_SERVER['SCRIPT_NAME']; ?>" method="POST">
<table>
<tbody>
<tr>
<td>Username</td>
<td><input type="textbox" name="userBox" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="passBox" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Log in" /></td>
</tr>
</tbody>
</table>
</form>

<?php
}
require("footer.php");
?>
0

There are 0 answers