[williamh26]

I am trying this code ,, the problem is that when mysql check the username against the database and the username exits in the database it still added to the database how fix it!!! Thank you

PHP Code:

<?php





// execute script only if form has been submitted

if (array_key_exists('register', $_POST)) {

  // remove backslashes from the $_POST array



 include("mylibrary/login.php");

$firstname = $_POST['firstname'];

$lastname = $_POST['lastname'];

$email = $_POST['email'];

  // check length of username and password



  $username = trim($_POST['username']);



  $password = trim($_POST['password']);

  // initialize error array

  $message = array();

  //Check for empty firstname

  if(empty($_POST['firstname'])){

       $message[]= 'Please enter your First Name';

  }

  //Check for empty lastname

  if(empty($_POST['lastname'])){

       $message[]= 'Please enter your Last Name';

  }

  //check for email

   if(!preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email)) {

    $message[] = 'Email is not valid';



     }

  // check length of username

  if (strlen($username) < 6 || strlen($username) > 15) {

    $message[] = 'Username must be between 6 and 15 characters';

    }

  // validate username

  if (!ctype_alnum($username)) {

    $message[] = 'Username must consist of alphanumeric characters with no spaces';

    }



  // check password

  if (strlen($password) < 6 || preg_match('/\s/', $password)) {

    $message[] = 'Password must be at least 6 characters with no spaces';

    }

  // check that the passwords match

  if ($password != $_POST['conf_pwd']) {

    $message[] = 'Your passwords don\'t match';

    }

  // if no errors so far, check for duplicate username

  if (!$message) {



    // check for duplicate username

    $checkDuplicate = "SELECT user_id FROM users

                       WHERE username = '$username'";

    $result = mysql_query($checkDuplicate) or die(mysql_error());

    $numRows = mysql_num_rows($result);

    // if $numRows is positive, the username is already in use

    if ($numRows) {

      $message[] = "$username is already in use. Please choose another username.";

    }



     $sql_email_check = mysql_query("SELECT email FROM users WHERE email='$email'");

     $email_check = mysql_num_rows($sql_email_check);



    if(($email_check > 0) || ($username > 0)){

     $message[]= 'Please fix the following errors: <br />';

     if($email_check > 0){

         $message[]= '<strong>Your email address has already been used by another member in our database. Please submit a different Email address!<br />';

     }

     }

     }

     

    // otherwise, it's OK to insert the details in the database

    else {



      // create key

      $key = 'takeThisWith@PinchOfSalt';

      // insert details into database

      $insert = "INSERT INTO users (firstname, lastname, email, username, password,signup_date)

                 VALUES ('$firstname','$lastname','$email','$username', ENCODE('$password', '$key'),NOW())";

      $result = mysql_query($insert) or die(mysql_error());

      if ($result) {

        $message[] = "Account created for $username";

        }

      else {

        $message[] = "There was a problem creating an account for $username";

        }

      }

    }





?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Register user</title>

<link href="../assets/admin.css" rel="stylesheet" type="text/css" />

</head>



<body>

<h1>Register user</h1>

<?php

if (isset($message)) {

  echo '<ul class="warning">';

  foreach ($message as $item) {

    echo "<li>$item</li>";

    }

  echo '</ul>';

  }

?>

<form id="form1" name="form1" method="post" action="">



     <p>

        <label for="firstname">Firstname:</label>

        <input type="text" name="firstname" id="firstname"

        <?php if(isset($missing)) { echo 'value="'.htmlentities($_POST['name']).'"';}?>

    </p>



    <p>

        <label for="username">Lastname:</label>

        <input type="text" name="lastname" id="lastname"

        <?php if(isset($missing)) { echo 'value="'.htmlentities($_POST['lastname']).'"';}?>/>

    </p>



    <p>

        <label for="username">Username:</label>

        <input type="text" name="username" id="username"

        <?php if(isset($missing)) { echo 'value="'.htmlentities($_POST['username']).'"';}?>/>

    </p>

    <p>

        <label for="email">Email:</label>

        <input type="text" name="email" id="email"

        <?php if(isset($missing)) { echo 'value="'.htmlentities($_POST['email']).'"';}?>/>

    </p>

    <p>

        <label for="password">Password:</label>

        <input type="password" name="password" id="pwd" />

    </p>

    <p>

        <label for="conf_pwd">Confirm password:</label>

        <input type="password" name="conf_pwd" id="conf_pwd" />

    </p>

    <p>

        <input name="register" type="submit" id="register" value="Register" />

    </p>

</form>

</body>

</html>

[UnrealEd]

I think there's something wrong with the logic behind your script. This is what I read when looking at your script (after checking each and every input field for valid contents):

Code:

check: is the $messages array empty?
  answer: yes
    act: let's check if the username exists
    check: does it exist?
      answer: yes
        act: set an error message
    check: does the email address already exist and is a username set?
      answer: yes
        act: set an error message
  answer: no
    insert the user into the database

As you can see: your user is created when an error occured during the validation, and will never ever be created when no errors were found when validating.