PHP - Check Username Against Db While Being Entered

Hi all, i have a script which checks the username field of my register form as the user types it and checks to see if the username is either taken, is too short or availible using jquery, however it isn't working and i've been staring at it for ages trying to work out why.

Due to the length of my code ive put it on codepad.

Here is my register.php: http://codepad.org/8REOfI8q

and here is my check.php: http://codepad.org/gXSkbnsf

My form is just displaying "Choose a username" and not changing depending on my input etc...

Any help would be great

I'm working with a registration/login system from a tutorial. It's got email validation to make sure it does not exist but I'm struggling to add the same to the username field:

Working code:

Code: [Select]
<?php

include ('database_connection.php');
if (isset($_POST['formsubmitted'])) {
    $error = array();//Declare An Array to store any error message  
    if (empty($_POST['name'])) {//if no name has been supplied 
        $error[] = 'Please Enter a name ';//add to array "error"
    } else {
        $name = $_POST['name'];//else assign it a variable
    }

    if (empty($_POST['e-mail'])) {
        $error[] = 'Please Enter your Email ';
    } else {


        if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) {
           //regular expression for email validation
            $Email = $_POST['e-mail'];
        } else {
             $error[] = 'Your EMail Address is invalid  ';
        }


    }


    if (empty($_POST['Password'])) {
        $error[] = 'Please Enter Your Password ';
    } else {
        $Password = $_POST['Password'];
    }


    if (empty($error)) //send to Database if there's no error '

    { // If everything's OK...

        // Make sure the email address is available:
        $query_verify_email = "SELECT * FROM members  WHERE Email ='$Email'";
        $result_verify_email = mysqli_query($dbc, $query_verify_email);
        if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
            echo ' Database Error Occured ';
        }
    if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email .


            // Create a unique  activation code:
            $activation = md5(uniqid(rand(), true));


            $query_insert_user = "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`) VALUES ( '$name', '$Email', '$Password', '$activation')";


            $result_insert_user = mysqli_query($dbc, $query_insert_user);
            if (!$result_insert_user) {
                echo 'Query Failed ';
            }

            if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull.


                // Send the email:
                $message = " To activate your account, please click on this link:\n\n";
                $message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation";
                mail($Email, 'Registration Confirmation', $message, 'From: Admin@TheGameCo.Com');

                // Flush the buffered output.


                // Finish the page:
                echo '<div class="success">Thank you for
registering! A confirmation email
has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>';


            } else { // If it did not run OK.
                echo '<div class="errormsgbox">You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
            }

        } else { // The email address is not available.
            echo '<div class="errormsgbox" >That email
address has already been registered.
</div>';
        }

    } else {//If the "error" array contains error msg , display them
        
        

echo '<div class="errormsgbox"> <ol>';
        foreach ($error as $key => $values) {
            
            echo ' <li>'.$values.'</li>';


       
        }
        echo '</ol></div>';

    }
  
    mysqli_close($dbc);//Close the DB Connection

} // End of the main Submit conditional.



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Game Name - Home</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>

<div id="container">
<div id="header">
<?php include("includes/header.php"); ?>
</div>
<div id="nav">
<?php include("includes/nav.php"); ?>

</div>
<div id="content">
<form action="index.php" method="post" class="registration_form">
  <fieldset>
    <legend>Registration Form</legend>

    <p>Create A new Account<br />Already a member? <a href="login.php">Log in</a></p>
   
    <div class="elements">
      <label for="name">Username:</label>
      <input type="text" id="name" name="name" size="25" />
    </div>
    <div class="elements">
      <label for="e-mail">E-mail:</label>
      <input type="text" id="e-mail" name="e-mail" size="25" />
    </div>
    <div class="elements">
      <label for="Password">Password:</label>
      <input type="password" id="Password" name="Password" size="25" />
    </div>
    <div class="submit">
     <input type="hidden" name="formsubmitted" value="TRUE" />
      <input type="submit" value="Register" />
    </div>
  </fieldset>
</form>
</div>
<div id="footer">
<?php include("includes/footer.php"); ?>
</div>
</div>
</body>
</html>


I've tried adding this after the email verification:

Code: [Select]
// Make sure the user is available:
        $query_verify_user = "SELECT * FROM members  WHERE Username ='$name'";
        $result_verify_user = mysqli_query($dbc, $query_verify_user);
        if (!$result_verify_user) {
            echo ' Database Error Occured ';
        }
}
    if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user .
But that just returns me with:

It works to stop username/email duplication but now returns:

Query Failed You could not be registered due to a system error. We apologize for any inconvenience.

Not sure where I'm going wrong tbh.

Ok so I'm still having problems. This is what I need:
I want a function to echo a message if a username does not pass my requirments.

  - Only letters and / or numbers
 - Must start with a letter (not a number)
 - No spaces

The current code is not working for me. Please help
Code: [Select]
}else if (!(eregi('/[A-Za-z0-9-]+',($_POST["username"])))){
echo "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><br />Must only contain numbers and letters and cannot exceed 10 characters.<p>&nbsp;</p><p>&nbsp;</p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>";

I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to.

e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username?

What's the best choice? Just too many attempts for a username? Or also use the ip address?

And should I store the attempts in the session, or the DB?

Hi guys
Can someone help me about this:
The php code can be revise username and password with CURL then check database and if username & password is correct return true else false.

Thanks

I am working on a web form in PHP which accepts a Paypal Email address from the user.

I need to authenticate (validate or check) if the Paypal email address entered is a valid Paypal email account.

Please reply.

All comments and feedback are welcomed.

Thank you!

Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code.

$sql="select * from Profile where username = '$username';
$result = mysql_query( $sql, $conn )
      or die( "ERR: SQL 1" );
if(mysql_num_rows($result)!=0)
{
process form
}
else
{
echo "That username already exist!";
}


the current code of the form


<?PHP
//session_start();
require_once "formvalidator.php";
$show_form=true;

if (!isset($_POST['Submit'])) {



$human_number1 = rand(1, 12);



$human_number2 = rand(1, 38);



$human_answer = $human_number1 + $human_number2;



$_SESSION['check_answer'] = $human_answer;
}

if(isset($_POST['Submit']))
{





if (!isset($_SESSION['check_answer'])) {
echo "<p>Error: Answer session not set</p>";
}


if($_POST['math'] != $_SESSION['check_answer']) {
echo "<p>You did not pass the human check.</p>";
exit();
}


   $validator = new FormValidator();
    $validator->addValidation("FirstName","req","Please fill in FirstName");







$validator->addValidation("LastName","req","Please fill in LastName");
$validator->addValidation("UserName","req","Please fill in UserName");
$validator->addValidation("Password","req","Please fill in a Password");
$validator->addValidation("Password2","req","Please re-enter your password");
$validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!");
$validator->addValidation("email","email","The input for Email should be a valid email value");
$validator->addValidation("email","req","Please fill in Email");
$validator->addValidation("Zip","req","Please fill in your Zip Code");
$validator->addValidation("Security","req","Please fill in your Security Question");
$validator->addValidation("Security2","req","Please fill in your Security Answer");
    if($validator->ValidateForm())
    {
        $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error());
        mysql_select_db("beatthis_beatthis") or die(mysql_error());
$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file
$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file
$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file
$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file
$Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file
$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file
$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file
$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file
$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file
$Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file



$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 
//echo $sql;
if (!mysql_query($sql,$con)) {

 die('Error: ' . mysql_error());

} else{



mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);

echo "<h3>Your profile information has been submitted successfully.</h3>";
}

mysql_close($con);
        $show_form=false;
    }
    else
    {
        echo "<h3 class='ErrorTitle'>Validation Errors:</h3>";

        $error_hash = $validator->GetErrors();
        foreach($error_hash as $inpname => $inp_err)
        {
            echo "<p class='errors'>$inpname : $inp_err</p>\n";
        }        
    }
}

if(true == $show_form)
{
?>

ISSUE.
A User enters information into a form.
If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example,
"The username $username already exists."
If the username is 'mattd' then the message should say, "The username mattd already exists."

Within my php application, I have included 'inline html'.
Here is part of the code:   ....
if (mysql_num_rows($query_run)==1) {
// it will never = more than one because only
//one user will or will not exist
?>

<html>
</body>
<h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1>
</body>
</html>

<?php
}else{
//start the registration process
$query = "INSERT INTO `Names` VALUES
....   1. At one point I did get this: "The username mattd already exists."
2. But now I only get "The username already exists."
I am not retrieving the $username variable.
  This screenshot is found he
http://imgur.com/lIwLZ1G


thanks.

While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase?  Or is this best handled later on, when the name is being used and called from the DB.

PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves.

Here is my code for entering data into the database
Code: [Select]
<?php
ini_set("display_errors",false);
$link = mysql_connect('mysql5.000webhost.com', 'a9634375_dragons', 'samantha8',true); if (!$link) {      die('Could not connect: ' . mysql_error()); }
mysql_select_db("a9634375_dragons") or die(mysql_error());
$ids=$_GET['checkboxes'];

$user = $_GET['user'];
$young = unserialize(file_get_contents('http://www.dragcave.net/api/samantha8/serialize/user/'.$user.''));

foreach ($young['dragons'] as $key => $value) {
$querya = "DELETE FROM hatch WHERE code='$key'";
$queryb = "DELETE FROM er WHERE code='$key'";
$queryc = "DELETE FROM eggs WHERE code='$key'";
mysql_query($querya);
mysql_query($queryb);
mysql_query($queryc);
}
echo '<br>Dragons updated.<br>';
 echo 'Dragons now entered:<br>';
foreach ($ids as $hey) {
echo '<br><a href="http://www.dragcave.net/view/'.$hey.'" target="frame1"><img src="http://www.dragcave.net/image/'.$hey.'.gif" border="0"></a>&nbsp;';

$data = unserialize(file_get_contents('http://www.dragcave.net/api/samantha8/serialize/view/'.$hey.''));
$hrsleft = $data['dragons'][$hey]['hoursleft'];
$hatch = $data['dragons'][$hey]['hatch'];

if ($hrsleft < 96) {
$query3 = "INSERT INTO er(code) VALUES('$hey')";
mysql_query($query3);
echo 'Dragon has been entered into the ER.<br>';
}
else
{
if  (! $hatch) {
$query4 = "INSERT INTO eggs(code) VALUES('$hey')";
mysql_query($query4);
echo 'Egg has been entered into the Nest.<br>';
}
else
{
$query2 = "INSERT INTO hatch(code) VALUES('$hey')";
mysql_query($query2);
echo 'Hatchling has been entered into the Nursery.<br>';
}
}
}

?>
My table is simply set up with three fields
er
egg
hatch

What am I doing wrong?
Thank you in advance!

Hey guy

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("Examination", $con);

$sql="INSERT INTO Test (Tes_Name, Tes_Description)
VALUES
('$_POST[Tes_Name]','$_POST[Tes_Description]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?> 

This is my code and I can enter Tes_Name on to mysql but nothing is shown for Tes_Description.

The form is

Code: [Select]
<html>

    <body>

<h3>Test</h3>

<table border="0">
<form method="POST" action="try2.php">
<tr><td>Tes_Name</td><td>:</td><td><input type="text" name="Tes_Name" size="20"></td></tr>
<tr><td>Tes_Description</td><td>:</td><td><input type="Tes_Description" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Submit"></td></tr>
</form>
</table>

</body>
</html>

Hi i m new with php.
i entered data in fckeditor ,now i want to save that data in file with.html extension.
please anybody has idea then help me....

Hello guy , how do I write PHP page that have table to list all the data I entered to my system.    

I've put together a very simple form & processing script for my site.. Everything works great except the body of the email i receive when the form is submitted contains everything but the info that has been entered into the fields. I'm sure it's something simple that I'm overlooked, but I'm officially stumped.  What am I doing wrong here? 
<?php
$mymail = 'ordietryingodt@yahoo.com';
$cc = 'New Recruit To Add!';
$BoDy = ' ';
$FrOm = 'FROM:' .$_POST['t1'];
$FrOm .= 'Reply-To:' .$_POST['t1'];
$FrOm .= 'X-MAILER: PHP'.phpversion();
$BoDy .= 'Quake Live Name: ';
$BoDy .= $_POST['t1'];
$BoDy .= "\n";
$BoDy .= 'Age: ';
$BoDy .= $_POST['t2'];
$BoDy .= "\n";
$BoDy .= 'Residing Country: ';
$BoDy .= $_POST['t3'];
$BoDy .= "\n";
$BoDy .= 'Favorite Game Type: ';
$BoDy .= $_POST['t4'];
$BoDy .= "\n";
$send = mail("$mymail", "$cc", "$BoDy", "$FrOm");

if($send)
{
echo '<html><head>';
echo '<meta http-equiv="refresh" content="0;URL=/submitted.htm">';
echo '</head><body>Email send....';
echo '</body></html>';
}
?>

hi,
i have a search engine that searches keywords in mysql database...

i have a simple form but if someone enters a load of spaces it displays the whole database contents.. also i wanna remove any words less then 3 characters being searched for..
i have

(strlen($search)<=3)

what else should i add??

cheers