-5

I have created a basic login in using php. I have fixed my previous error thanks to your help however I am now receiving a new error on line 36:

Call to undefined function session_register() in /Applications/XAMPP/xamppfiles/htdocs/game development/checklogin.php on line 36

I'm not sure why. Any ideas on how to fix this?

    <?php

            ob_start();
            $host="localhost"; // Host Name 

            $username="root"; // Mysql Username

            $password=""; // Mysql Password 

            $db_name="DylansDB"; // Database Name 

            $tbl_name="members";

            // Connect to server and select databse.
            mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
            mysql_select_db("$db_name")or die("cannot select DB");

            // Define $myusername and $mypassword 
            $myusername=$_POST['myusername']; 
            $mypassword=$_POST['mypassword']; 

            // To protect MySQL injection
            $myusername = stripslashes($myusername);
            $mypassword = stripslashes($mypassword);
            $myusername = mysql_real_escape_string($myusername);
            $mypassword = mysql_real_escape_string($mypassword);
            $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
            $result=mysql_query($sql);

            // Mysql_num_row is counting table row
            $count=mysql_num_rows($result);

            // If result matched $myusername and $mypassword, table row must be 1 row
            if($count==1){

            // Register $myusername, $mypassword and redirect to file "login_success.php"
            session_register("myusername");
            session_register("mypassword"); 
            header("location:login_success.php");
            }
            else {
            echo "Wrong Username or Password";
            }
            ob_end_flush();
   ?>
halfer
  • 19,471
  • 17
  • 87
  • 173
dylan smith
  • 3
  • 2
  • 3
    Stop using **mysql_** methods. They are deprecated and unsafe. Switch over to mysqli_* or PDO! – Peon May 31 '16 at 08:43
  • The original MySQL extension is now deprecated, and will generate E_DEPRECATED errors when connecting to a database. Instead, use the MYSQLi or PDO_MySQL extensions. – JYoThI May 31 '16 at 08:45
  • Your queries contain many errors – aarju mishra May 31 '16 at 09:19
  • It would appear you are connecting to the database server, but you are having trouble selecting the database 'DylansDB'. Does your user have the correct permissions to at least read (SELECT) from that database? – Progrock May 31 '16 at 10:09
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 31 '16 at 18:22
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard May 31 '16 at 18:22
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 31 '16 at 18:22
  • See my profile for a substantial tutorial on how to do login correctly. – halfer Jun 02 '16 at 07:26

3 Answers3

0

There is no function session_register() any more; it was deprecated as of PHP 5.3.0 and removed completely from PHP 5.4.0, according to the official documentation. You should use the $_SESSION[] superglobal for this.

You also have all of the problems mentioned in the comments.

Darwin von Corax
  • 5,138
  • 3
  • 17
  • 27
-1
$host="localhost"; // Host Name 

$username="root"; // Mysql Username

 $password=""; // Mysql Password 

 $db_name="DylansDB"; // Database Name 

  $tbl_name="members"; // Table Name
JYoThI
  • 11,793
  • 1
  • 10
  • 25
Reji kumar
  • 311
  • 3
  • 9
  • Although this code may answer the question, providing additional context regarding _why_ and/or _how_ it answers the question would significantly improve its long-term value. Please [edit] your answer to add some explanation. – Toby Speight May 31 '16 at 12:11
  • i fixed my varible issues to the above. I now am receiving a fatal error on line 36 - 'Call to undefined function session_register() in /Applications/XAMPP/xamppfiles/htdocs/game development/checklogin.php on line 36' im not sure why. Any ideas on how to fix this? – dylan smith Jun 01 '16 at 09:09
  • session_register deprecated.use session_start(); $_SESSION['myusername']=$myusername; – Reji kumar Jun 02 '16 at 05:51
-1

The original MySQL extension is now deprecated, and will generate E_DEPRECATED errors when connecting to a database. Instead, use the MYSQLi or PDO_MySQL extensions.

use mysqli prepared statement to avoid sql injection

1) check your mysql user privilege

<?php

        session_start();

        global $conn;

        $servername = "localhost";  //host name

        $username = "username"; //username

        $password = "password"; //password

        $mysql_database = "dbname"; //database name

    //mysqli prepared statement 

        $conn = mysqli_connect($servername, $username, $password) or die("Connection failed: " . mysqli_connect_error());

       mysqli_select_db($conn,$mysql_database) or die("Opps some thing went wrong");



        // Define $myusername and $mypassword 
        $myusername=$_POST['myusername']; 
        $mypassword=$_POST['mypassword']; 

        // To protect MySQL injection
        $myusername = stripslashes($myusername);
        $mypassword = stripslashes($mypassword);
        $myusername = mysql_real_escape_string($myusername);
        $mypassword = mysql_real_escape_string($mypassword);

        $tbl_name="members"; // Table name 


       $stmt = $conn->prepare("SELECT * FROM $tbl_name WHERE username=? and password=? ");

            $stmt->bind_param('ss',$myusername,$mypassword);

            $stmt->execute();
            $get_result =$stmt->get_result();

            $row_count= $get_result->num_rows;

            if($row_count>0)
            {

                // If result matched $myusername and $mypassword, table row must be 1 row
                $final_result =$get_result->fetch_assoc();

                $_SESSION['myusername']=$final_result['username'];

                header("location:login_success.php");
                exit();

            }
            else 
            {
                echo "Wrong Username or Password";
            }

            $stmt->close();
             $conn->close();


        ob_end_flush();
         ?>
JYoThI
  • 11,793
  • 1
  • 10
  • 25