What Is Wrong With This Code?

[Guest]

Ok, so basically what I want is the code to check the DB to see if a passworded username is already taken, then display an error if someone tries to post with that same name, but gives a wrong password for that name.  What the code below does, is just that....except, even when you enter the correct password, it displays the error that the name has been taken...how can I fix this so when you enter the right password, it allows you to post?

 

<script src="http://code.jquery.com/jquery-latest.js" type="text/javascript" charset="utf-8"></script>
<script language="javascript" type="text/javascript">
//<![CDATA[
$(document).ready(function(){
$("form#reply").submit(function() {
var success = 0;
var username     = $('#user').attr('value');
	$.ajax({
		type: "GET",
		url: "checkusername.php",
		data: "username="+ username,
		success: function(r){
			success = r;
		}, async:false
	});
	if(success == 1) {
		alert("Username already taken.");
		return false;
	}else return true;
});
});
//]]>
</script>

 

The checkusername.php code is:

 

<?php
require "database.php";
#check user on users table
$user = fetch("SELECT COUNT(pid) FROM posts WHERE user = '".$_GET["username"]."'");
if(!$user || !isset($user)) echo '0';
if($user[0] > 0) echo '1'; else echo '0';
exit();
?>

[requinix]

You're not checking the password at all...

 

Also,

1. Use POST.

2. Hash the password in your JavaScript before sending it in the URL and/or use SSL.

[Guest]

Could you modify it for me?  Not really sure what to do...sorry.

[requinix]

Who wrote the original code?

[AyKay47]

Could you modify it for me?  Not really sure what to do...sorry.

 

We will help you to modify the code yourself. However we do not provide free code. Required gave you some pointers, start there.

[Guest]

Well where do I start?