[djburnage]

Hi
Here come's another one of my stupid questions that could probally be solved by a line of php code. Now i have a registartion script for my wesbite but it lets people sign up witht the same user name so i need a bit of code to go with this script to stop this from happeing. All of the login data is stored in a mysql database. Hope you can help

PHP Code:

$sql = mysql_connect( 'server' , 'username', 'password') or die(mysql_error());

mysql_select_db('database name') or die('Could not select database');

  $errors = "";

  if (!isset($_POST['username']))

    $errors .= "Please provide a username. <br/>";     

  if (!isset($_POST['password']))

    $errors .= "Please provide a password. <br/>";



  if (!isset($_POST['email']))

    $errors .= "Please provide an email address. <br/>";

  if (!isset($_POST['group']))

    $errors .= "Please provide a group. <br/>";

  if ($errors == "") {

    mysql_query("INSERT INTO login VALUES(

                        '',

                        '".addslashes($_POST['username'])."',

                        '".addslashes($_POST['password'])."',

                        '".addslashes($_POST['email'])."',

                        '".addslashes($_POST['group'])."'

                        )") or die(mysql_error());



    echo include('successful.php');



  } else {



     echo $errors."Please go back and try again.";



  } 

Thanks in advance

[UnrealEd]

you just have to check in the database if there's allready a username like the one that is filled in by the user. It's a SELECT query, and afterwards you count the number of rows. If they number is zero, there's no such username, and therefore this username can be registrated

UnrealEd

[stormshadow]

But what I would add to your code is hashing to your password. Such as MD5 with a salt. so when you store the data it would be $password = md5('my.super.secret.salt'. addslashes($_POST['password']));

[job0107]

What do you have in successful.php ? Right now all I see is you adding an entry to the data base. This looks like a registration program, not a login program.

[job0107]

Before you insert the record you need to check if it already exists in the data base.

[djburnage]

Thanks
Im probally going sound stupid but im new to mysql and i was wondering if someone can explane how to make the query i need for the script.
Cheers

[grafman]

Check out mysql's EXIST and NOT EXIST clauses for update, insert, and select

and NOTFOUND for select:

Code:

select <somevalue> from table_name where <somevalue> = '<input value>'
if %NOTFOUND
INSERT INTO table_name (<your fields>)  (<your values>)
else
Update table_name set (<your fields>)  (<your values>)

This one will insert if it doesn't exist and update if it does. For what you want you can leave off the else statement, however, this is a good all purpose sql clause that will let you use one query to do several jobs.

Make sure that you have an id field that autoincrements.

Also, there are md5 hashing tools for javascript so that you can encrypt your password right out of the web form so that it doesn't go over the wire in plain text and both php and mysql have md5 functions. ALWAYS salt your md5!!!

[grafman]

If you want users to not be able to login more than once, you can do several things there as well.

If you are tracking them using session management, then set a value of "loggedin" or something like that when they login. In the login program check to see if they are already logged in by checking for that session value right after you validate they are a legitimate user.

You can also use a database record or set a cookie to record whether or not they are logged in. The only disadvantage to this method making sure that the cookie is cleaned up and that you do session cleanup to remove the user's login footprints.

In my user records I setup these columns:

softlogin: true/false - allows or denies multiple logins
softlogincount: int - sets the number of sessions they can login to
ipcheck true/false - allows or denies ip restriction
allowedip varchar - sets the ip range of ips or the ip mask that a user can login from
allowedtimes - datetime - sets the time windows that a user can login from. Handy for limiting access to "work" hours and "business" days.

These five columns give you tremendous flexibility in allowing or denying access to your apps and once you set it up its easy to do some really good things to control your application.

I also have a more complex permissions module that not only controls access to the app via login but it does permissions as well controlling what programs, operations, and even what fields a user has. Users are broken down into individuals, classes, and groups. These are controlled by permissions masks. Its not really that complicated. Its 3 db tables and about 50 lines of code to do the work and a single input screen to administer the masks.

[djburnage]

Hi
Thanks but were do i put that in the script above as ive tryed it and it gave me an error

[grafman]

The script that you have is a registration script as stated by other posters. It just creates a new user and doesn't log them in. The script you posted can only create duplicate users. Look at my first post about the sql statement for one possible solution.

The second post that I made addresses your question about multiple logins. You don't seem to have a login script. You are just creating users. A login script would run a sql query that checks to see if the user is already in the database and then allows them to go forward into the application if their credentials are correct.

Short answer, you need to write a login script to go with your "registration" script. I posted one the other day that is very raw but it will give you a good start:

http://www.programmingtalk.com/showt...ighlight=login

In that one I used a single login hard coded in the script. You would use a database query.

Make sure to read the caveats at the bottom of that post.