verifying username doesn't already exist

[Lodius2000]

hey guys, I want to verify that my entered username doesnt already exist in the database.

 

using pearDB this is what i have

 

//check that the username does not already exist
$user_check = $db->getAll('SELECT username FROM users', array($all_users));
if ($user_check == $_POST['username']) {
	$errors[] = "This user name already exists, please choose another.";
}

 

and i recieve an error when i submit my potential username and password, it reads :

 

Fatal error: Call to a member function getAll() on a non-object in /admin/accountinfo/createuser.php on line 63

 

could this error becaused by the fact that the array($all_users) is currently empty? as this submitted data would be the first thing to go in the table 'users'

 

 

any help of what I am doing wrong would be appreciated

Thanks

[ratcateme]

i dont know much about your database thing your using but why dont u make a query like this

<?php
$query = 'SELECT * FROM users WHERE `username` = \''.$POST['username'].'\'';
?>

then count the rows 0 rows means username is all good 1 means it is taken

Scott.

[nloding]

Usually it means that $db isn't an object ... what's the rest of the code above that excerpt?

 

Scott's idea will work better than you currently have setup.  Check if the username exists that way -- mysql_num_rows($result) > 0, then uh oh!

[Lodius2000]

i dont know much about your database thing your using but why dont u make a query like this

<?php
$query = 'SELECT * FROM users WHERE `username` = \''.$POST['username'].'\'';
?>

then count the rows 0 rows means username is all good 1 means it is taken

Scott.

 

I like where that is going, but I am not reall mysql savvy

 

what doe the \ parts of that query do?

[DarkWater]

Escapes the ' for use in a PHP string.  Has nothing to do with mysql.

[Lodius2000]

DUH 

[947740]

Those \ s make the ' literal characters.  Seeing as your string started out with ', you cannot use just a plain ' in your query.  You could just change the \' s to ", if you wanted to.

[Lodius2000]

or i could have forgotten to include global $db in the my validate function, fixed that but now i have another problem, when i submit my form to create a user, it redisplays the form, and I checked in phpmyadmin and no user has been created. it does not process the form or return any errors

 

here is my full code

 

<?php

//Put this file in admin/accountinfo/ to use correctly, store out of access
require ('../../../install/PEAR/DB.php');
require ('../../../../dbfiles/db_login.php');
require ('../formhelpers/formhelpers.php');
$db->setErrorHandling(PEAR_ERROR_DIE);

if($_POST['_submit_check']){
if($form_errors = validate_form()){
	show_form($form_errors);
} else {
	process_form();
}
} else {
show_form();
}

function show_form($errors = '') {

if ($errors){
	$error_text = '<ul><li>';
	$error_text .= implode('</li><li>', $errors);
	$error_text .= '</li></ul>';
} else {
	$error_text ='';
}

print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
//begin the unique form

print 'Username:';
input_text('username', $_POST);
print '<br />';

print 'Password:';
input_password('password', $_POST);
print '<br />';

input_submit('submit', 'submit');

print '<input type="hidden" name="_submit_check" value="1" />';
print '</form>';
}

function validate_form(){
global $db;

//check that username is entered
if (strlen(trim($_POST['username'])) == 0) {
	$errors[]= "You must enter a username.";
}

//check that username is less or equal to than 14 characters
if (strlen(trim($_POST['username'])) <= 14) {
	$errors[]= "Your username must be 14 characters or less.";
}

//check that username is only letters or numbers
if (! strlen(trim(preg_match('/^[a-zA-Z0-9]$/i', $_POST['username'])))) {
	$errors[]= "Your username must be <i><b>ONLY</b></i> letters or numbers.";
}

//check that the username does not already exist
//$user_check = $db->getAll('SELECT username FROM users', array($all_users));
$user_check = $db->query('SELECT * FROM users WHERE username = \''.$POST['username'].'\'');
if (count($user_check) > 0) {
	$errors[] = "This user name already exists, please choose another.";
}



//check that password is entered
if (strlen(trim($_POST['password'])) == 0) {
	$errors[]= "You must enter a password.";
}

//check that password is less or equal to than 32 characters
if (strlen(trim($_POST['password'])) <= 32) {
	$errors[]= "Your password must be 14 characters or less.";
}

//check that password is only letters or numbers
if (! strlen(trim(preg_match('/^[a-zA-Z0-9]$/i', $_POST['password'])))) {
	$errors[]= "Your password must be <i><b>ONLY</b></i> letters or numbers.";
}

return $errors;

}

function process_form() {
global $db;
$password = crypt($_POST['password']);
$username = $_POST['username'];

//add user to database
$sql = "INSERT INTO users (username, password)
	VALUES ($username, $password)";

$q = $db->query($sql);
if (DB::iserror($q)){
	die($q->getMessage());
}

print "Congradulations, $username has been registered as a user!<br />\n";
print '<a href="../index.html">Login here</a>';

}

?>

 

thanks for the help

[DarkWater]

Put print_r($_POST) on the top of that page and then submit the form and show us what it outputs.

[Lodius2000]

Put print_r($_POST) on the top of that page and then submit the form and show us what it outputs.

 

prints

 

Parse error: syntax error, unexpected T_IF in /admin/accountinfo/createuser.php on line 13

 

code is now

<?php



//Put this file in admin/accountinfo/ to use correctly, store out of access
require ('../../../install/PEAR/DB.php');
require ('../../../../dbfiles/db_login.php');
require ('../formhelpers/formhelpers.php');
$db->setErrorHandling(PEAR_ERROR_DIE);

print_r($_POST)

if($_POST['_submit_check']){
if($form_errors = validate_form()){
	show_form($form_errors);
} else {
	process_form();
}
} else {
show_form();
}

function show_form($errors = '') {

if ($errors){
	$error_text = '<ul><li>';
	$error_text .= implode('</li><li>', $errors);
	$error_text .= '</li></ul>';
} else {
	$error_text ='';
}

print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
//begin the unique form

print 'Username:';
input_text('username', $_POST);
print '<br />';

print 'Password:';
input_password('password', $_POST);
print '<br />';

input_submit('submit', 'submit');

print '<input type="hidden" name="_submit_check" value="1" />';
print '</form>';
}

function validate_form(){
global $db;

//check that username is entered
if (strlen(trim($_POST['username'])) == 0) {
	$errors[]= "You must enter a username.";
}

//check that username is less or equal to than 14 characters
if (strlen(trim($_POST['username'])) <= 14) {
	$errors[]= "Your username must be 14 characters or less.";
}

//check that username is only letters or numbers
if (! strlen(trim(preg_match('/^[a-zA-Z0-9]$/i', $_POST['username'])))) {
	$errors[]= "Your username must be <i><b>ONLY</b></i> letters or numbers.";
}

//check that the username does not already exist
//$user_check = $db->getAll('SELECT username FROM users', array($all_users));
$user_check = $db->query('SELECT * FROM users WHERE username = \''.$POST['username'].'\'');
if (count($user_check) > 0) {
	$errors[] = "This user name already exists, please choose another.";
}



//check that password is entered
if (strlen(trim($_POST['password'])) == 0) {
	$errors[]= "You must enter a password.";
}

//check that password is less or equal to than 32 characters
if (strlen(trim($_POST['password'])) <= 32) {
	$errors[]= "Your password must be 14 characters or less.";
}

//check that password is only letters or numbers
if (! strlen(trim(preg_match('/^[a-zA-Z0-9]$/i', $_POST['password'])))) {
	$errors[]= "Your password must be <i><b>ONLY</b></i> letters or numbers.";
}

return $errors;

}

function process_form() {
global $db;
$password = crypt($_POST['password']);
$username = $_POST['username'];

//add user to database
$sql = "INSERT INTO users (username, password)
	VALUES ($username, $password)";

$q = $db->query($sql);
if (DB::iserror($q)){
	die($q->getMessage());
}

print "Congradulations, $username has been registered as a user!<br />\n";
print '<a href="../index.html">Login here</a>';

}

?>

 

line 13  starts if($_POST['_submit_...

 

EDIT: that error is on execution of the page, not submission of the form

[DarkWater]

You forgot a ; at the end of the print_r() call.

[Lodius2000]

Im an idiot, spotted the missing ; fixed it,

 

so now when i use johndoe as both username and pw the page prints

Array ( [username] => johndoe [password] => johndoe [submit] => submit [_submit_check] => 1 )

and then username and password here

 

or in html if you like

Array
(
    [username] => johndoe
    [password] => johndoe
    [submit] => submit
    [_submit_check] => 1
)
<form method="POST" action="/0/admin/accountinfo/createuser.php">Username:<input type="text" name="username" value="johndoe"/><br />Password:<input type="password" name="password" value="johndoe"/><br /><input type="submit" name="submit" value="submit"/><input type="hidden" name="_submit_check" value="1" /></form>

[DarkWater]

I see what the problem is, I think. Remove that print_r line now.  Change:

if($_POST['_submit_check']){

if($form_errors = validate_form()){

show_form($form_errors);

} else {

process_form();

}

}

To:

if($_POST['_submit_check']){

        $form_errors = validate_form();

if(!empty($form_errors)){

show_form($form_errors);

} else {

process_form();

}

}

[Lodius2000]

I see what the problem is, I think. Remove that print_r line now.  Change:

if($_POST['_submit_check']){

if($form_errors = validate_form()){

show_form($form_errors);

} else {

process_form();

}

}

To:

if($_POST['_submit_check']){

        $form_errors = validate_form();

if(!empty($form_errors)){

show_form($form_errors);

} else {

process_form();

}

}

 

that prints nothing at all upon execution

[Lodius2000]

im pretty solid on the if()'s at the beginning, I have used that exact structure in other scripts with no problems, in fact that code is actually copied from another script so im going to put that back the way it was,

 

but

 

I think there may be something wrong with the process_form() function, i dont see anything wrong but my eyes are not really that fresh

 

EDIT:

 

looking at it I think i need something that says, if the query was successful then print "Congradulations, $username has been registered as a user!"

 

but my brain isnt working on how to do that

[nloding]

I'm foggy right now too (I'm really tired) ... but I think your INSERT statement should be:

 

INSERT INTO users (username, password) VALUES ('$username','$password')

 

... maybe?

[Lodius2000]

will try, at work right now will update when done

[Lodius2000]

I'm foggy right now too (I'm really tired) ... but I think your INSERT statement should be:

 

INSERT INTO users (username, password) VALUES ('$username','$password')

 

... maybe?

 

So i agree the single quotes are necesary but i still think i need an if statement but i cant figure out how to write one

 

help ???

[nloding]

I've never used PEAR, or anything but my own DB classes.  If it's not reprinting the form with the errors, you can 'assume' you've passed validation.  So you gotta look at the process_form() call.  The only thing I see in there that could cause nothing to be output is the query statement throwing an error.  Then, your die statement isn't outputting anything.  Is $q->getMessage() a valid call?  Again, I've not used PEAR, but can you put in mysql_error() or mysqli_error() instead of getMessage()?