|
PHP - Check Username
Similar Tutorials
Using Inline Php; <h1><font Color="000088">the Username <?php '.$username.' ?> Already Exists";</h1>
I'm working with a registration/login system from a tutorial. It's got email validation to make sure it does not exist but I'm struggling to add the same to the username field: Working code: Code: [Select] <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { $error = array();//Declare An Array to store any error message if (empty($_POST['name'])) {//if no name has been supplied $error[] = 'Please Enter a name ';//add to array "error" } else { $name = $_POST['name'];//else assign it a variable } if (empty($_POST['e-mail'])) { $error[] = 'Please Enter your Email '; } else { if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) { //regular expression for email validation $Email = $_POST['e-mail']; } else { $error[] = 'Your EMail Address is invalid '; } } if (empty($_POST['Password'])) { $error[] = 'Please Enter Your Password '; } else { $Password = $_POST['Password']; } if (empty($error)) //send to Database if there's no error ' { // If everything's OK... // Make sure the email address is available: $query_verify_email = "SELECT * FROM members WHERE Email ='$Email'"; $result_verify_email = mysqli_query($dbc, $query_verify_email); if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false) echo ' Database Error Occured '; } if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email . // Create a unique activation code: $activation = md5(uniqid(rand(), true)); $query_insert_user = "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`) VALUES ( '$name', '$Email', '$Password', '$activation')"; $result_insert_user = mysqli_query($dbc, $query_insert_user); if (!$result_insert_user) { echo 'Query Failed '; } if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull. // Send the email: $message = " To activate your account, please click on this link:\n\n"; $message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation"; mail($Email, 'Registration Confirmation', $message, 'From: Admin@TheGameCo.Com'); // Flush the buffered output. // Finish the page: echo '<div class="success">Thank you for registering! A confirmation email has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>'; } else { // If it did not run OK. echo '<div class="errormsgbox">You could not be registered due to a system error. We apologize for any inconvenience.</div>'; } } else { // The email address is not available. echo '<div class="errormsgbox" >That email address has already been registered. </div>'; } } else {//If the "error" array contains error msg , display them echo '<div class="errormsgbox"> <ol>'; foreach ($error as $key => $values) { echo ' <li>'.$values.'</li>'; } echo '</ol></div>'; } mysqli_close($dbc);//Close the DB Connection } // End of the main Submit conditional. ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Game Name - Home</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="container"> <div id="header"> <?php include("includes/header.php"); ?> </div> <div id="nav"> <?php include("includes/nav.php"); ?> </div> <div id="content"> <form action="index.php" method="post" class="registration_form"> <fieldset> <legend>Registration Form</legend> <p>Create A new Account<br />Already a member? <a href="login.php">Log in</a></p> <div class="elements"> <label for="name">Username:</label> <input type="text" id="name" name="name" size="25" /> </div> <div class="elements"> <label for="e-mail">E-mail:</label> <input type="text" id="e-mail" name="e-mail" size="25" /> </div> <div class="elements"> <label for="Password">Password:</label> <input type="password" id="Password" name="Password" size="25" /> </div> <div class="submit"> <input type="hidden" name="formsubmitted" value="TRUE" /> <input type="submit" value="Register" /> </div> </fieldset> </form> </div> <div id="footer"> <?php include("includes/footer.php"); ?> </div> </div> </body> </html> I've tried adding this after the email verification: Code: [Select] // Make sure the user is available: $query_verify_user = "SELECT * FROM members WHERE Username ='$name'"; $result_verify_user = mysqli_query($dbc, $query_verify_user); if (!$result_verify_user) { echo ' Database Error Occured '; } } if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user . But that just returns me with: It works to stop username/email duplication but now returns: Query Failed You could not be registered due to a system error. We apologize for any inconvenience. Not sure where I'm going wrong tbh. Hi all, i have a script which checks the username field of my register form as the user types it and checks to see if the username is either taken, is too short or availible using jquery, however it isn't working and i've been staring at it for ages trying to work out why. Due to the length of my code ive put it on codepad. Here is my register.php: http://codepad.org/8REOfI8q and here is my check.php: http://codepad.org/gXSkbnsf My form is just displaying "Choose a username" and not changing depending on my input etc... Any help would be great is it possible to check a username or email address against a mysql database as the user types it in or when he changes to the next required input field, and if it is not already taken to place a symbol next to the username to show that it is either available or not. I am still quite new to php. Thanks I had this working at some point, but must have changed the code or messed up the login. Anyway the check no longer works to see if a username exist in the database and if it does, display an error. Right now I am just getting the generic error . "Duplicate entry 'SamJ' for key 'usr'". <? // session_start(); //Print_r ($_SESSION); include('config.php'); // Passkey t from link $passkey=$_GET['passkey']; $tbl_name1="Profile_temp"; // Retrieve data from table where row matches passkey $sql1="SELECT * FROM $tbl_name1 WHERE confirm_code ='$passkey'"; $result1=mysql_query($sql1); // If successfully queried if($result1){ // Count how many row has this passkey $count=mysql_num_rows($result1); // if passkey is found retrieve info from temporary DB if($count==1){ $rows=mysql_fetch_array($result1); $FirstName=$rows['FirstName']; $LastName=$rows['LastName']; $UserName=$rows['UserName']; $Password= md5($rows['Password']); $Password2=md5($rows['Password2']); $email=$rows['email']; $Zip=$rows['Zip']; $Birthday=$rows['Birthday']; $Security=$rows['Security']; $Security2=$rows['Security2']; $tbl_name2="Profile"; // Insert data that retrieves from "temp_members_db" into table "registered_members" $sql2="INSERT INTO $tbl_name2(`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql2; $result2=mysql_query($sql2) or die(mysql_error()); } // if passkey is not found, display message "Wrong Confirmation code" else { echo "<h2>Sorry, Your passkey was not found.</h2>"; } $sql3="select * from $tbl_name2 where username = '$UserName'"; $result3=mysql_query($sql3) or die(mysql_error()); if ($_REQUEST['error'] == 1){ echo "Sorry, that user name already exist!"; } } else { } while ($row = mysql_fetch_assoc($result3)) { $_SESSION['id'] = $row['id']; $_SESSION['FirstName']=$row['FirstName']; } // if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db" if($result2){ echo "<h3>Welcome {$_SESSION['FirstName']} </h3>"; echo "<h2>Your account has been activated</h2>"; echo"<p>You may now upload a profile picture</p>"; //file upload echo " <form enctype='multipart/form-data' action='Profile.php' method='POST'> <fieldset> <legend>Upload your profile picture</legend> <ol> <li id='example3'> <label for='FileUpload'>Choose a file to upload:</label> <input name='myfile' id='FileUpload' type='file' /> <input type='submit' name='submit' value='Upload File' /> </li> </ol> </fieldset> </form> "; } } if($result3){ // Delete information of this user from table "temp_members_db" that has this passkey $sql4="DELETE FROM $tbl_name1 WHERE confirm_code = '$passkey'"; $result4=mysql_query($sql4) or die(mysql_error()); ?> can anyone see what is wrong? Hey all, In my user registration system I'm trying to figure something out. When the user puts in his information and hits submit it goes into a temporary user table while it waits for the user to click on the activation code in the email that is sent out. Once they click on it it's then transferred into the user table. Now, I have a few questions: 1. Should the user check on the registration screen check both tables for a username match? What if someone starts a registration but never activates it. That username, though not in use, is now taken up in the tempuser table. 2. Should the information in the temporary table be cleared after it is moved into the regular table? Thanks guys! I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to. e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username? What's the best choice? Just too many attempts for a username? Or also use the ip address? And should I store the attempts in the session, or the DB? Ok so I'm still having problems. This is what I need: I want a function to echo a message if a username does not pass my requirments. - Only letters and / or numbers - Must start with a letter (not a number) - No spaces The current code is not working for me. Please help Code: [Select] }else if (!(eregi('/[A-Za-z0-9-]+',($_POST["username"])))){ echo "<p> </p><p> </p><p> </p><br />Must only contain numbers and letters and cannot exceed 10 characters.<p> </p><p> </p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>"; Hi guys Can someone help me about this: The php code can be revise username and password with CURL then check database and if username & password is correct return true else false. Thanks Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code. $sql="select * from Profile where username = '$username'; $result = mysql_query( $sql, $conn ) or die( "ERR: SQL 1" ); if(mysql_num_rows($result)!=0) { process form } else { echo "That username already exist!"; } the current code of the form <?PHP //session_start(); require_once "formvalidator.php"; $show_form=true; if (!isset($_POST['Submit'])) { $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; $_SESSION['check_answer'] = $human_answer; } if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { echo "<p>Error: Answer session not set</p>"; } if($_POST['math'] != $_SESSION['check_answer']) { echo "<p>You did not pass the human check.</p>"; exit(); } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> ISSUE. A User enters information into a form. If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example, "The username $username already exists." If the username is 'mattd' then the message should say, "The username mattd already exists." Within my php application, I have included 'inline html'. Here is part of the code: .... if (mysql_num_rows($query_run)==1) { // it will never = more than one because only //one user will or will not exist ?> <html> </body> <h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1> </body> </html> <?php }else{ //start the registration process $query = "INSERT INTO `Names` VALUES .... 1. At one point I did get this: "The username mattd already exists." 2. But now I only get "The username already exists." I am not retrieving the $username variable. This screenshot is found he http://imgur.com/lIwLZ1G thanks. While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase? Or is this best handled later on, when the name is being used and called from the DB. PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves. How to show the username of the person who uploaded something? I know how to make the upload script etc. but what is the script needed for the person's username and where do I put it? Thanks. Hi, I used to be able to get the username of the user who was loggd onto the computer and use that as a session variable, so when they are on the intranet, they need not to add any data. The code I used to use was Code: [Select] $logon_name = basename($_SERVER['AUTH_USER']); Since I updated the webserver and put an up-to-date version of PHP on this no longer works. If you have any ideas, such as maybe using Javascript to get this variable and passing it to PHP... Your help is appreciated. Stuart I want to accomplish two things: save some server overhead and create a friendlier user experience. Thus, prior to form submission, the user should have the opportunity to check whether the chosen username is available. As I've begun researching the topic, I've discovered AJAX, Vue, and XMLHttpRequest alternatives.
Any suggestions and alternatives that would give me guidance would be appreciated.
Additionally, are there any characters that should be expressly prohibited from use in a username (or other input field) that could aid malicious hackers in causing harm to my website, database, and files?
Hi, I used to use the php session to get the username of the user that was logged on and use that variable on our intranet. Recently we are having to redevelop the site, and we can no longer use this variable. Is there another way of getting the username of the user who is logged onto the computer? Thanks in Advance, Stuart Hi! I want to add the users nickname to the urlcode. I don't have any clue how to :O And maybe add more text after the url www.url.comTEXTusername echo $row["url"];$row["username"]; Please help Here's the class Code: [Select] <?php session_start(); class Train { private $_clicked; private $_name; function __construct() { $this->_name = (string) $_SESSION['nrpgusername']; $this->_clicked = (int) $_SESSION['clicked']; } public function CheckLogged() { if(isset($this->_name)) {} else{die("you must be logged in!");} } public function CheckClicked() { if(isset($_POST['go'])) { $this->MysqlUpdate(); $this->_clicked = 1; session_set_cookie_params(84600); } } public function Clicked() { if(isset($this->_clicked)) { echo' <div id="train"><img src="images/train.jpg" alt="train image"/></div> <div id="text"> <span id="click">' . $this->_name. ' has gained 7 experience,<br /> and cannot train anymore today. </span><form method ="post" name="train" action=""> </div>'; } else { echo' <div id="train"><img src="images/train.jpg" alt="train image"/></div> <div id="text"><span id="click">Click here to train your shinobi!</span> <form method ="post" name="train" action=""><input type="submit" name="go" value="train" /></div>';} } private function MysqlUpdate() { include("database.php"); $query = "UPDATE account_info SET experience = experience + 7 WHERE username = '$this->name'"; $result = mysql_query($query) or die(mysql_error()); } } ?> For some reason, it's showing 1 has gained 7 experience, and cannot train anymore today. Instead of Tony has gained 7 experience, and cannot train anymore today. I'm wanting to increment usernames in ONLY the lowercase a-z for example if a user enters "abc" it will automatically be given "abc1" and the next user if entering the same username will automatically be given "abc2", the next "abc3" and so on. The base login and register script I'm using can be found on http://evolt.org/node/60265/ The database.php and register.php pages are below, but excluding the amendments I am seeking. I have created a MySQL database with 2 tables, 1 table named 'Users' with 3 columns named (1) 'userid' primary key, auto increment, (2) 'username' (3) 'password'. The other table is named 'UserCount' with 2 columns named (1) 'username' (2) 'count'. Can someone provide the PHP coding for the following process? When a new user registers a new username firstly PHP to check the characters are in lowercase a-z only and no other characters, and reject if they do not match, then for PHP to check to see if that username exists in the 'UserCount' table. If it doesn't exist, PHP to insert the new username into the 'username' column and also set the value of the 'count' column to 1. If the username does exist, PHP to add that username to the 'username' column and increment the value of the 'count' column by 1. Then in the 'Users' table PHP to insert a record with 'Users.username = UserCount.username + count' and PHP to inform the new user of their complete username including the integer that has been added to their first entered username. It would also help if I could be provided a link to a website on where I can better understand how to collate coding of this kind, coz I have tried to formulate this coding but as I'm playing around in the dark I have no idea if it is the right process in particular considering security factors. database.php Code: [Select] <?php /** * Connect to the mysql database. */ $conn = mysql_connect("localhost", "your_username", "your_password") or die(mysql_error()); mysql_select_db('your_database', $conn) or die(mysql_error()); ?> register.php Code: [Select] <?php session_start(); include("database.php"); /** * Returns true if the username has been taken * by another user, false otherwise. */ function usernameTaken($username){ global $conn; if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "select username from Users where username = '$username'"; $result = mysql_query($q,$conn); return (mysql_numrows($result) > 0); } /** * Inserts the given (username, password) pair * into the database. Returns true on success, * false otherwise. */ function addNewUser($username, $password){ global $conn; $q = "INSERT INTO Users VALUES ('$username', '$password')"; return mysql_query($q,$conn); } /** * Displays the appropriate message to the user * after the registration attempt. It displays a * success or failure status depending on a * session variable set during registration. */ function displayStatus(){ $uname = $_SESSION['reguname']; if($_SESSION['regresult']){ ?> <h1>Registered!</h1> <p>Thank you <b><?php echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p> <?php } else{ ?> <h1>Registration Failed</h1> <p>We're sorry, but an error has occurred and your registration for the username <b><?php echo $uname; ?></b>, could not be completed.<br> Please try again at a later time.</p> <?php } unset($_SESSION['reguname']); unset($_SESSION['registered']); unset($_SESSION['regresult']); } if(isset($_SESSION['registered'])){ /** * This is the page that will be displayed after the * registration has been attempted. */ ?> <html> <title>Registration Page</title> <body> <?php displayStatus(); ?> </body> </html> <?php return; } /** * Determines whether or not to show to sign-up form * based on whether the form has been submitted, if it * has, check the database for consistency and create * the new account. */ if(isset($_POST['subjoin'])){ /* Make sure all fields were entered */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /* Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /* Check if username is already in use */ if(usernameTaken($_POST['user'])){ $use = $_POST['user']; die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one."); } /* Add the new account to the database */ $md5pass = md5($_POST['pass']); $_SESSION['reguname'] = $_POST['user']; $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass); $_SESSION['registered'] = true; echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; return; } else{ /** * This is the page with the sign-up form, the names * of the input fields are important and should not * be changed. */ ?> <html> <title>Registration Page</title> <body> <h1>Register</h1> <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> <tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr> </table> </form> </body> </html> <?php } ?> how would this code work? Code: [Select] if ($_POST['username'] == "[, ., ,, _, -" ){ die('Invalid characters.'); i want it to mean if there are any characters like ", [ . - _ ' " or anything in the username then die('invalid characters.'); for extra safety Hello, After searching for some hours I don't get an answer for my question . I have a login index with session_start and register the user information with : Code: [Select] $_SESSION['user'] = $r['username']; $_SESSION['loggedin'] = true; In that index file, it echo the right username that's logged in. On the other files, it echo always "root". My other files are combined with - Header.php ( Start of validation of session ) - Page.php ( Validate again ) - Footer.php ( End the validation of footer ) All files have a session start and if not logged in redirects to index file to login again. The problem, somewhere I have an error that I can't discover.. Could you please help me ? Header.php Code: [Select] <?php session_start(); include("connect.php"); include("../inc/config.php"); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> MY OWN CODE <?php } else{ Header("Location:index.php"); } ?> PAGE.PHP Code: [Select] <?php session_start(); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> <?php include("header.php"); $session = session_decode(session_id()); $result = mysql_query("SELECT * FROM admutilizador WHERE id='$session'") or die(mysql_error()); $row = mysql_fetch_array($result); ?> MY OWN CODE <?php include("footer.php"); ?> <?php } else{ Header("Location:index.php"); } FOOTER.PHP Code: [Select] <?php session_start(); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> MY OWN CODE <?php } else{ Header("Location:index.php"); } Can someone help me ? thanks in advance. P.S. I used a test session var $_SESSION['test'] = "TEST"; and it keeps the records in other pages. Using the $_SESSION['user'] = $r['username']; ( info from DB that returns the right username in the same page, echoing it in other pages always output root. Hope this test could help anyone too. |
|||||||