PHP - Checking If A Username Has Been Used Twice
I have written the code for email check, but how and where can I put the code to check if a username has been used twice? Thanks in advance.
Code: [Select] <?php $servername = "localhost"; $username = ""; $password = ""; //validate fields if(!$_POST["username"] || !$_POST["email"] || !$_POST["password1"] || !$_POST["password2"]){ echo "<p> </p><p> </p><p> </p><br />Please fill the required fields, <p> </p><p> </p><a href='register.php'>Go to register page</a>"; //validate password }else if($_POST["password1"] != $_POST["password2"]){ echo "<p> </p><p> </p><p> </p><br />Please go back, PASSWORDS do not match! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; //validate email }else if(!(eregi("^.+@.+\\..+$", $_POST['email']))){ echo "<p> </p><p> </p><p> </p><br />Please enter a valid EMAIL! <a href='register.php'><p> </p><p> </p>Go to register page</a>"; //validate captcha }else if(($_SESSION['security_code'] != $_POST['security_code']) || (empty($_SESSION['security_code'])) ){ echo "<p> </p><p> </p><p> </p><br />CAPTCHA CODE does not match! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; }else{ $conn= mysql_connect($servername,$username,$password)or die(mysql_error()); mysql_select_db("genesis_members",$conn); // check if already registered $sql_check = "SELECT * FROM users WHERE email = '".$_POST[email]."'"; $result_check = mysql_query($sql_check,$conn) or die(mysql_error()); $row = mysql_fetch_assoc($result_check); if($row['id']){ echo "<p> </p><p> </p><p> </p><br />EMAIL already registered! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; }else{ // insert in db $sql = "INSERT INTO users (username, email, password, company, phone, services) VALUES ('".$_POST[username]."', '".$_POST[email]."', '".$_POST[password1]."', '".$_POST[company]."', '".$_POST[phone]."', '".$_POST[services]."')"; $result = mysql_query($sql,$conn) or die(mysql_error()); echo "<p> </p><p> </p><p> </p><br /><h1>You Have Successfully Registered</h1>"; echo "<p> </p><p> </p><br /><a href='main_login.php'>go to login page</a>"; } } ?> Similar Tutorials
Using Inline Php; <h1><font Color="000088">the Username <?php '.$username.' ?> Already Exists";</h1>
Code: [Select] <?php session_start(); include("global-settings.php"); mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error()); mysql_select_db($dbname) or die(mysql_error()); $email = mysql_real_escape_string(strip_tags($_POST["email"])); $password = sha1($_POST["password"]); $result = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$password}'"); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); $_SESSION["userid"] = $row['user_pid']; echo "logged in"; } else { $userid_generator = uniqid(rand(), false); mysql_query("INSERT INTO users (user_pid, email, password, datetime_registered, is_leader) VALUES ('$userid_generator', '{$email}', '{$password}', NOW(), 'no')"); $id = mysql_insert_id(); $leaders = mysql_query("SELECT * FROM users WHERE is_leader LIKE '%yes%'"); while($rows = mysql_fetch_array($leaders)) { if ($rows['is_leader'] == 'yes') { $leader_id = $rows['user_pid']; mysql_query("INSERT IGNORE INTO friends (node1id, node2id, friends_since, friend_type) VALUES('$leader_id', '$userid_generator', NOW(), 'full')"); $_SESSION["userid"] = $userid_generator; echo "new user created and logged in"; if(is_dir($userid_generator)) { echo "Something wen't wrong. A bug report has been sent and we are doing what we can to fix it."; $message = 'Registration problem on account number $userid_generator. The user succesfully registered, but there is already a directory with the account id of $userid_generator.'; mail($bug_report_email, "Registration Bug!", $message); } else { mkdir('../media/User-PID{' . $userid_generator . '}', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/photos', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/backups', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/videos', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/documents', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/developer', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/developer/apps', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/developer/themes', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/xml', 0777); } } } } ?> It logs in fine. It even registers fine, but how do I code it to do something if username is correct but password isn't correct? ISSUE. A User enters information into a form. If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example, "The username $username already exists." If the username is 'mattd' then the message should say, "The username mattd already exists." Within my php application, I have included 'inline html'. Here is part of the code: .... if (mysql_num_rows($query_run)==1) { // it will never = more than one because only //one user will or will not exist ?> <html> </body> <h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1> </body> </html> <?php }else{ //start the registration process $query = "INSERT INTO `Names` VALUES .... 1. At one point I did get this: "The username mattd already exists." 2. But now I only get "The username already exists." I am not retrieving the $username variable. This screenshot is found he http://imgur.com/lIwLZ1G thanks. While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase? Or is this best handled later on, when the name is being used and called from the DB. PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves. How to show the username of the person who uploaded something? I know how to make the upload script etc. but what is the script needed for the person's username and where do I put it? Thanks. Hi, I used to use the php session to get the username of the user that was logged on and use that variable on our intranet. Recently we are having to redevelop the site, and we can no longer use this variable. Is there another way of getting the username of the user who is logged onto the computer? Thanks in Advance, Stuart Hi, I used to be able to get the username of the user who was loggd onto the computer and use that as a session variable, so when they are on the intranet, they need not to add any data. The code I used to use was Code: [Select] $logon_name = basename($_SERVER['AUTH_USER']); Since I updated the webserver and put an up-to-date version of PHP on this no longer works. If you have any ideas, such as maybe using Javascript to get this variable and passing it to PHP... Your help is appreciated. Stuart Hi! I want to add the users nickname to the urlcode. I don't have any clue how to :O And maybe add more text after the url www.url.comTEXTusername echo $row["url"];$row["username"]; Please help I want to accomplish two things: save some server overhead and create a friendlier user experience. Thus, prior to form submission, the user should have the opportunity to check whether the chosen username is available. As I've begun researching the topic, I've discovered AJAX, Vue, and XMLHttpRequest alternatives.
Any suggestions and alternatives that would give me guidance would be appreciated.
Additionally, are there any characters that should be expressly prohibited from use in a username (or other input field) that could aid malicious hackers in causing harm to my website, database, and files?
Here's the class Code: [Select] <?php session_start(); class Train { private $_clicked; private $_name; function __construct() { $this->_name = (string) $_SESSION['nrpgusername']; $this->_clicked = (int) $_SESSION['clicked']; } public function CheckLogged() { if(isset($this->_name)) {} else{die("you must be logged in!");} } public function CheckClicked() { if(isset($_POST['go'])) { $this->MysqlUpdate(); $this->_clicked = 1; session_set_cookie_params(84600); } } public function Clicked() { if(isset($this->_clicked)) { echo' <div id="train"><img src="images/train.jpg" alt="train image"/></div> <div id="text"> <span id="click">' . $this->_name. ' has gained 7 experience,<br /> and cannot train anymore today. </span><form method ="post" name="train" action=""> </div>'; } else { echo' <div id="train"><img src="images/train.jpg" alt="train image"/></div> <div id="text"><span id="click">Click here to train your shinobi!</span> <form method ="post" name="train" action=""><input type="submit" name="go" value="train" /></div>';} } private function MysqlUpdate() { include("database.php"); $query = "UPDATE account_info SET experience = experience + 7 WHERE username = '$this->name'"; $result = mysql_query($query) or die(mysql_error()); } } ?> For some reason, it's showing 1 has gained 7 experience, and cannot train anymore today. Instead of Tony has gained 7 experience, and cannot train anymore today. how would this code work? Code: [Select] if ($_POST['username'] == "[, ., ,, _, -" ){ die('Invalid characters.'); i want it to mean if there are any characters like ", [ . - _ ' " or anything in the username then die('invalid characters.'); for extra safety I have created a simple login system but need help getting the username after login is successfull. The login page <?php session_start(); require_once 'classes/Membership.php'; $membership = new Membership(); // If the user clicks the "Log Out" link on the index page. if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { $membership->log_User_Out(); } // Did the user enter a password/username and click submit? if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) { $response = $membership->validate_User($_POST['username'], $_POST['pwd']); } ?> <div id="login"> <form method="post" action=""> <table width="200" border="0" align="center"> <tr> <th scope="col">Username:</th> <th scope="col"><input type="text" name="username" /></th> </tr> <tr> <td>Password:</td> <td><input type="password" name="pwd" /></td> </tr> <tr> <td colspan="2"><input type="submit" id="submit" value="Login" name="submit" /></td> </tr> </table> <p> </p> <p> <?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?> </p> </form> </div> Membership.php file <?php require 'Mysql.php'; class Membership { function validate_user($un, $pwd) { $mysql = New Mysql(); $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: myaccount.php"); } else return "Please enter a correct username and password"; } function log_User_Out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 1000); session_destroy(); } } function confirm_Member() { session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } } myaccount page <?php require_once 'classes/Membership.php'; $membership = New Membership(); $membership->confirm_Member(); ?> <p>Welcome <?= $_SESSION['status'] ?></p I'm wanting to increment usernames in ONLY the lowercase a-z for example if a user enters "abc" it will automatically be given "abc1" and the next user if entering the same username will automatically be given "abc2", the next "abc3" and so on. The base login and register script I'm using can be found on http://evolt.org/node/60265/ The database.php and register.php pages are below, but excluding the amendments I am seeking. I have created a MySQL database with 2 tables, 1 table named 'Users' with 3 columns named (1) 'userid' primary key, auto increment, (2) 'username' (3) 'password'. The other table is named 'UserCount' with 2 columns named (1) 'username' (2) 'count'. Can someone provide the PHP coding for the following process? When a new user registers a new username firstly PHP to check the characters are in lowercase a-z only and no other characters, and reject if they do not match, then for PHP to check to see if that username exists in the 'UserCount' table. If it doesn't exist, PHP to insert the new username into the 'username' column and also set the value of the 'count' column to 1. If the username does exist, PHP to add that username to the 'username' column and increment the value of the 'count' column by 1. Then in the 'Users' table PHP to insert a record with 'Users.username = UserCount.username + count' and PHP to inform the new user of their complete username including the integer that has been added to their first entered username. It would also help if I could be provided a link to a website on where I can better understand how to collate coding of this kind, coz I have tried to formulate this coding but as I'm playing around in the dark I have no idea if it is the right process in particular considering security factors. database.php Code: [Select] <?php /** * Connect to the mysql database. */ $conn = mysql_connect("localhost", "your_username", "your_password") or die(mysql_error()); mysql_select_db('your_database', $conn) or die(mysql_error()); ?> register.php Code: [Select] <?php session_start(); include("database.php"); /** * Returns true if the username has been taken * by another user, false otherwise. */ function usernameTaken($username){ global $conn; if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "select username from Users where username = '$username'"; $result = mysql_query($q,$conn); return (mysql_numrows($result) > 0); } /** * Inserts the given (username, password) pair * into the database. Returns true on success, * false otherwise. */ function addNewUser($username, $password){ global $conn; $q = "INSERT INTO Users VALUES ('$username', '$password')"; return mysql_query($q,$conn); } /** * Displays the appropriate message to the user * after the registration attempt. It displays a * success or failure status depending on a * session variable set during registration. */ function displayStatus(){ $uname = $_SESSION['reguname']; if($_SESSION['regresult']){ ?> <h1>Registered!</h1> <p>Thank you <b><?php echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p> <?php } else{ ?> <h1>Registration Failed</h1> <p>We're sorry, but an error has occurred and your registration for the username <b><?php echo $uname; ?></b>, could not be completed.<br> Please try again at a later time.</p> <?php } unset($_SESSION['reguname']); unset($_SESSION['registered']); unset($_SESSION['regresult']); } if(isset($_SESSION['registered'])){ /** * This is the page that will be displayed after the * registration has been attempted. */ ?> <html> <title>Registration Page</title> <body> <?php displayStatus(); ?> </body> </html> <?php return; } /** * Determines whether or not to show to sign-up form * based on whether the form has been submitted, if it * has, check the database for consistency and create * the new account. */ if(isset($_POST['subjoin'])){ /* Make sure all fields were entered */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /* Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /* Check if username is already in use */ if(usernameTaken($_POST['user'])){ $use = $_POST['user']; die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one."); } /* Add the new account to the database */ $md5pass = md5($_POST['pass']); $_SESSION['reguname'] = $_POST['user']; $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass); $_SESSION['registered'] = true; echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; return; } else{ /** * This is the page with the sign-up form, the names * of the input fields are important and should not * be changed. */ ?> <html> <title>Registration Page</title> <body> <h1>Register</h1> <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> <tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr> </table> </form> </body> </html> <?php } ?> Today I noticed something quite strange on youtube. This: http://www.youtube.com/user/mcgloomy Not the profile by itself, but the way the username can be added there to take us to the profile. I mean, USER must be a folder, but I really doubt MCGLOOMY is another folder, even if it looks like it is. I've read about using htaccess to hide the file name of a folder, but... How does this youtube thingy happens? Hello, After searching for some hours I don't get an answer for my question . I have a login index with session_start and register the user information with : Code: [Select] $_SESSION['user'] = $r['username']; $_SESSION['loggedin'] = true; In that index file, it echo the right username that's logged in. On the other files, it echo always "root". My other files are combined with - Header.php ( Start of validation of session ) - Page.php ( Validate again ) - Footer.php ( End the validation of footer ) All files have a session start and if not logged in redirects to index file to login again. The problem, somewhere I have an error that I can't discover.. Could you please help me ? Header.php Code: [Select] <?php session_start(); include("connect.php"); include("../inc/config.php"); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> MY OWN CODE <?php } else{ Header("Location:index.php"); } ?> PAGE.PHP Code: [Select] <?php session_start(); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> <?php include("header.php"); $session = session_decode(session_id()); $result = mysql_query("SELECT * FROM admutilizador WHERE id='$session'") or die(mysql_error()); $row = mysql_fetch_array($result); ?> MY OWN CODE <?php include("footer.php"); ?> <?php } else{ Header("Location:index.php"); } FOOTER.PHP Code: [Select] <?php session_start(); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> MY OWN CODE <?php } else{ Header("Location:index.php"); } Can someone help me ? thanks in advance. P.S. I used a test session var $_SESSION['test'] = "TEST"; and it keeps the records in other pages. Using the $_SESSION['user'] = $r['username']; ( info from DB that returns the right username in the same page, echoing it in other pages always output root. Hope this test could help anyone too. Hello I am trying to add an IF statement to my login script so that if the username entered is 'admin' it directs to 'adminpage.php Here is my script: <?php include ("connection.php"); session_start(); // Collect data from form and save in variables //See if any info was submitted $Username = $_GET['Username']; //Clean data - trim space $Username = trim ( $Username); //Check its ok - if not then add an error message to the error string if (empty($Username)) $errorString = $errorString."<br>Please supply Username."; //See if any info was submitted $Password = $_GET['Password']; //Clean data - trim space $Password = trim ( $Password); //Check its ok - if not then add an error message to the error string if (empty($Password)) $errorString = $errorString."<br>Please supply Password."; // Query to search the user table $query= "SELECT * FROM Users WHERE Username='$Username' AND Password='$Password'"; // Run query through connection $result = mysql_query ($query); $row = mysql_fetch_assoc($result); // if rows found set authenticated user to the user name entered if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"] = $Username; $_SESSION['UserID'] = $row['UserID']; // Relocate to the logged-in page header("Location: loggedon.php"); } else // login failed redirect back to login page with error message { $_SESSION["message"] = "Could not connect as $Username " ; header("Location: login.php"); } ?> Thank you I don't know anything about php and I'm trying to fix these two links. One of which will bring the user to view's his/her profile to view it and the other will bring the user to his/her profile to edit. I'm sure it's just a matter of deleting a space or adding some sort of variable but I just don't know. <br><a href="http://mysailingconnection.com/using-this-website"><Font color="#000033"><b>Using This Website</b></font></a><br><br><a href="/members/<?php global $current_user; echo $current_user->user_login;?>/profile/">Click here to visit your profile.</a> </p><a href="/members/<?php echo $current_user->user_login;?>/profile/edit/">Click here to edit your personal profile.</a><br /> Hi, iam pretty new and have made a forum style page for intern project display. ATM i use a standard php loginscript, just so i can add the author of the text. But as you can imagine thats pretty inconvinient. Is their a way to get the username from my roaming profil or from the current AD user (dont need to auth, just so i can add my nameunder post, like i login on windows with username "Heinz", and write a post on my side, so he can take the username "Heinz" and display it beneth the post? iam pretty clueless where to start looking, would you be so nice and provide me some topic/hints to give me a push in the right direction.
Sry if my english is..... a bit rubbish. i greatfull for all your time sincerly Nasten Hey Guys Im following PHPACADEMY tutorial for integrating login. Im on the second video The problem im getting is when i enter in my login and password from my table in my database [(alex, abc) I tried copying them directly also] "I get the error that user doesn't exist" index.php Code: [Select] <html> <form action='login.php' method='POST'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br> <input type='submit' value='Log In'> </form> </html> Login.php Code: [Select] <?php $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { $connect = mysql_connect("localhost","root","") or die ("couldnt connect"); mysql_select_db("phplogin") or die ("could not connect to db"); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrow = mysql_num_rows($query); if ($numrows!=0) { //code to login } else die("that user doesn't exist"); } else die("Please Enter username and password"); ?> |