Member Avatar for web3

How i put to my register error if user already exists.
My code:

<?php
include "connect.php";
echo "<h1>Register</h1>";
$num = 0;
$submit = $_POST['submit'];
$username = $_POST['username'];
$password = $_POST['password'];
if ($submit){
if ($username){
if (strlen($username) > 20){
$num ++;
echo "<tr><td>".$num.". Username is too long.(3-20)</td></tr><br />";
}
}
if ($username){
if (strlen($username) < 3){
$num ++;
echo "<tr><td>".$num.". Username is too short.(4-20)</td></tr><br />";
}
}
if ($password){
if (strlen($password) > 20){
$num ++;
echo "<tr><td>".$num.". Password is too long.(6-20)</td></tr>";
}
}
if ($password){
if (strlen($password) < 5){
$num ++;
echo "<tr><td>".$num.". Password is too short.(6-20)</td></tr>";
}
}

if ($num == 0){
echo "Success!";
include "connect.php";
$queryreg = mysql_query("
INSERT INTO users VALUES ('','$username','$password')
");
echo "You have been registered.<a href='index.php'>Click here to return to login page.</a>";
}
}
?>
<form action="register.php" method="post">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" name="username" value="<?php echo $username; ?>" />
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" name="password" />
</td>
</tr>
<tr>
<td>
<input type="submit" name="submit" value="Register" />
</td>
</tr>
</form>
  • 2 Contributors
  • 3 Replies
  • 178 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by Will Gresham

Recommended Answers

All 3 Replies

Member Avatar for web3

Sorry for spelling title wrong.

Member Avatar for Will Gresham

Couple of issues, your script does not provide a response for if the username or password is blank, also there are redundant lines of code.

Another thing, you should be hashing the passwords (MD5 at a minimum)

I will rework the code for you and post up a possible solution.

EDIT:
This should work for the actual logic... although there is no security added, you will still need to protect it from injection and other nasties.

// Put together a query to see if the username exists
$query = "SELECT COUNT(username) FROM `users` WHERE `username` = '$username'";
$result = mysql_fetch_array( mysql_query( $query ) )or die(mysql_error());
if($result[0] != 0) {
  echo "<tr><td>Username already exists</td></tr><br />";
} else {
  if(isset($username) && isset($password) {
    if(strlen($username) > 20) {
      echo "<tr><td>Username is too long.(3-20)</td></tr><br />";
    } elseif (strlen($username) < 3) {
      echo "<tr><td>Username is too short.(4-20)</td></tr><br />";
    }
    if (strlen($password) > 20) {
      echo "<tr><td>Password is too long.(6-20)</td></tr>";
    } elseif (strlen($password) < 5) {
      echo "<tr><td>Password is too short.(6-20)</td></tr>";
    }
    // Add the user to the database here
  } else {
    if(!isset($username) {
      echo "<tr><td>Username not supplied.</td></tr>";
    } 
    if(!isset($password) {
      echo "<tr><td>Password not supplied.</td></tr>";
    }
  }
}
Edited by Will Gresham because: Added code
Member Avatar for Will Gresham

Cant edit the post above any more.. but if you need clarification on the script, just ask :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.