bobby317 Posted May 7, 2010 Share Posted May 7, 2010 Ok I have been working on this user registration script and I have it working. The one problem I have right now is that users can register with the same email address and password as many times as they want. I have the thinking I believe to do it but just don't know how to ask the data base to do it. Let me give my thinking. I believe I can create an if else statement that will check if the email exists and if it does give the response email already exists or else register the user. Sorry if I don’t explain myself well. But what I want is to make sure the same email can’t be registered twice. Thanks again and please explain what you are doing so I can learn. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Register</title> <style type="text/css"> body { text-align: center; } form { text-align: left; } label { width: 8em; float: left; text-align: right; margin-right: 0.5em; } .submit input { margin-left: 7.5em; } .error { color: #F00; } </style> </head> <body> <?php //Starts the code when form is submitted: if( !isset($_POST['submit'])){ include_once "regform.php"; } else { //flag variable to track success: $okay = TRUE; //Validate the email address: if (empty($_POST['email1'])) { print '<p class="error">Please enter your email.</p>'; $okay = FALSE; include_once "regform.php"; } //Validate the password: elseif (empty($_POST['pass1'])) { print '<p class="error">Please enter your password.</p>'; $okay = FALSE; include_once "regform.php"; } //validate the emails for equality: elseif ($_POST['email1'] != $_POST['email2']) { print '<p class="error">Your emails do not match.</p>'; $okay = FALSE; include_once "regform.php"; } //Validate the passwords for equality: elseif ($_POST['pass1'] != $_POST['pass2']) { print '<p class="error">Your passwords do not match.</p>'; $okay = FALSE; include_once "regform.php"; } //If there were no errors, print a success message: elseif ($okay == TRUE) { //Trims email and password and sets to a varible: $email = trim($_POST['email1']); $password = trim($_POST['pass1']); //Encript password using email as salt: $password = sha1($email.$password); //Include files for conecting to database: $dbc = mysql_connect('rwddesign.com:3306', 'rwddesi1_bobby31', 'jessica'); mysql_select_db('rwddesi1_test'); //Define the query: $query = "INSERT INTO users (userID, email, password) VALUES (0, '$email', '$password')"; //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; } mysql_close(); } } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
ignace Posted May 7, 2010 Share Posted May 7, 2010 create a UNIQUE index on the e-mail field or query the database before every registration if the e-mail address is already registered don't put a unique index on the password field as it will be quite weird to read password is already been used, pick another Quote Link to comment Share on other sites More sharing options...
litebearer Posted May 7, 2010 Share Posted May 7, 2010 Psuedo code (a mix of plain english and code)... get $email from form get $username from form $has_email_been_used = 0; $has_user_name_been_used = 0; query Select id from table where email = $email; execute the query count the number of rows returned by the query if(number of rows returned >0) { that email has already been used - sent back to form page } query Select id from table where username = $username; execute the query count the number of rows returned by the query if(number of rows returned >0) { that username has already been used - sent back to form page } Make sense? Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 7, 2010 Author Share Posted May 7, 2010 Ok I have a few questions litebearer first off I don’t see what the two email/username been used = 0; variables are doing or where they are referenced after they are declared. Could you explain that to me? Also in the query you used email = $email. Should that be email == $email or is that just a php thing or only for variables. I am a little confused on that too. Thanks. I am still incorporating this into my script but I think I am getting it other than those two things. Quote Link to comment Share on other sites More sharing options...
tartou2 Posted May 7, 2010 Share Posted May 7, 2010 Try adding this syntax which i also use in my website $check = mysql_query("SELECT email FROM users WHERE email = '$email'"); if(mysql_num_rows($check ) != 0) {echo "Your email is already in use"; } $check = mysql_query("SELECT password FROM users WHERE password = '$password'"); if(mysql_num_rows($check ) != 0) {echo "Your password is already in use"; } Reply with the results Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted May 7, 2010 Share Posted May 7, 2010 create a UNIQUE index on the e-mail field This is the only acceptable solution. Quote Link to comment Share on other sites More sharing options...
gwolgamott Posted May 7, 2010 Share Posted May 7, 2010 ...Also in the query you used email = $email. Should that be email == $email or is that just a php thing or only for variables. I am a little confused on that too. Thanks. It's because it's part of a sql query so at this point in the code you using the query language syntax, not the php syntax. And Roo is right... Unique key is the only safe way... can be done other way but just uncivilized if not ha. Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 7, 2010 Author Share Posted May 7, 2010 Ok I am still struggling with this I think I am getting close but don't know what is going on. As of now the form validates and then when submitted it goes to a blank screen and nothing in inserted into the database. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Register</title> <style type="text/css"> body { text-align: center; } form { text-align: left; } label { width: 8em; float: left; text-align: right; margin-right: 0.5em; } .submit input { margin-left: 7.5em; } .error { color: #F00; } </style> </head> <body> <?php //Starts the code when form is submitted: if( !isset($_POST['submit'])){ include_once "regform.php"; } else { //flag variable to track success: $okay = TRUE; //Validate the email address: if (empty($_POST['email1'])) { print '<p class="error">Please enter your email.</p>'; $okay = FALSE; include_once "regform.php"; } //Validate the password: elseif (empty($_POST['pass1'])) { print '<p class="error">Please enter your password.</p>'; $okay = FALSE; include_once "regform.php"; } //validate the emails for equality: elseif ($_POST['email1'] != $_POST['email2']) { print '<p class="error">Your emails do not match.</p>'; $okay = FALSE; include_once "regform.php"; } //Validate the passwords for equality: elseif ($_POST['pass1'] != $_POST['pass2']) { print '<p class="error">Your passwords do not match.</p>'; $okay = FALSE; include_once "regform.php"; } //If all match conect to database and check to see if email exhists already. elseif ($okay == TRUE) { //Include files for conecting to database: $dbc = mysql_connect('rwddesign.com:3306', 'rwddesi1_bobby31', 'jessica'); mysql_select_db('rwddesi1_test'); //Query for checking if email exhists $check = mysql_query("SELECT email FROM users WHERE email = '$email'"); } //Run query to check if email already exhist in database elseif (mysql_num_rows($check) != 0) { print "Your email is already in use"; $okay = TRUE; } //If there were no errors, print a success message: elseif ($okay == TRUE) { //Trims email and password and sets to a varible: $email = trim($_POST['email1']); $password = trim($_POST['pass1']); //Encript password using email as salt: $password = sha1($email.$password); //Define the query: $query = "INSERT INTO users (userID, email, password) VALUES (0, '$email', '$password')"; //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; } mysql_close(); } } ?> </body> </html>[code=php:0] Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 7, 2010 Author Share Posted May 7, 2010 create a UNIQUE index on the e-mail field This is the only acceptable solution. Could you please explain how to do this? Or maybe point me to some learning material. Thanks. Quote Link to comment Share on other sites More sharing options...
gwolgamott Posted May 7, 2010 Share Posted May 7, 2010 http://www.w3schools.com/sql/sql_unique.asp Quote Link to comment Share on other sites More sharing options...
ignace Posted May 7, 2010 Share Posted May 7, 2010 query Select id from table where email = $email; query Select id from table where username = $username; It's pretty dumb to query your table twice for something so meaningless, use: SELECT field, field FROM table WHERE username = $username || email = $email Afterwards check in the record set a row contains the username and if a row contains the e-mail. Or like I said previously and roopurt quoted: create a UNIQUE index. MySQL will throw an error (mysql_errno()) search which that is when you insert an already existing e-mail address or username. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted May 8, 2010 Share Posted May 8, 2010 And Roo is right... Unique key is the only safe way... can be done other way but just uncivilized if not ha. No. You can't do it any other way than with a unique key and be 100% certain it will always work. Why? Because today your application is the only one that interacts with the database. Tomorrow maybe someone else may import data into your app. Will they ensure that only unique values are inserted? Probably not. These types of rules must be enforced by the database, not the application. So I refer the OP to the MySQL documentation on creating an index: http://dev.mysql.com/doc/refman/5.0/en/create-index.html create unique index ... Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 8, 2010 Author Share Posted May 8, 2010 Thanks everyone UNIQE for the email field in the table worked perfect. I feel like an idiot once I figured what you were talking about. I remembered learning about that in class. Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 8, 2010 Author Share Posted May 8, 2010 Ok now that I have that working I want to change the error message. Right now I have: //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; include_once "regform.php"; } That is my statement for the code I want that to run for all errors except the one for my email field that is uniquely set. I think it will involve an else if or switch statement I am not sure. Also I have no idea on how to pull different errors. Thanks for the help and as always please explain so I can learn. Quote Link to comment Share on other sites More sharing options...
gwolgamott Posted May 10, 2010 Share Posted May 10, 2010 And Roo is right... Unique key is the only safe way... can be done other way but just uncivilized if not ha. No. You can't do it any other way than with a unique key and be 100% certain it will always work. I said it could be done another way I didn't say it would work... And by no means do it any other way then with your database unique key because that's just poor programming and it will break outside your personal use (and most likely within your personal use as well as soon as you forget to add a unique key) & not to mention the holes it may leave open. Sorry if that was unclear prior to Roo correcting me on that. Quote Link to comment Share on other sites More sharing options...
ignace Posted May 10, 2010 Share Posted May 10, 2010 //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; include_once "regform.php"; } You must note that the above code will fail when someone tries to register with an already existing e-mail address. MySQL returns a specific error code for this, figure it out and act accordingly otherwise people will just see: "Could not register because " and that makes little to no sense to them. Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 10, 2010 Author Share Posted May 10, 2010 //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; include_once "regform.php"; } You must note that the above code will fail when someone tries to register with an already existing e-mail address. MySQL returns a specific error code for this, figure it out and act accordingly otherwise people will just see: "Could not register because " and that makes little to no sense to them. How would I go about figuring out how to give one response to the already registered error and then a different one for any other errors? Quote Link to comment Share on other sites More sharing options...
gwolgamott Posted May 10, 2010 Share Posted May 10, 2010 Change the create an account process... have them enter just an email to create a new account first, do check if there display message for that. If not a used unique email then proceed to get the rest of the info and use the dummy message you want to use for all the rest of the required stuff you want. Not best route but a quick dirty method and less programmatic way about things, just requires you hitting the database one more time then is necessary is all. You can get it working and when comfortable come back and make it more efficient later. Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 10, 2010 Author Share Posted May 10, 2010 Change the create an account process... have them enter just an email to create a new account first, do check if there display message for that. If not a used unique email then proceed to get the rest of the info and use the dummy message you want to use for all the rest of the required stuff you want. Not best route but a quick dirty method and less programmatic way about things, just requires you hitting the database one more time then is necessary is all. You can get it working and when comfortable come back and make it more efficient later. I do apologies but I am not sure what your mean I will continue to do research and see if I can come up with it thanks. Quote Link to comment Share on other sites More sharing options...
gwolgamott Posted May 10, 2010 Share Posted May 10, 2010 I think I'm the one being unclear don't apologize. What I meant was when creating a new account, instead of adding all the information at once, a quick way to work around your message problem. From what I understand you want a specific message to display when the email is already a unique key and is used, and want to display a so called dummy message for everything else right? So using the code you have something like this: //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; include_once "regform.php"; } //INSTEAD /// run this after they enter a new account email name only //Execute the query: //$EMAIL is the email they tried to use if (@mysql_query($query)) { // PUT info for rest of account and then continue registration process here // } else { print '<h1 class="error">Sorry that Name is already in use:'.$EMAIL.'</h1>'; // Link to register page here } // After that then use a general error reporting and As it has been already pointed out don't use $query as your error, see previous posts to see why on that. // this can be structured differently and I'm strapped for time else I'd give more sorry... hopes that is at least a bit clear or at least not completely confusing. Quote Link to comment Share on other sites More sharing options...
ignace Posted May 10, 2010 Share Posted May 10, 2010 //Execute the query: if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; include_once "regform.php"; } You must note that the above code will fail when someone tries to register with an already existing e-mail address. MySQL returns a specific error code for this, figure it out and act accordingly otherwise people will just see: "Could not register because " and that makes little to no sense to them. How would I go about figuring out how to give one response to the already registered error and then a different one for any other errors? MySQL returns specific error codes for these. Quote Link to comment Share on other sites More sharing options...
bobby317 Posted May 10, 2010 Author Share Posted May 10, 2010 Ok I figured it out I user mysql_errno(); to pull the error number then used a if statement to look for it here is the code. thanks for the help everyone. if (@mysql_query($query)) { print '<h1>You have registered</h1>'; } else { //Get error number $errorNumber = mysql_errno(); //print message if duplacate email if ( $errorNumber == 1062 ) { print '<h1 class="error">Email is already registered please try again.</h1>'; include_once "regform.php"; } else { //print message for all other errors. print '<h1 class="error">Could not register because:' . mysql_error() . ' .</h1> <p class="error">The query being run was: ' . $query . '</p>'; include_once "regform.php"; } } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.