steviez Posted October 24, 2007 Share Posted October 24, 2007 Hi, On my signup form i need to stop people from signing up with the username admin etc. How is this done? My code so far: if (isset($_POST['signup_continue'])){ /* ... checking if username already exists */ $username_exists = mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."'"); /* ... checking if email address is already in use */ $email_exists = mysql_query("SELECT * FROM users WHERE email='".$_POST['email']."'"); /* ... checking if email address has been banned */ $banned_exists = mysql_query("SELECT * FROM banned WHERE banned_email='".$_POST['email']."'"); /* username is empty */ if (empty($_POST['username'])){ $signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table"> <tr> <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td> <td width="90%">' . $lang['signup_error'] . '</td> </tr> </table> <br />'; } /* username exists */ else if (mysql_num_rows($username_exists)==1){ $signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table"> <tr> <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td> <td width="90%">' . $lang['signup_error_usernameX'] . '</td> </tr> </table> <br />'; } /* username includes invalid characters */ else if (!preg_match("/^[a-zA-Z\d\-_]+$/i", $_POST["username"])){ $signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table"> <tr> <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td> <td width="90%">' . $lang['signup_error_invalid'] . '</td> </tr> </table> <br />'; } Thanks Quote Link to comment Share on other sites More sharing options...
severndigital Posted October 24, 2007 Share Posted October 24, 2007 i would define an array of usernames you don't want to log in prior to any of the if statments and then just add another else at the end of your script like this $disallow = array("username1","username2","username3"); //then add something like this within your if/else else if(in_array($disallow)){ //the code that generates the error message or whatever } It's probably not the most robust way, but it should get the job done. http://us2.php.net/manual/en/function.in-array.php //the link to the function at php.net Quote Link to comment Share on other sites More sharing options...
only one Posted October 24, 2007 Share Posted October 24, 2007 Here's a quick solution: if ((empty($_POST['username'])) || (strtolower($_POST['username']) == 'admin')){ Quote Link to comment Share on other sites More sharing options...
severndigital Posted October 24, 2007 Share Posted October 24, 2007 Here's a quick solution: if ((empty($_POST['username'])) || (strtolower($_POST['username']) == 'admin')){ that will only accommodate one user name. On my signup form i need to stop people from signing up with the username admin etc. note the etc. at the end of the statement. Quote Link to comment Share on other sites More sharing options...
ale1981 Posted October 24, 2007 Share Posted October 24, 2007 i would define an array of usernames you don't want to log in prior to any of the if statments and then just add another else at the end of your script like this $disallow = array("username1","username2","username3"); //then add something like this within your if/else else if(in_array($disallow)){ //the code that generates the error message or whatever } It's probably not the most robust way, but it should get the job done. http://us2.php.net/manual/en/function.in-array.php //the link to the function at php.net I would use the solution above or by storing the disallowed names in lowercase form in a db table and query the table; strtolower($_POST['username']); $sql = 'SELECT * FROM dissallowed_users WHERE username="' .$_POST['username']. '"'; Quote Link to comment Share on other sites More sharing options...
Zane Posted October 24, 2007 Share Posted October 24, 2007 a good idea is to use a funciton to check it all at once here's a markup I made out of some of it to give you the idea function checkUser($theUser) { $pass = true; /* username is empty */ if (empty($_POST['username'])) $pass = false; /* ... checking if username already exists */ $username_exists = mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."'"); $pass = mysql_num_rows($username_exists) > 0?false:true; /* ... checking if email address is already in use */ $email_exists = mysql_query("SELECT * FROM users WHERE email='".$_POST['email']."'"); $pass = mysql_num_rows($email_exists) > 0?false:true; /* ... checking if email address has been banned */ $banned_exists = mysql_query("SELECT * FROM banned WHERE banned_email='".$_POST['email']."'"); $pass = mysql_num_rows($banned_exists) > 0?false:true; if($theUser == 'admin') $pass == false; return $pass;' } if(checkUser('zanus')) //if it passes then //continue with signup Quote Link to comment Share on other sites More sharing options...
steviez Posted October 24, 2007 Author Share Posted October 24, 2007 Thanks guys, in the end i used this code bellow: <?php $dissallowed_users = mysql_query("SELECT * FROM dissallowed_users WHERE username='".$_POST['username']."'"); else if (mysql_num_rows($dissallowed_users)==1){ $signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table"> <tr> <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td> <td width="90%">Sorry but that usernane is not allowed</td> </tr> </table> <br />'; } ?> Thanks for all your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.