Loginsystem(usikkert + dobble account)

hejsa udviklere og andre

Jeg er igang med mit site og har brug for noget hjælp til mit SQl/login

problemet er at jeg har fået fortalt at mine koder er mega usikre, og så er der problemet at der kan laves 2 brugere med samme username i SQL'en

har en SQL der hedder: members:
med 2 tabeller
username
password

Her er mine koder:

opret.html

<html><form action="opret_ok.php">
Brugernavn <br />
<input type="text" name="username">
<br />
Kodeord:
<br />
<input type="password" name="password"><br />
<input type="submit">
</form>
</html>

opret_ok.php

<?php 
include 'opret.html';

$host="localhost"; // Host name 
$username="******"; // Mysql username 
$password="******"; // Mysql password 
$db_name="******"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect"); 
mysql_select_db($db_name)or die("cannot select DB");


mysql_query("INSERT INTO members (username, password)values ('$_GET[username]', '$_GET[password]')") or die(mysql_error());

echo 'Brugeren er nu oprettet';
?>

checklogin.php

<html>

<?php
$host="localhost"; // Host name 
$username="*****"; // Mysql username 
$password="*******"; // Mysql password 
$db_name="*******"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
<body>
</body>
</html>

main_login.php

<html>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>

</tr>

</table>
</td>
</form>
</tr>
</table>
<body>
<html>
<body>
<center><a href="http://www.jkay.dk/opret.html"><button type="button">Create account</button></a></center>

 
</body>
</html>


</body>
</html>

Mange tak på forhånd