Jump to content

Registration Validation.

doomdude

By doomdude
in PHP Coding Help

 Share

Recommended Posts

doomdude Member

doomdude

Posted
Posted

I'm using an open source registration and login validation system. I've got it working well, apart from I've discovered when adding check if username is taken, it has broken the script and allows duplicate usernames and email addresses:

 

<?php

include ('database_connection.php');
if (isset($_POST['formsubmitted'])) {
    $error = array();//Declare An Array to store any error message  
    if (empty($_POST['name'])) {//if no name has been supplied 
        $error[] = 'Please Enter a name ';//add to array "error"
    } else {
        $name = $_POST['name'];//else assign it a variable
    }

    if (empty($_POST['e-mail'])) {
        $error[] = 'Please Enter your Email ';
    } else {


        if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) {
           //regular expression for email validation
            $Email = $_POST['e-mail'];
        } else {
             $error[] = 'Your EMail Address is invalid  ';
        }


    }


    if (empty($_POST['Password'])) {
        $error[] = 'Please Enter Your Password ';
    } else {
        $Password = $_POST['Password'];
    }


    if (empty($error)) //send to Database if there's no error '

    { // If everything's OK...

        // Make sure the email address is available:
        $query_verify_email = "SELECT * FROM members  WHERE Email ='$Email'";
        $result_verify_email = mysqli_query($dbc, $query_verify_email);
        if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
            echo ' Database Error Occured ';
        }
    if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email .

		// Make sure the user is available:
        $query_verify_user = "SELECT * FROM members  WHERE Username ='$name'";
        $result_verify_user = mysqli_query($dbc, $query_verify_user);
        if (!$result_verify_user) {
            echo ' Database Error Occured ';
        }
	}
    if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user .

            // Create a unique  activation code:
            $activation = md5(uniqid(rand(), true));


            $query_insert_user = "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`, `res1`, `res2`, `ounit1`, `dunit1`) VALUES ( '$name', '$Email', '$Password', '$activation', '50000', '50000', '100', '100')";


            $result_insert_user = mysqli_query($dbc, $query_insert_user);
            if (!$result_insert_user) {
                echo 'Query Failed ';
            }

            if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull.


                // Send the email:
                $message = " To activate your account, please click on this link:\n\n";
                $message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation";
                mail($Email, 'Registration Confirmation', $message, 'From: [email protected]');

                // Flush the buffered output.


                // Finish the page:
                echo '<div class="success">Thank you for
registering! A confirmation email
has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>';


            } else { // If it did not run OK.
                echo '<div class="errormsgbox">You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
            }

        } else { // The email address is not available.
            echo '<div class="errormsgbox" >That email
address or username has already been registered.
</div>';
        }

    } else {//If the "error" array contains error msg , display them
        
        

echo '<div class="errormsgbox"> <ol>';
        foreach ($error as $key => $values) {
            
            echo '	<li>'.$values.'</li>';


       
        }
        echo '</ol></div>';

    }
  
    mysqli_close($dbc);//Close the DB Connection

} // End of the main Submit conditional.



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Game Name - Home</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>

<div id="container">
<div id="header">
<?php include("includes/header.php"); ?>
</div>
<div id="nav">
<?php include("includes/nav.php"); ?>

</div>
<div id="content">
<form action="index.php" method="post" class="registration_form">
  <fieldset>
    <legend>Registration Form</legend>

    <p>Create A new Account<br />Already a member? <a href="login.php">Log in</a></p>
    
    <div class="elements">
      <label for="name">Username:</label>
      <input type="text" id="name" name="name" size="25" />
    </div>
    <div class="elements">
      <label for="e-mail">E-mail:</label>
      <input type="text" id="e-mail" name="e-mail" size="25" />
    </div>
    <div class="elements">
      <label for="Password">Password:</label>
      <input type="password" id="Password" name="Password" size="25" />
    </div>
    <div class="submit">
     <input type="hidden" name="formsubmitted" value="TRUE" />
      <input type="submit" value="Register" />
    </div>
  </fieldset>
</form>
</div>
<div id="footer">
<?php include("includes/footer.php"); ?>
</div>
</div>
</body>
</html>

 

To add user verification I simply duplicated the email verification:

 

			// Make sure the user is available:
        $query_verify_user = "SELECT * FROM members  WHERE Username ='$name'";
        $result_verify_user = mysqli_query($dbc, $query_verify_user);
        if (!$result_verify_user) {
            echo ' Database Error Occured ';
        }
	}
    if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user .

 

Can anyone see where I've gone wrong?

Link to comment
https://forums.phpfreaks.com/topic/247973-registration-validation/
Share on other sites
doomdude Member

doomdude

Posted
  • Author
Posted

Hey thanks for you reply.

 

I removed that bracked and now get this error while using the same username / email address:

 

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /home/u835743061/public_html/index.php on line 54
doomdude Member

doomdude

Posted
  • Author
Posted

The error you are getting is because the mysqli_query is failing.

$result_verify_user = mysqli_query($dbc, $query_verify_user) or die (mysqli_error($dbc));

 

Hi Thanks for the reply!

 

How is it failing? It should be checking if username exists, if yes then error if no then continue?

doomdude Member

doomdude

Posted
  • Author
Posted

Your error is telling you that something is wrong..

As the error says,

expects parameter 1 to be mysqli_result, null given

Which basically means that $result_verify_user contains NULL.

 

Should I not be getting the:

 

       if (!$result_verify_user) {
            echo ' Database Error Occured ';

 

Output Database Error Occurred if the query is not working? I really have no clue what is going wrong, been frustrating me for 2 weeks.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.