Help with the database code

[balplayer0]

I've searched all the threads and found some similar diagnosing this problem, but I cannot seem to fix and get this registration with login running.

3 scripts:

1.) db.php

<body>
<?php include "login2.php";?>

<?php echo "Logged in as: " . $_SESSION['username'];?>

<?php
session_start();
mysql_connect("localhost", "root", "ballplayer");
mysql_select_db("login");
function user_login ($username, $password)
{
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//begin the query
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '".$username."' AND password = '".$password."' LIMIT 1");
//check to see how many rows were returned
$rows = mysql_num_rows($sql);
if ($rows<=0)
{
echo "Incorrect username/password";
}
else
{
//have them logged in
$_SESSION['username'] = $username;
}
}
?>
</body>
</html>

2. login2.php

<body>
<?php include "login2.php";?>

<?php echo "Logged in as: " . $_SESSION['username'];?>

<?php
include("db.php");
if (isset($_POST['username'] && isset($_POST['password']))
{
user_login($_POST['username'], $_POST['password']);
}
?>
<html></html>
<form action="login.php" method="post">
Username: <input name="username" type="text" />
Password: <input type="password" name="password" />
</form>
</body>
</html>

3. register2.php

<body>
<?php include "login2.php";?>

<?php echo "Logged in as: " . $_SESSION['username'];?>

<?php
include("db.php");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {

//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);

//Get MD5 hash of password
$password = md5($_POST['password']);

// or as suggested sha1
$password = sha1($_POST['password']);

//Check to see if username exists
$sql = mysql_query("SELECT username FROM usersystem WHERE username = '".$username."'");
if (mysql_num_rows($sql) > 0) {
die("Username taken.");
} else {
mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error());
echo "Account created.";
}
}
?>

}
?>

<html></html>
<form action="register2.php" method="post">
Username: <input name="username" type="text" />
Password: <input type="password" name="password" />
Email: <input name="email" type="text" />
<input type="submit" value="Submit" />
</form>

</body>
</html>

[lokeshm]

Are you getting any error messages?
I notice the login script named as login2.php whereas the form has "action" attribute set to "login.php"

<form action="login.php" method="post">

This will certainly fail your login script, instead it should have been written as

<form action="login2.php" method="post">

[Sensalarefe]

hi!
i have problem about firefox crash. can you help me? how can i do?
best regards.

[subbipusa]

Thank you for good site.
Very helpful.
bye...