email check problem in a sign up script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

email check problem in a sign up script

Post by m3rajk »

this section is NOT working right it should error on people using the same e-mail address, yet it allowed a friend to sign up with the same one twice

Code: Select all

elseif($step==3){ # make sure the username, e-mail and passwords are ok
    $db=mysql_connect($host, $login1, $pass1) or die("cannot access mysql"); # connect
    $fyd=mysql_select_db('findyourdesire', $db) or die("cannot connect to db"); # select the db
    $user=mysql_query("SELECT * FROM users WHERE username='$un'",$db); # is there a user by that name?
    if(!(preg_match('/\w+/', $un))){$err=TRUE; $errs[]='Your Member Name has invalid characters.<br>Only Alpha-Numeric characters and underscore are accepted'; $step=2;}
    elseif(mysql_num_rows($user)>0){$err=TRUE; $errs[]='That name is already in use. Please choose a new Member Name.'; $step=2;}
    if(strlen($pw)<6){ $err=TRUE; $errs[]='Your Password <b>MUST</b> be at least 6 characters'; $step=2;}
    if($pw!==$pwc){ $err=TRUE; $errs[]='Your Password <b>MUST</b> match the check exactly'; $step=2;}
    if(!(preg_match('/^[\w\.\-]+@[\w\.\-]+\.\w\w\w?$/', $email))){$err=TRUE; $errs[]='Your E-Mail address does not appear to be valid'; $step=2;}
    else{
      $mail=mysql_query("SELECT * FROM users WHERE email='$email'",$db); # was this email used already?
      if(mysql_num_rows($mail)>0){ $err=TRUE; $errs[]='You already have an account. Click <a href="pass.php">here</a> to get your username and password sent to you.'; }
    }
does anyone have any clues?
Last edited by m3rajk on Sun Sep 07, 2003 12:40 pm, edited 1 time in total.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

*bump*
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Debugging may be easier if the code is easier to read:

Code: Select all

<?php

elseif ($step == 3) {
    $db = mysql_connect($host, $login1, $pass1) or die('cannot access mysql');
    mysql_select_db('findyourdesire', $db) or die('cannot connect to db');

	// separate your SQL queries from the mysql_query() call - it will save
	// you many headaches in the long run.
	// don't select all the records if you only need to know how many are
	// returned, either use COUNT() or select on only one field.
	$sql    = "SELECT username FROM users WHERE username='$un'";
    $result = mysql_query($sql, $db) or die(mysql_error().'<p>'.$sql.'</p>');

	// use spacing and formatting to make code easier to read, although
	// it may make perfect sense to you (since you wrote it) code soup
	// makes it difficult for others to read and debug your code.
	// putting multiple lines of code on one line really doesn't aid
	// readibility.
    if (!(preg_match('/\w+/', $un))) {
		$err    = TRUE;
		$errs[] = 'Your Member Name has invalid characters.<br>Only Alpha-Numeric characters and underscore are accepted'; 
		$step   = 2;
	} elseif (mysql_num_rows($result) > 0){
		$err    = TRUE;
		$errs[] = 'That name is already in use. Please choose a new Member Name.';
		$step   = 2;
	}
    
	if (strlen($pw) < 6) {
		$err    = TRUE;
		$errs[] = 'Your Password <b>MUST</b> be at least 6 characters';
		$step   = 2;
	}
    
	if ($pw! == $pwc) { 
		$err    = TRUE;
		$errs[] = 'Your Password <b>MUST</b> match the check exactly';
		$step   = 2;
	}
    
	if (!(preg_match('/^[\w\.\-]+@[\w\.\-]+\.\w\w\w?$/', $email))) {
		$err    = TRUE;
		$errs[] = 'Your E-Mail address does not appear to be valid';
		$step   = 2;
	} else {
		$sql    = "SELECT email FROM users WHERE email='$email'";
		$result = mysql_query($sql, $db) or die(mysql_error().'<p>'.$sql.'</p>');
      
		if (mysql_num_rows($result) > 0) {
			$err    = TRUE;
			$errs[] = 'You already have an account. Click <a href="pass.php">here</a> to get your username and password sent to you.';
		}
    }
}
?>
Mac
Post Reply