Jump to content

need help in where to insert username check code into current form code


webguync

Recommended Posts

Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code.

$sql="select * from Profile where username = '$username';
$result = mysql_query( $sql, $conn )
      or die( "ERR: SQL 1" );
if(mysql_num_rows($result)!=0)
{
process form
}
else
{
echo "That username already exist!";
}

 

the current code of the form

 

<?PHP
//session_start();
require_once "formvalidator.php";
$show_form=true;

if (!isset($_POST['Submit'])) {



$human_number1 = rand(1, 12);



$human_number2 = rand(1, 38);



$human_answer = $human_number1 + $human_number2;



$_SESSION['check_answer'] = $human_answer;
}

if(isset($_POST['Submit']))
{





if (!isset($_SESSION['check_answer'])) {
echo "<p>Error: Answer session not set</p>";
}


if($_POST['math'] != $_SESSION['check_answer']) {
echo "<p>You did not pass the human check.</p>";
exit();
}


   $validator = new FormValidator();
    $validator->addValidation("FirstName","req","Please fill in FirstName");







$validator->addValidation("LastName","req","Please fill in LastName");
$validator->addValidation("UserName","req","Please fill in UserName");
$validator->addValidation("Password","req","Please fill in a Password");
$validator->addValidation("Password2","req","Please re-enter your password");
$validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!");
$validator->addValidation("email","email","The input for Email should be a valid email value");
$validator->addValidation("email","req","Please fill in Email");
$validator->addValidation("Zip","req","Please fill in your Zip Code");
$validator->addValidation("Security","req","Please fill in your Security Question");
$validator->addValidation("Security2","req","Please fill in your Security Answer");
    if($validator->ValidateForm())
    {
        $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error());
        mysql_select_db("beatthis_beatthis") or die(mysql_error());
$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file
$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file
$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file
$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file
$Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file
$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file
$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file
$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file
$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file
$Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file



$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 
//echo $sql;
if (!mysql_query($sql,$con)) {

die('Error: ' . mysql_error());

} else{



mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);

echo "<h3>Your profile information has been submitted successfully.</h3>";
}

mysql_close($con);
        $show_form=false;
    }
    else
    {
        echo "<h3 class='ErrorTitle'>Validation Errors:</h3>";

        $error_hash = $validator->GetErrors();
        foreach($error_hash as $inpname => $inp_err)
        {
            echo "<p class='errors'>$inpname : $inp_err</p>\n";
        }        
    }
}

if(true == $show_form)
{
?>

Link to comment
Share on other sites

Hello,

 

What appears to the be the issue here is the way you are doing the comparison in the if statement:

 

if(mysql_num_rows($result)!=0)

 

Since you are doing a 'not equal', it will only fall into this case if a row was returned from the mysql statement above, meaning the username was already taken.  So if a username does not exist, this comparison will fail and you will fall into the else case which throws the error. 

 

For example, if the mysql statement does NOT find a username, mysql_num_rows($result) will return 0.  The if case willl then be "if(0 != 0)" which will return false and send you to the else.

 

That is why you were receiving the error message each time. You will want to change the if statement to equals to:

 

if(mysql_num_rows($result) == 0)

 

Let me know if there are any other errors you need help with, I didn't go through all of the code, that was just the first thing I saw.

 

Link to comment
Share on other sites

with the code I have now, I just get the generic MySQL error. "Error: Duplicate entry 'UserName' for key 'usr'". UserName being the duplicate username in the database. I don't get the customized echo. that I put in. Here is the current code.

 


<?PHP

//session_start();

require_once "formvalidator.php";

$show_form=true;



if (!isset($_POST['Submit'])) {







$human_number1 = rand(1, 12);







$human_number2 = rand(1, 38);







$human_answer = $human_number1 + $human_number2;







$_SESSION['check_answer'] = $human_answer;

}



if(isset($_POST['Submit']))

{











if (!isset($_SESSION['check_answer'])) {

echo "<p>Error: Answer session not set</p>";

}





if($_POST['math'] != $_SESSION['check_answer']) {

echo "<p>You did not pass the human check.</p>";

exit();

}





   $validator = new FormValidator();

    $validator->addValidation("FirstName","req","Please fill in FirstName");















$validator->addValidation("LastName","req","Please fill in LastName");

$validator->addValidation("UserName","req","Please fill in UserName");

$validator->addValidation("Password","req","Please fill in a Password");

$validator->addValidation("Password2","req","Please re-enter your password");

$validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!");

$validator->addValidation("email","email","The input for Email should be a valid email value");

$validator->addValidation("email","req","Please fill in Email");

$validator->addValidation("Zip","req","Please fill in your Zip Code");

$validator->addValidation("Security","req","Please fill in your Security Question");

$validator->addValidation("Security2","req","Please fill in your Security Answer");

    if($validator->ValidateForm())

    {

        $con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error());

        mysql_select_db("DBName") or die(mysql_error());

$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file

$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file

$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file

$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file

$Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file

$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file

$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file

$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file

$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file

$Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file

$sql="select * from Profile where username = '$username'";
$result = mysql_query( $sql, $con )
      or die( "ERR: SQL 1" );


if(mysql_num_rows($result) == 0)
{



$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 

//echo $sql;

if (!mysql_query($sql,$con)) {



die('Error: ' . mysql_error());



} else{







mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);



echo "<h3>Your profile information has been submitted successfully.</h3>";

}



mysql_close($con);

        $show_form=false;

    }

    else

    {

        echo "<h3 class='ErrorTitle'>Validation Errors:</h3>";
echo "<h3>That username already exist!</h3>";



        $error_hash = $validator->GetErrors();

        foreach($error_hash as $inpname => $inp_err)

        {

            echo "<p class='errors'>$inpname : $inp_err</p>\n";

        }        

    }

}
}


if(true == $show_form)

{

?>



<form name="test" id="ContactForm" method="POST" accept-charset="UTF-8" action="?>">

<fieldset>



              <div class='normal_field'><label for="LastName">First Name</label></div>

               <div class='element_label'>

                  <input type='text' name='FirstName' size='20'>

               </div>

             

            

           

               <div class='normal_field'><label for="LastName">Last Name</label></div>

               <div class='element_label'>

                  <input type='text' name='LastName' size='20'>

               </div>

           

           </fieldset>

           <fieldset>

               <div class='normal_field'><label for="UserName">User Name</label></div>

               <div class='element_label'>

                  <input type='text' name='UserName' size='20'>

               </div>

           

            

               <div class='normal_field'><label for="Password">Password</label></div>

               <div class='element_label'>

                  <input type='password' name='Password' size='20'>

               </div>

               <div class='normal_field'><label for="Password2">Re-Enter Password</label></div>

               <div class='element_label'>

                  <input type='password' name='Password2' size='20'>

               </div>

            

           

               <div class='normal_field'><label for="Email">Email</label></div>

               <div class='element_label'>

                  <input type='text' name='email' size='20'>

               </div>

            </fieldset>

            <fieldset>

          

               <div class='normal_field'><label for="Zip">Zip Code</label></div>

               <div class='element_label'>

                  <input type='text' name='Zip' size='20'>

               </div>

            

            

               <div class='normal_field'><label for="Birthday">Birthday(mm/dd/yyyy format)</label></div>

               <div class='element_label'>

                  <input type='text' name='Birthday' size='20'>

               </div>

           

           

            

               <div class='normal_field'><label for="Security">Security Question</label></div>

               <div class='element_label'>

                  <input type='text' name='Security' size='20'>

               </div>

               <div class='normal_field'><label for="Security2">Security Answer</label></div>

               <div class='element_label'>

                  <input type='text' name='Security2' size='20'>

               </div>

<div class='normal_field'><label for="math">What is <?php echo $human_number1." + ".$human_number2. "?"; ?></label></div>

               <div class='element_label'>

                  <input type='text' name='math' size='20'>

               </div>

             

               </fieldset>

               <div id="agree">

<label for="tos">

<input type="checkbox" id="tos" name="tos" value="yes" />

I have read and agree to the <a href="ajax/serviceterms.html" id="terms">Terms of Service</a>.

</label>

                </div>

         <fieldset>

           <div id="service-terms" class="box rounded-all"></div>

                <div class="controls">

                    <input id="submit" type="submit" name="Submit" value="CREATE PROFILE"/>

                </div>

                </fieldset>

</form>

<?PHP

}//true == $show_form

?>

 

Link to comment
Share on other sites

Ah alright, I see your issue now.  You are doing the insert without doing any checking on it.  So if the username exists, you get the error of trying to insert a duplicate key.

 

In your code you have this:

 

$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 

//echo $sql;

if (!mysql_query($sql,$con)) {
     die('Error: ' . mysql_error());
} else{
     mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);
     echo "<h3>Your profile information has been submitted successfully.</h3>";

}

 

This piece of code is going to need to be inside of the check you mentioned in the fist post.  Like this:

 

$sql="select * from Profile where username = '$UserName'";
$result = mysql_query( $sql, $conn ) or die( "ERR: SQL 1" );

if(!mysql_num_rows($result)){
$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 
//echo $sql;
if (!mysql_query($sql,$con)) {

		die('Error: ' . mysql_error());

}else{
	mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);
	echo "<h3>Your profile information has been submitted successfully.</h3>";
}
}
else{
echo "That username already exist!";
}

 

This way, the insert will not even be run if the username is found in the database.  And it will return the echoed error that you want.

 

Hope this helps.

 

Cheers

Link to comment
Share on other sites

You can redirect them back to the form with an extra variable, lets say error:

 

Header("Location: <url of form>?error=1");

 

Then on the HTML side of things, you can put a php snippet in that looks for that error:

 

 
if ($_REQUEST('error') == 1){
     echo "Lets display an error";
}

 

Cheers

Link to comment
Share on other sites

thanks. Would the

Header("Location: <url of form>?error=1")

 

go right after

 

echo "<h2>Sorry, that username already exist!</h2>";

 

or should

if ($_REQUEST('error') == 1){
     echo "<h2>Sorry that username already exist!</h2>";
}

 

replace this.

else{



echo "<h2>Sorry, that username already exist!</h2>";
}

 

Link to comment
Share on other sites

the Header call would need to replace the echo of the error, you cannot change the headers once something is written to the screen.  As for where to put the echo error, you will need to put that in the HTML, wherever you want to display it.  It would be something completely separate from the error check.

Link to comment
Share on other sites

I think I am a little confused with where to place the code again. Here is the error I am now getting.

 

"Fatal error: Function name must be a string in new_site/register.php on line 185"

 

and here is my current code

<?PHP

//session_start();

require_once "formvalidator.php";

$show_form=true;



if (!isset($_POST['Submit'])) {







$human_number1 = rand(1, 12);







$human_number2 = rand(1, 38);







$human_answer = $human_number1 + $human_number2;







$_SESSION['check_answer'] = $human_answer;

}



if(isset($_POST['Submit']))

{











if (!isset($_SESSION['check_answer'])) {

echo "<p>Error: Answer session not set</p>";

}





if($_POST['math'] != $_SESSION['check_answer']) {

echo "<p>You did not pass the human check.</p>";

exit();

}





   $validator = new FormValidator();

    $validator->addValidation("FirstName","req","Please fill in FirstName");















$validator->addValidation("LastName","req","Please fill in LastName");

$validator->addValidation("UserName","req","Please fill in UserName");

$validator->addValidation("Password","req","Please fill in a Password");

$validator->addValidation("Password2","req","Please re-enter your password");

$validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!");

$validator->addValidation("email","email","The input for Email should be a valid email value");

$validator->addValidation("email","req","Please fill in Email");

$validator->addValidation("Zip","req","Please fill in your Zip Code");

$validator->addValidation("Security","req","Please fill in your Security Question");

$validator->addValidation("Security2","req","Please fill in your Security Answer");

    if($validator->ValidateForm())

    {

        $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error());

        mysql_select_db("DB_Name") or die(mysql_error());

$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file

$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file

$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file

$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file

$Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file

$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file

$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file

$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file

$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file

$Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file

$sql="select * from Profile where username = '$UserName'";
$result = mysql_query( $sql, $con ) or die( "ERR: SQL 1" );
if ($_REQUEST('error') == 1){
     echo "Sorry that user name already exist!";
}

if(!mysql_num_rows($result)){
$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 

//echo $sql;



if (!mysql_query($sql,$con)) {







die('Error: ' . mysql_error());




} else{







mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);



echo "<h3>Your profile information has been submitted successfully.</h3>";

}
}
else{



Header("Location: register.php?error=1");
}


mysql_close($con);

        $show_form=false;

    }

    else

    {

        echo "<h3 class='ErrorTitle'>Validation Errors:</h3>";



        $error_hash = $validator->GetErrors();

        foreach($error_hash as $inpname => $inp_err)

        {

            echo "<p class='errors'>$inpname : $inp_err</p>\n";

        }        

    }

}



if(true == $show_form)

{

?>



<form name="test" id="ContactForm" method="POST" accept-charset="UTF-8" action="?>">

<fieldset>



              <div class='normal_field'><label for="LastName">First Name</label></div>

               <div class='element_label'>

                  <input type='text' name='FirstName' size='20'>

               </div>

             

            

           

               <div class='normal_field'><label for="LastName">Last Name</label></div>

               <div class='element_label'>

                  <input type='text' name='LastName' size='20'>

               </div>

           

           </fieldset>

           <fieldset>

               <div class='normal_field'><label for="UserName">User Name</label></div>

               <div class='element_label'>

                  <input type='text' name='UserName' size='20'>

               </div>

           

            

               <div class='normal_field'><label for="Password">Password</label></div>

               <div class='element_label'>

                  <input type='password' name='Password' size='20'>

               </div>

               <div class='normal_field'><label for="Password2">Re-Enter Password</label></div>

               <div class='element_label'>

                  <input type='password' name='Password2' size='20'>

               </div>

            

           

               <div class='normal_field'><label for="Email">Email</label></div>

               <div class='element_label'>

                  <input type='text' name='email' size='20'>

               </div>

            </fieldset>

            <fieldset>

          

               <div class='normal_field'><label for="Zip">Zip Code</label></div>

               <div class='element_label'>

                  <input type='text' name='Zip' size='20'>

               </div>

            

            

               <div class='normal_field'><label for="Birthday">Birthday(mm/dd/yyyy format)</label></div>

               <div class='element_label'>

                  <input type='text' name='Birthday' size='20'>

               </div>

           

           

            

               <div class='normal_field'><label for="Security">Security Question</label></div>

               <div class='element_label'>

                  <input type='text' name='Security' size='20'>

               </div>

               <div class='normal_field'><label for="Security2">Security Answer</label></div>

               <div class='element_label'>

                  <input type='text' name='Security2' size='20'>

               </div>

<div class='normal_field'><label for="math">What is <?php echo $human_number1." + ".$human_number2. "?"; ?></label></div>

               <div class='element_label'>

                  <input type='text' name='math' size='20'>

               </div>

             

               </fieldset>

               <div id="agree">

<label for="tos">

<input type="checkbox" id="tos" name="tos" value="yes" />

I have read and agree to the <a href="ajax/serviceterms.html" id="terms">Terms of Service</a>.

</label>

                </div>

         <fieldset>

           <div id="service-terms" class="box rounded-all"></div>

                <div class="controls">

                    <input id="submit" type="submit" name="Submit" value="CREATE PROFILE"/>

                </div>

                </fieldset>

</form>

<?PHP

}//true == $show_form

?>

 

specifically line 185 is this

if ($_REQUEST('error') == 1){
     echo "Sorry that user name already exist!";
}

Link to comment
Share on other sites

thanks again. I am now getting this error.

Warning: Cannot modify header information - headers already sent by (output started at /new_site/inc/inc.header.php:11) in /new_site/register.php on line 229

 

not sure why I get this b/c this line is the only place I am using a header redirect. Any ideas?

Header("Location: register.php?error=1");

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.