[php]Problem with registration

H

Hidden

Experienced Elementalist
10 Happy Years
Joined
Apr 15, 2008
Messages
256
Reaction score
0
The problem i get is that anyone can register twice under the same username :(
mysql:
PHP: 
CREATE TABLE IF NOT EXISTS `users` (
  `ID` bigint(255) NOT NULL auto_increment,
  `username` varchar(50) NOT NULL default '',
  `password` varchar(32) NOT NULL default '',
  `userid` varchar(32) NOT NULL default '',
  `userlevel` tinyint(1) NOT NULL default '0',
  `email` varchar(50) NOT NULL default '',
  `timestamp` int(11) NOT NULL default '0',
  `userimage` varchar(100) NOT NULL default '',
  `blogurl` varchar(45) NOT NULL default '',
  PRIMARY KEY  (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
PHP:
PHP: 
<?php 
session_start();
include("includes/header.php");
if(isset($_POST['submit'])){
$username=sql($_POST['username']);
$password=sql($_POST['password']);
$email=sql($_POST['email']);
$blogurl=sql($_POST['blogurl']);
$sql = "SELECT username FROM users WHERE username='$username'";
$query1 = mysql_query($sql);
$sql2 = "SELECT email FROM users WHERE email='$email'";
$query2 = mysql_query($sql2);
$sql3="SELECT blogurl FROM users WHERE blogurl='$blogurl'";
$query3=mysql_query($sql3);
if(mysql_num_rows($query1) > 1){
$msg = "Username already taken!";
} else if(mysql_num_rows($query2) > 1){
$msg = "Only 1 account per email address!";
} else if(!preg_match('/^.+@.+\..+$/',$email)){
$msg = "Invaild Email address!"; }
  elseif(mysql_num_rows($query3) > 1){
  $msg = "The blog url you requested is already taken!"; }
  elseif($password ==""){
  $msg = "Please enter a password!"; }
elseif($msg !="Username already taken!" && $msg !="Only 1 account per email address!" && $msg !="Invaild Email address!" && $msg !="The blog url you requested is already taken!" && $msg !="Please enter a password!" && $username < 50 && password < 32 && $email < 50 && $blogurl < 45 ){
$msg="-1";
}
$thisquery="INSERT INTO `users` (`username` ,`password` ,`userid` ,`userlevel` ,`email` ,`timestamp` ,`userimage` ,`blogurl`)VALUES ('$username', '$password' , '', '0', '$email', '0', 'images/box.jpg', '$blogurl')"; 
if($msg=="-1"){
$thisquery2=mysql_query($thisquery);
if(mysql_affected_rows()){
echo"<strong>Thank you for registering ".$username.", with the password of ".$_POST['password'].". You can now <a href='login.php'>Login</a> or <a href='".$blogurl."'>Visit your blog!</a>";
} } }
?>
<script language="JavaScript" type="text/javascript">
<!--
function formValidator() {
	// check username 
	var name=document.register.blogurl.value;
	if ((name.length < 2) || (name.length > 50)) {
	//too long or too short
		alert("Please enter a blogurl that is between 2 to 50 characters long.");
		document.register.blogurl.focus();
		return false;
	}
	if ((name=='')) {
		alert("Please enter a blogurl.");
		document.register.blogurl.focus();
		return false;
	}
	if ((name.search(/[^a-z0-9_]/gi)>-1)) {
		alert("Please choose a different blog url, only letters, numbers and '_' allowed. No spaces or punctuation.");
		document.register.blogurl.focus();
		return false;
	}
	if ((name.search(/[a-z]/gi)<0)) {
		//alert("Check your MySpace user name. Names must contain at least one letter ('a' thru 'z').");
		alert("Check your  blog url. Blog url's must contain at least one letter ('a' thru 'z').");
		document.register.blogurl.focus();
		return false;
	}
	return true;
}
//-->
</script>

<form action="<?php $_SERVER['PHP_SELF'];?>" name="register" id="register" method="POST" onSubmit="return formValidator();">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<?php
if($msg !="-1"){
	echo '<div style="color:FF0000;"><strong>'.$msg.'</strong></div>'; }

	?>
<tr><td>Username:</td><td><input type="text" name="username" maxlength="45" value="<?php
if(isset($_POST['username'])){
echo(sql($_POST['username']));
}
?>"></td><td></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="30" value="<?php
if(isset($_POST['password'])){
echo(sql($_POST['password']));
}
?>"></td><td></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<?php
if(isset($_POST['email'])){
echo(sql($_POST['email']));
}
?>"></td><td></td></tr>
<tr><td>Blog Url:</td><td><input type="text" name="blogurl" maxlength="50" value="<?php
if(isset($_POST['blogurl'])){
echo(sql($_POST['blogurl']));
}
?>"></td><td></td></tr>
<tr><td colspan="2" align="right"><input type="submit"  name="submit" value="Join!"></td></tr>
</tr>
</table>
</form>
<?php include("includes/footer.php");?>
any reason why this would happen?
 
This is a common problem due MySQL does a case-insensitivity queries.
Use this :
PHP: 
$sql = "SELECT username FROM users WHERE MD5(username)='".md5($username)."'";
It will avoid double registrations under same nicks.
 
Code: 
if(mysql_num_rows($query1) > 1){

You know, doing that lets the person register up to 2 accounts with same username.

Learn some math. > = greater THAN. Therefore, do > 0 or == 1

Also, I've noticed alot of errors in your code, I'll let you figure that out yourself.
 
Nuklear said:
Code: 
if(mysql_num_rows($query1) > 1){

You know, doing that lets the person register up to 2 accounts with same username.

Learn some math. > = greater THAN. Therefore, do > 0 or == 1

Also, I've noticed alot of errors in your code, I'll let you figure that out yourself.
Click to expand...
I think >= must be better.
 
Lol nice sig Nuklear.. Is that really you with that tree? lol jk..

Umm.. Can't you just justify the field `username` in the SQL database to be unique?

It would be good to know basic math as well.. haha..

Another thing, you shouldn't name things sql1, sql2, sql3.. you should give them a name that actually describes what they do.. Same thing with query1, query2, etc..

Also, try to invest in a while() statement... It would make life for you much easier.

Here, use this code instead. I just typed it in ragezone and I didn't test it.. So test it and make sure it works.. I don't see any errors.. But you never know..

The format is much better, I think.
PHP: 
session_start(); 
include("includes/header.php"); 
if(isset($_POST['submit'])) {
 $selectUsers="SELECT * FROM `users` "; //Get data for existing users
 $queryUsers=mysql_query($selectUsers) or die('Connection Error.. Please try again.<br>If the problem continues, please contact the web-site administrator.'); //Create a query or display error msg.
 while($userRow=mysql_fetch_array($queryUsers)) { //Loop containing all user info
  $sql_username=$userRow['username'];
  $sql_email=$userRow['email'];
  $sql_blogurl=$userRow['blogurl'];
  if($username == $sql_username) { //2x user checker
   $error+=1;
   $msg+='*Username is already in use.<br>'; }

  if($email== $sql_email) { //2x email checker
   $error+=1;
   $msg+='*Email is already in use.<br>'; }

  if($blogurl== $sql_blogurl) { //2x blogurl checker
   $error+=1;
   $msg+='*Blog URL is already in use.<br>'; }
 }
 if(strlen($password)<3) { //password length checker (too short)
  $error+=1;
  $msg+='*Password is too short.<br>'; }

 if(strlen($username)<1) { //username length checker (too short)
  $error+=1;
  $msg+='*Username is too short.<br>'; }

 if(!preg_match('/^.+@.+\..+$/',$email)){ //email format checker
  $error+=1;
  $msg+='*Invaild Email address.<br>'; } 

 //.. Down the page where data is sent
 if(strlen($error) < 1)) {
  $insert="INSERT INTO `users` (`username` ,`password` ,`userid` ,`userlevel` ,`email` ,`timestamp` ,`userimage` ,`blogurl`)VALUES ('$username', '$password' , '', '0', '$email', '0', 'images/box.jpg', '$blogurl')"; 
  mysql_query($insert) or die('Could not insert your information. Please try again.<br>If this problem continues, please contact the Web-Site Administrator.');
  echo('Information was sent successfully!');
 } else {
  echo $msg;
 }

}
Hope this helps to simple-down your thoughts a bit.
 
Last edited:
s-p-n said:
Lol nice sig Nuklear.. Is that really you with that tree? lol jk..

Umm.. Can't you just justify the field `username` in the SQL database to be unique?

It would be good to know basic math as well.. haha..

Another thing, you shouldn't name things sql1, sql2, sql3.. you should give them a name that actually describes what they do.. Same thing with query1, query2, etc..

Also, try to invest in a while() statement... It would make life for you much easier.

Here, use this code instead. I just typed it in ragezone and I didn't test it.. So test it and make sure it works.. I don't see any errors.. But you never know..

The format is much better, I think.
PHP: 
session_start(); 
include("includes/header.php"); 
if(isset($_POST['submit'])) {
 $selectUsers="SELECT * FROM `users` "; //Get data for existing users
 $queryUsers=mysql_query($selectUsers) or die('Connection Error.. Please try again.<br>If the problem continues, please contact the web-site administrator.'); //Create a query or display error msg.
 while($userRow=mysql_fetch_array($queryUsers)) { //Loop containing all user info
  $sql_username=$userRow['username'];
  $sql_email=$userRow['email'];
  $sql_blogurl=$userRow['blogurl'];
  if($username == $sql_username) { //2x user checker
   $error+=1;
   $msg+='*Username is already in use.<br>'; }

  if($email== $sql_email) { //2x email checker
   $error+=1;
   $msg+='*Email is already in use.<br>'; }

  if($blogurl== $sql_blogurl) { //2x blogurl checker
   $error+=1;
   $msg+='*Blog URL is already in use.<br>'; }
 }
 if(strlen($password)<3) { //password length checker (too short)
  $error+=1;
  $msg+='*Password is too short.<br>'; }

 if(strlen($username)<1) { //username length checker (too short)
  $error+=1;
  $msg+='*Username is too short.<br>'; }

 if(!preg_match('/^.+@.+\..+$/',$email)){ //email format checker
  $error+=1;
  $msg+='*Invaild Email address.<br>'; } 

 //.. Down the page where data is sent
 if(strlen($error) < 1)) {
  $insert="INSERT INTO `users` (`username` ,`password` ,`userid` ,`userlevel` ,`email` ,`timestamp` ,`userimage` ,`blogurl`)VALUES ('$username', '$password' , '', '0', '$email', '0', 'images/box.jpg', '$blogurl')"; 
  mysql_query($insert) or die('Could not insert your information. Please try again.<br>If this problem continues, please contact the Web-Site Administrator.');
  echo('Information was sent successfully!');
 } else {
  echo $msg;
 }

}
Hope this helps to simple-down your thoughts a bit.
Click to expand...
Thanks so much :)
that makes everything clear :D
 
You must log in or register to reply here.

RaGEZONE Sponsor

    HyperFilter

About RaGEZONE

RaGEZONE® is the top forum for MMO, MMORPG, and mobile game development. We provide binaries, source codes, and tutorials for your favorite games, making it the go-to resource for developers and fans. You can also find and share private servers, fostering a vibrant gamer community.

Forum Statistics

Members online
1,388
Guests online
3,818
Total visitors
5,206
Totals may include hidden visitors.

RaGEZONE Partners

    nongamstopbets.com UK sites not on GamStop Casino Deps NZ
Back