Check if username exists

[Sarkons]

Hi There,

I'm rather new to php so please bare with me!

After many attempts i still have been unable to return success, even existing usernames still come up as free.

this is the code i've been attempting to use;

 

<?php
}else{


$usr = new Users;
$usr->storeFormValues( $_POST );
if( $_POST['password'] == $_POST['confpass'] ) {
//passwords do match//
} else {
echo "Passwords do not match";
exit;
}
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$stmt = $con->prepare("SELECT COUNT (*) FROM users WHERE username = :username");
if ($stmt->fetchColumn() > 0) {

echo "username is taken";
}else{

echo "username is free";
}
}

Thanks, I Appreciate it!

Edited January 4, 2013 by Sarkons

[NomadicJosh]

Where is your bind parameter for ":username"?

[Sarkons]

I have it on my user.php page which contains;

<?php
class Users {
 public $username = null;
 public $password = null;
 public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
 public $email = null;
 public $first = null;
 public $middle = null;
 public $last = null;
 public $question = null;
 public $answer = null;

 public function __construct( $data = array() ) {
  if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
  if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
  if( isset( $data['email'] ) ) $this->email = stripslashes( strip_tags( $data['email'] ) );
  if( isset( $data['first'] ) ) $this->first = stripslashes( strip_tags( $data['first'] ) );
  if( isset( $data['middle'] ) ) $this->middle = stripslashes( strip_tags( $data['middle'] ) );
  if( isset( $data['last'] ) ) $this->last = stripslashes( strip_tags( $data['last'] ) );
  if( isset( $data['question'] ) ) $this->question = stripslashes( strip_tags( $data['question'] ) );
  if( isset( $data['answer'] ) ) $this->answer = stripslashes( strip_tags( $data['answer'] ) );
 }

 public function storeFormValues( $params ) {
 //store the parameters
 $this->__construct( $params );
 }

 public function userLogin() {
  $success = false;
  try{
  $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
  $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
  $sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";

  $stmt = $con->prepare( $sql );
  $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
  $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
  $stmt->execute();

  $valid = $stmt->fetchColumn();

  if( $valid ) {
   $success = true;
  }

  $con = null;
  return $success;
  }catch (PDOException $e) {
   echo $e->getMessage();
   return $success;
  }
 }

 public function register() {
 $correct = false;
  try {
   $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
   $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
   $sql = "INSERT INTO users (username, password, email, first, middle, last, question, answer)
   VALUES(:username, :password, :email, :first, :middle, :last, :question, :answer)";

   $stmt = $con->prepare( $sql );
   $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
   $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
   $stmt->bindValue( "email", $this->email, PDO::PARAM_STR );
   $stmt->bindValue( "first", $this->first, PDO::PARAM_STR );
   $stmt->bindValue( "middle", $this->middle, PDO::PARAM_STR );
   $stmt->bindValue( "last", $this->last, PDO::PARAM_STR );
   $stmt->bindValue( "question", $this->question, PDO::PARAM_STR );
   $stmt->bindValue( "answer", $this->answer, PDO::PARAM_STR );
   $stmt->execute();
   return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
  }catch( PDOException $e ) {
 return $e->getMessage();
  }
  }
 }
?>

[requinix]

I have it on my user.php page which contains irrelevant stuff

That's fine buggy and all but

$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$stmt = $con->prepare("SELECT COUNT (*) FROM users WHERE username = :username");

that code has absolutely nothing to do with your Users class.

 

Where do you bind a username to $stmt?

Edited January 4, 2013 by requinix

[NomadicJosh]

You bindValue strings should match what is in your query. For example:

$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );

 

should be this instead:

 

$stmt->bindValue( ":username", $this->username, PDO::PARAM_STR );

[White_Lily]

I am constantly having to write registration and login scripts for clients, and therefore I prefer simple ways of comparing usernames.

 

This is the code i use to get a taken name, and display an error if the user tries to use a taken name:

 

$compare = select("users", "user_username", NULL, NULL, 1) or die(mysql_error()); // my select function is a custom and so you should swap this for a query or your personal select function.
$use = mysql_fetch_assoc($compare);

if($username == $use["user_username"]){
$error .= "<li class='error'>That username is already in use. Choose another.</li>";
}

[PFMaBiSmAd]

@White_Lily,

 

Rather than just read the title and post some off-topic code, why not actually read the problem the OP posted. He's using PDO prepared statements and the current problem is related to properly binding data to the query statement.