Ok... this is my third problem today, but here goes:
On my signup page for my login system on my website, I have some code that is supposed to check if a username is already taken and give an error if it is. The problem is that I submit a set of values, and it works as expected. Then I submit the same set of values, and it enters them into the database anyways. this is my code:
[PHP]
<?php
session_name("S IGNUP");
session_start() ;
$_SESSION['Error'] = 0;
$_GLOBALS['Username'] = ucwords(strtolo wer($_POST['Username']));
$_GLOBALS['RSUsername'] = ucwords(strtolo wer($_POST['RSUsername']));
$_GLOBALS['Password'] = ucwords(strtolo wer($_POST['Password']));
@mysql_connect( "mysql3.freehos tia.com", "jonaxt3_genera l", "******") or die("Cannot Connect To DB!");
@mysql_select_d b("jonaxt3_gene ral") or die("Cannot Select DB!");
$sql = "SELECT username FROM users WHERE username = '" . $_GLOBALS['Username'] . "';";
$r = mysql_query($sq l);
if (mysql_num_rows ($r) != 0)
{
$_SESSION['Error'] = "That Username Is Already Taken";
}
$sql = "SELECT rsusername FROM users WHERE rsusername = '" . $_GLOBALS['RSUsername'] . "';";
$r = mysql_query($sq l);
if (mysql_num_rows ($r) != 0 && $GLOBALS['Error'] == 0)
{
$_SESSION['Error'] = "That Runescape Username Is Already Taken";
}
if ($_SESSION['Error'] == 0)
{
$sql = "INSERT INTO users (username, password, rsusername) VALUES('" .
$_GLOBALS['Username'] .
"','" .
$_GLOBALS['Password'] .
"','" .
$_GLOBALS['RSUsername'] .
"');";
$r = mysql_query($sq l);
if(!$r) {
echo "Error!";
$err=mysql_erro r();
print $err;
exit();
}
header("Locatio n: index.htm");
}
else
{
header("Locatio n: signupform.php" );
}
?>
[/PHP]
It started when I added the lines:
$_GLOBALS['Username'] = ucwords(strtolo wer($_POST['Username']));
$_GLOBALS['RSUsername'] = ucwords(strtolo wer($_POST['RSUsername']));
2  1828  Atli 5,058
Recognized Expert Expert
In line #23; any value $_SESSION['error'] has, other than FALSE or a number greater than zero, will be evaluated as true.
By that I mean: -
0 == TRUE.
-
1 or higher == FALSE.
-
"Any text" == TRUE.
-
Which would mean that the if statement in line #23 will consider any error message to be 0 (or TRUE).
Consider this: -
<?php
-
$error = 0;
-
-
$error = "Hello";
-
-
if($error == 0) { // "Hello" == 0 == TRUE
-
echo "No error";
-
}
-
else {
-
echo "Error!";
-
}
-
?>
-
This will echo "No error"
Also...
Why do you put the user info into $GLOBAL? You could just as well create normal variables, which would be much safer (theoratically) .
Also, why do you put the 'Error' variable in the Session?
The password shouldn't be capitalized with the ucwords() function like the usernames are.
You should also consider hashing the passwords using SHA1 or MD5, just to make them more secure.
Thank You for your response, and I will try it as soon as possible.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Rudi Ahlers |
last post by:
I tried the following: http://intranet/signup.php?Domain=newdomain.com, and
it doesn't seem to return any values
In my script I have the following:
<?
print $_POST;
$DomainName = $_POST;
print $DomainName;
|
by: David |
last post by:
hi
i have a basic signup POST form, with php on the same page. how do i
return to this page with all the entries still present, yet with a
message at the top, for when the user enters one invalid entry?
cheers
dave
|
by: Dustin |
last post by:
I am developing a website where users can sign up for a service. They
essentially can become a memeber. It will allow anyone to sign up, but
I need to make it so only humans can sign up. I need to avoid any
automatic scripts that could create tons of bogus accounts.
What I believe is the best solution for me is to have an image appear
as part of the form they fill out to get the account. In the image
will be scrambled text. The user...
|
by: .Net Sports |
last post by:
I need to find a script that whereas a user signs up for your website
and when he hits submit, an
email goes to his email box with a confirmation link (generated by
random number) for him to click
so to ensure he has a valid email address. Does anyone know of a
package or series of scripts that works with this? I'm using CDO mail
in ASP.
Thanks
netsports
|
by: atcohaz |
last post by:
Hi everybody,
I have a personal server (I learning) with Linux
with using Cpanel
I only need such script which enables me to create email accounts without logging into cPanel. And in which I can provide our visitors email account facilities with script and User cans signup automatically and I can specific quota, username & password length etc. (and which don’t show my Cpanel username and password to users)
I have tried script
...
| | |
by: jon |
last post by:
Hey, i've been trying to create a signup page that asks for a
username, password and then to confirm the password. It is suppose to
check how long both of them are, and if the passwords line up, that
went well, but i can't make it check to see if it is being used by
someone else. heres the script, good luck.
/
*************************signup.html*******************************************************************/
<fieldset>
<form...
|
by: siddu |
last post by:
Hi ..
I am having signup page that contains username,pwd,confpwd,Email,Address and one save button .
when user enter his details and press save button it should save details in database.
i have done upto here.But my problem is:
if Email Entered already Exsists in database then it should display a message that Email already exists in Database.
For this what i have to write Code .Pls send me the Code .
i want to display user in the...
|
by: fredtbx |
last post by:
Using ASP.NET 2.0 Login control and CreateUserWizard
Hi, I can't figure out how, when I have the Login control up on Login.aspx and if the user doesn't have an account, to point to Signup.aspx which has the CreateUserWizard on it. I have the site set up so trying to access any page without being authenticated brings you back to Login.aspx.
How can I make it so from Login.aspx, if the user doesn't have an account yet, he can click a "Sign...
|
by: kang jia |
last post by:
hi
when user entered particulars in signuppage and click" signup" button, i will direct them to do_signup.php. if say the NRIC is dupicate in datebase, i will redirect them back to signup page again to re-signup, however, i would like to remain all the correct infromation, and let users re-entered their NRIC. how can i do this. can i use Session, but it seems cant work. any one can help me?
my code in signup page is like this:
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
