Login Troubles

Beginners - Learning PHP
#1

Ok so i made a login for my website bt sadly people can use the same username over and over. It is messing with my mysql data base. I don’t know what to add to my php code ffor it to stop.

[php]<?php

echo “

Register

”;

$submit = $_POST[‘submit’];

//form data
$fullname = strip_tags($_POST[‘fullname’]);
$username = strip_tags($_POST[‘username’]);
$password =strip_tags($_POST[‘password’]);
$confirmpassword =strip_tags($_POST[‘confirmpassword’]);
$date = date(“Y-m-d”);
$email =strip_tags($_POST[‘email’]);
if ($submit)
{
//check for existance

if($fullname&&$username&&$password&&$confirmpassword)
{

if ($password==$confirmpassword)
{
//check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo “Length of Username or Full Name has reached it’s limit”;
}
else
{
//check password length
if (strlen($password)>25||strlen($password)<6)
{
echo “Password must be more then 6 and less then 25”;
}
else
{
//register the user!

//encrypt password
$password = md5($password);
$confirmpassword = md5($confirmpassword);

//open database
$connect = mysql_connect(“localhost”,“bagobone_Peter”,“boomerdog222”);
mysql_select_db(bagobone_phplogin); //select database

//Generate random number for activation
$random = rand(23456789,98765432);

$queryreg = mysql_query("

INSERT INTO users VALUES (’’,’$fullname’,’$username’,’$password’,’$email’,’$date’,’$random’,‘0’)

");

//send acctivation e-mail

$lastid = mysql_insert_id();

//send acctivation e-mail
$to = $email;
$subject = “Activate your account!”;
$headers = "From: [email protected] ";
$server = “gator1716.hostgator.com”;

ini_set(“SMTP”,$server);

$body = "
Hello $fullname,\n\n

You need to activate your account with the link below
http://www.thedreamflow.com/activate.php?id=$lastid&code=$random\n\n
Username:$username
Password:$password

Thanks!
Love, Admin.

";

//function to send email
mail($to, $subject, $body, $headers);
die(“you have been Registered! Check your email to activate your account!”);
}
}

}
else
echo “Your passwords do not match.”;

}
else
echo “Please fill in all fields!”;

}

?>

Your full name:
Choose a Username:
E-mail:
Choose a Password:
Confirm Password:

[/php]
#2

Hi,

Before Insert User entry in database check that that username is exist in Database if username was already exist in database then leave to insert entry in database and show error to users that username was already exist in system,

by placing this query before insert entry in to database you can check that user was exist in database.

$queryreg = mysql_query(“SELECT * FROM users WHERE username = ‘$username’”);
$result = mysql_fetch_array($queryreg);
if(!$result) {
// Insert User entry into Database
} else {
//Show error to Users
}

#3

You should also use mysql_real_escape_string() on your $_POST data to prevent sql injection.

#4

I don’t know how to put it in :confused:

#5

sarthakpatel just showed you how:

Here would be your code:

[php]

<?php echo "

Register

"; $submit = $_POST['submit']; //form data $fullname = strip_tags($_POST['fullname']); $username = strip_tags($_POST['username']); $password =strip_tags($_POST['password']); $confirmpassword =strip_tags($_POST['confirmpassword']); $date = date("Y-m-d"); $email =strip_tags($_POST['email']); if ($submit) { //check for existance $queryreg = mysql_query("SELECT * FROM users WHERE username = '$username'"); $result = mysql_fetch_array($queryreg); if(!$result) { if($fullname&&$username&&$password&&$confirmpassword) { if ($password==$confirmpassword) { //check char length of username and fullname if (strlen($username)>25||strlen($fullname)>25) { echo "Length of Username or Full Name has reached it's limit"; } else { //check password length if (strlen($password)>25||strlen($password)<6) { echo "Password must be more then 6 and less then 25"; } else { //register the user! //encrypt password $password = md5($password); $confirmpassword = md5($confirmpassword); //open database $connect = mysql_connect("localhost","bagobone_Peter","boomerdog222"); mysql_select_db(bagobone_phplogin); //select database //Generate random number for activation $random = rand(23456789,98765432); $queryreg = mysql_query(" INSERT INTO users VALUES ('','$fullname','$username','$password','$email','$date','$random','0') "); //send acctivation e-mail $lastid = mysql_insert_id(); //send acctivation e-mail $to = $email; $subject = "Activate your account!"; $headers = "From: [email protected] "; $server = "gator1716.hostgator.com"; ini_set("SMTP",$server); $body = " Hello $fullname,\n\n You need to activate your account with the link below http://www.thedreamflow.com/activate.php?id=$lastid&code=$random\n\n Username:$username Password:$password Thanks! Love, Admin. "; //function to send email mail($to, $subject, $body, $headers); die("you have been Registered! Check your email to activate your account!"); } } } else echo "Your passwords do not match."; } else echo "Please fill in all fields!"; } } else { Echo "Username is taken"; } ?>
Your full name:
Choose a Username:
E-mail:
Choose a Password:
Confirm Password:

[/php]
Sponsor our Newsletter | Privacy Policy | Terms of Service