Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[php]Problem with registration

Experienced Elementalist
Joined
Apr 15, 2008
Messages
256
Reaction score
0
The problem i get is that anyone can register twice under the same username :(
mysql:
PHP:
CREATE TABLE IF NOT EXISTS `users` (
  `ID` bigint(255) NOT NULL auto_increment,
  `username` varchar(50) NOT NULL default '',
  `password` varchar(32) NOT NULL default '',
  `userid` varchar(32) NOT NULL default '',
  `userlevel` tinyint(1) NOT NULL default '0',
  `email` varchar(50) NOT NULL default '',
  `timestamp` int(11) NOT NULL default '0',
  `userimage` varchar(100) NOT NULL default '',
  `blogurl` varchar(45) NOT NULL default '',
  PRIMARY KEY  (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
PHP:
PHP:
<?php 
session_start();
include("includes/header.php");
if(isset($_POST['submit'])){
$username=sql($_POST['username']);
$password=sql($_POST['password']);
$email=sql($_POST['email']);
$blogurl=sql($_POST['blogurl']);
$sql = "SELECT username FROM users WHERE username='$username'";
$query1 = mysql_query($sql);
$sql2 = "SELECT email FROM users WHERE email='$email'";
$query2 = mysql_query($sql2);
$sql3="SELECT blogurl FROM users WHERE blogurl='$blogurl'";
$query3=mysql_query($sql3);
if(mysql_num_rows($query1) > 1){
$msg = "Username already taken!";
} else if(mysql_num_rows($query2) > 1){
$msg = "Only 1 account per email address!";
} else if(!preg_match('/^.+@.+\..+$/',$email)){
$msg = "Invaild Email address!"; }
  elseif(mysql_num_rows($query3) > 1){
  $msg = "The blog url you requested is already taken!"; }
  elseif($password ==""){
  $msg = "Please enter a password!"; }
elseif($msg !="Username already taken!" && $msg !="Only 1 account per email address!" && $msg !="Invaild Email address!" && $msg !="The blog url you requested is already taken!" && $msg !="Please enter a password!" && $username < 50 && password < 32 && $email < 50 && $blogurl < 45 ){
$msg="-1";
}
$thisquery="INSERT INTO `users` (`username` ,`password` ,`userid` ,`userlevel` ,`email` ,`timestamp` ,`userimage` ,`blogurl`)VALUES ('$username', '$password' , '', '0', '$email', '0', 'images/box.jpg', '$blogurl')"; 
if($msg=="-1"){
$thisquery2=mysql_query($thisquery);
if(mysql_affected_rows()){
echo"<strong>Thank you for registering ".$username.", with the password of ".$_POST['password'].". You can now <a href='login.php'>Login</a> or <a href='".$blogurl."'>Visit your blog!</a>";
} } }
?>
<script language="JavaScript" type="text/javascript">
<!--
function formValidator() {
	// check username 
	var name=document.register.blogurl.value;
	if ((name.length < 2) || (name.length > 50)) {
	//too long or too short
		alert("Please enter a blogurl that is between 2 to 50 characters long.");
		document.register.blogurl.focus();
		return false;
	}
	if ((name=='')) {
		alert("Please enter a blogurl.");
		document.register.blogurl.focus();
		return false;
	}
	if ((name.search(/[^a-z0-9_]/gi)>-1)) {
		alert("Please choose a different blog url, only letters, numbers and '_' allowed. No spaces or punctuation.");
		document.register.blogurl.focus();
		return false;
	}
	if ((name.search(/[a-z]/gi)<0)) {
		//alert("Check your MySpace user name. Names must contain at least one letter ('a' thru 'z').");
		alert("Check your  blog url. Blog url's must contain at least one letter ('a' thru 'z').");
		document.register.blogurl.focus();
		return false;
	}
	return true;
}
//-->
</script>

<form action="<?php $_SERVER['PHP_SELF'];?>" name="register" id="register" method="POST" onSubmit="return formValidator();">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<?php
if($msg !="-1"){
	echo '<div style="color:FF0000;"><strong>'.$msg.'</strong></div>'; }

	?>
<tr><td>Username:</td><td><input type="text" name="username" maxlength="45" value="<?php
if(isset($_POST['username'])){
echo(sql($_POST['username']));
}
?>"></td><td></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="30" value="<?php
if(isset($_POST['password'])){
echo(sql($_POST['password']));
}
?>"></td><td></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<?php
if(isset($_POST['email'])){
echo(sql($_POST['email']));
}
?>"></td><td></td></tr>
<tr><td>Blog Url:</td><td><input type="text" name="blogurl" maxlength="50" value="<?php
if(isset($_POST['blogurl'])){
echo(sql($_POST['blogurl']));
}
?>"></td><td></td></tr>
<tr><td colspan="2" align="right"><input type="submit"  name="submit" value="Join!"></td></tr>
</tr>
</table>
</form>
<?php include("includes/footer.php");?>
any reason why this would happen?
 
Experienced Elementalist
Joined
Apr 7, 2005
Messages
254
Reaction score
0
This is a common problem due MySQL does a case-insensitivity queries.
Use this :
PHP:
$sql = "SELECT username FROM users WHERE MD5(username)='".md5($username)."'";
It will avoid double registrations under same nicks.
 
Custom Title Activated
Loyal Member
Joined
May 18, 2006
Messages
2,065
Reaction score
14
Code:
if(mysql_num_rows($query1) > 1){

You know, doing that lets the person register up to 2 accounts with same username.

Learn some math. > = greater THAN. Therefore, do > 0 or == 1

Also, I've noticed alot of errors in your code, I'll let you figure that out yourself.
 
Experienced Elementalist
Joined
Apr 7, 2005
Messages
254
Reaction score
0
Code:
if(mysql_num_rows($query1) > 1){

You know, doing that lets the person register up to 2 accounts with same username.

Learn some math. > = greater THAN. Therefore, do > 0 or == 1

Also, I've noticed alot of errors in your code, I'll let you figure that out yourself.
I think >= must be better.
 
Joined
Jun 8, 2007
Messages
1,985
Reaction score
490
Lol nice sig Nuklear.. Is that really you with that tree? lol jk..

Umm.. Can't you just justify the field `username` in the SQL database to be unique?

It would be good to know basic math as well.. haha..

Another thing, you shouldn't name things sql1, sql2, sql3.. you should give them a name that actually describes what they do.. Same thing with query1, query2, etc..

Also, try to invest in a while() statement... It would make life for you much easier.

Here, use this code instead. I just typed it in ragezone and I didn't test it.. So test it and make sure it works.. I don't see any errors.. But you never know..

The format is much better, I think.
PHP:
session_start(); 
include("includes/header.php"); 
if(isset($_POST['submit'])) {
 $selectUsers="SELECT * FROM `users` "; //Get data for existing users
 $queryUsers=mysql_query($selectUsers) or die('Connection Error.. Please try again.<br>If the problem continues, please contact the web-site administrator.'); //Create a query or display error msg.
 while($userRow=mysql_fetch_array($queryUsers)) { //Loop containing all user info
  $sql_username=$userRow['username'];
  $sql_email=$userRow['email'];
  $sql_blogurl=$userRow['blogurl'];
  if($username == $sql_username) { //2x user checker
   $error+=1;
   $msg+='*Username is already in use.<br>'; }

  if($email== $sql_email) { //2x email checker
   $error+=1;
   $msg+='*Email is already in use.<br>'; }

  if($blogurl== $sql_blogurl) { //2x blogurl checker
   $error+=1;
   $msg+='*Blog URL is already in use.<br>'; }
 }
 if(strlen($password)<3) { //password length checker (too short)
  $error+=1;
  $msg+='*Password is too short.<br>'; }

 if(strlen($username)<1) { //username length checker (too short)
  $error+=1;
  $msg+='*Username is too short.<br>'; }

 if(!preg_match('/^.+@.+\..+$/',$email)){ //email format checker
  $error+=1;
  $msg+='*Invaild Email address.<br>'; } 

 //.. Down the page where data is sent
 if(strlen($error) < 1)) {
  $insert="INSERT INTO `users` (`username` ,`password` ,`userid` ,`userlevel` ,`email` ,`timestamp` ,`userimage` ,`blogurl`)VALUES ('$username', '$password' , '', '0', '$email', '0', 'images/box.jpg', '$blogurl')"; 
  mysql_query($insert) or die('Could not insert your information. Please try again.<br>If this problem continues, please contact the Web-Site Administrator.');
  echo('Information was sent successfully!');
 } else {
  echo $msg;
 }

}
Hope this helps to simple-down your thoughts a bit.
 
Last edited:
Experienced Elementalist
Joined
Apr 15, 2008
Messages
256
Reaction score
0
Lol nice sig Nuklear.. Is that really you with that tree? lol jk..

Umm.. Can't you just justify the field `username` in the SQL database to be unique?

It would be good to know basic math as well.. haha..

Another thing, you shouldn't name things sql1, sql2, sql3.. you should give them a name that actually describes what they do.. Same thing with query1, query2, etc..

Also, try to invest in a while() statement... It would make life for you much easier.

Here, use this code instead. I just typed it in ragezone and I didn't test it.. So test it and make sure it works.. I don't see any errors.. But you never know..

The format is much better, I think.
PHP:
session_start(); 
include("includes/header.php"); 
if(isset($_POST['submit'])) {
 $selectUsers="SELECT * FROM `users` "; //Get data for existing users
 $queryUsers=mysql_query($selectUsers) or die('Connection Error.. Please try again.<br>If the problem continues, please contact the web-site administrator.'); //Create a query or display error msg.
 while($userRow=mysql_fetch_array($queryUsers)) { //Loop containing all user info
  $sql_username=$userRow['username'];
  $sql_email=$userRow['email'];
  $sql_blogurl=$userRow['blogurl'];
  if($username == $sql_username) { //2x user checker
   $error+=1;
   $msg+='*Username is already in use.<br>'; }

  if($email== $sql_email) { //2x email checker
   $error+=1;
   $msg+='*Email is already in use.<br>'; }

  if($blogurl== $sql_blogurl) { //2x blogurl checker
   $error+=1;
   $msg+='*Blog URL is already in use.<br>'; }
 }
 if(strlen($password)<3) { //password length checker (too short)
  $error+=1;
  $msg+='*Password is too short.<br>'; }

 if(strlen($username)<1) { //username length checker (too short)
  $error+=1;
  $msg+='*Username is too short.<br>'; }

 if(!preg_match('/^.+@.+\..+$/',$email)){ //email format checker
  $error+=1;
  $msg+='*Invaild Email address.<br>'; } 

 //.. Down the page where data is sent
 if(strlen($error) < 1)) {
  $insert="INSERT INTO `users` (`username` ,`password` ,`userid` ,`userlevel` ,`email` ,`timestamp` ,`userimage` ,`blogurl`)VALUES ('$username', '$password' , '', '0', '$email', '0', 'images/box.jpg', '$blogurl')"; 
  mysql_query($insert) or die('Could not insert your information. Please try again.<br>If this problem continues, please contact the Web-Site Administrator.');
  echo('Information was sent successfully!');
 } else {
  echo $msg;
 }

}
Hope this helps to simple-down your thoughts a bit.
Thanks so much :)
that makes everything clear :D
 
duck you, I'm a dragon
Loyal Member
Joined
Apr 29, 2005
Messages
6,407
Reaction score
130
Also, use strtolower to make the username completely lowercase. To avoid any uppercase faggotry.
 
Back
Top