473,221 Members | 1,757 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,221 software developers and data experts.

Signup Problem

Ok... this is my third problem today, but here goes:
On my signup page for my login system on my website, I have some code that is supposed to check if a username is already taken and give an error if it is. The problem is that I submit a set of values, and it works as expected. Then I submit the same set of values, and it enters them into the database anyways. this is my code:
[PHP]
<?php
session_name("SIGNUP");
session_start();
$_SESSION['Error'] = 0;
$_GLOBALS['Username'] = ucwords(strtolower($_POST['Username']));
$_GLOBALS['RSUsername'] = ucwords(strtolower($_POST['RSUsername']));
$_GLOBALS['Password'] = ucwords(strtolower($_POST['Password']));
@mysql_connect("mysql3.freehostia.com", "jonaxt3_general", "******") or die("Cannot Connect To DB!");
@mysql_select_db("jonaxt3_general") or die("Cannot Select DB!");
$sql = "SELECT username FROM users WHERE username = '" . $_GLOBALS['Username'] . "';";
$r = mysql_query($sql);
if (mysql_num_rows($r) != 0)
{
$_SESSION['Error'] = "That Username Is Already Taken";
}
$sql = "SELECT rsusername FROM users WHERE rsusername = '" . $_GLOBALS['RSUsername'] . "';";
$r = mysql_query($sql);
if (mysql_num_rows($r) != 0 && $GLOBALS['Error'] == 0)
{
$_SESSION['Error'] = "That Runescape Username Is Already Taken";
}

if ($_SESSION['Error'] == 0)
{
$sql = "INSERT INTO users (username, password, rsusername) VALUES('" .
$_GLOBALS['Username'] .
"','" .
$_GLOBALS['Password'] .
"','" .
$_GLOBALS['RSUsername'] .
"');";
$r = mysql_query($sql);
if(!$r) {
echo "Error!";
$err=mysql_error();
print $err;
exit();
}
header("Location: index.htm");
}
else
{
header("Location: signupform.php");
}
?>
[/PHP]
It started when I added the lines:
$_GLOBALS['Username'] = ucwords(strtolower($_POST['Username']));
$_GLOBALS['RSUsername'] = ucwords(strtolower($_POST['RSUsername']));
Jul 17 '07 #1
2 1736
Atli
5,058 Expert 4TB
In line #23; any value $_SESSION['error'] has, other than FALSE or a number greater than zero, will be evaluated as true.
By that I mean:
Expand|Select|Wrap|Line Numbers
  1. 0 == TRUE. 
  2. 1 or higher == FALSE.
  3. "Any text" == TRUE.
  4.  
Which would mean that the if statement in line #23 will consider any error message to be 0 (or TRUE).

Consider this:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     $error = 0;
  3.  
  4.     $error = "Hello";
  5.  
  6.     if($error == 0) { // "Hello" == 0 == TRUE
  7.         echo "No error";
  8.     }
  9.     else {
  10.         echo "Error!";
  11.     }
  12. ?>
  13.  
This will echo "No error"


Also...

Why do you put the user info into $GLOBAL? You could just as well create normal variables, which would be much safer (theoratically).
Also, why do you put the 'Error' variable in the Session?

The password shouldn't be capitalized with the ucwords() function like the usernames are.
You should also consider hashing the passwords using SHA1 or MD5, just to make them more secure.
Jul 17 '07 #2
Thank You for your response, and I will try it as soon as possible.
Jul 17 '07 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

6
by: Rudi Ahlers | last post by:
I tried the following: http://intranet/signup.php?Domain=newdomain.com, and it doesn't seem to return any values In my script I have the following: <? print $_POST; $DomainName = $_POST;...
3
by: David | last post by:
hi i have a basic signup POST form, with php on the same page. how do i return to this page with all the entries still present, yet with a message at the top, for when the user enters one...
3
by: Dustin | last post by:
I am developing a website where users can sign up for a service. They essentially can become a memeber. It will allow anyone to sign up, but I need to make it so only humans can sign up. I need...
2
by: .Net Sports | last post by:
I need to find a script that whereas a user signs up for your website and when he hits submit, an email goes to his email box with a confirmation link (generated by random number) for him to click...
6
by: atcohaz | last post by:
Hi everybody, I have a personal server (I learning) with Linux with using Cpanel I only need such script which enables me to create email accounts without logging into cPanel. And in which I...
0
by: jon | last post by:
Hey, i've been trying to create a signup page that asks for a username, password and then to confirm the password. It is suppose to check how long both of them are, and if the passwords line up,...
1
by: siddu | last post by:
Hi .. I am having signup page that contains username,pwd,confpwd,Email,Address and one save button . when user enter his details and press save button it should save details in database. i have...
2
by: fredtbx | last post by:
Using ASP.NET 2.0 Login control and CreateUserWizard Hi, I can't figure out how, when I have the Login control up on Login.aspx and if the user doesn't have an account, to point to Signup.aspx...
1
by: kang jia | last post by:
hi when user entered particulars in signuppage and click" signup" button, i will direct them to do_signup.php. if say the NRIC is dupicate in datebase, i will redirect them back to signup page...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.