I have a register form that goes through the following steps:
Fill in user information (name,adress,etc.) and username
If user presses the submit button, it is checked if username is already in the database or not
If username is already in use, he must rename username, if not, it is shown what he has entered (name,adress etc.).
He has to confirm the website rules and that his input data is correct. If he presses the confirm button, a row with his details and username will be inserted in the database.
I do not want to insert the row in the database after step 2., because I dont want rows from users in my database that did not confirm the rules. Also I want to keep step 3., so the user can make sure that his data is correct. Unfortunately, at the moment the code cant prevent the unlikely case that two user register at the same time with the same username. How does one prevent this case in general? I know there are a lots of php forms out there who proceed with these 4 steps.
EDIT: Sorry, that I didn't make it clear enough: I am not concerned about double entries in my database, this can be prevented by setting the username field unique. I want to know how can I check in step 2. that the username is not used in the database AND not used by any other user who is currently using the registration form.
Data integrity in a database should be ensured by the database, not by the interface.
This means that if you want UNIQUE usernames you should use the built in UNIQUE index in the database.
That way it is impossible to have two users with the same name, even if they registered at the same time.
UPDATE:
Based on your last edit I would could create a temporary table where you would insert the username in Step 2, supposing it doesn't exist in your users table. That way a user can "lock" a username until they complete registration in Step 4.
Once they reach Step 4 you move the data from the temporary table to the users table.
so here is what you can do but make sure what #chevi said .. alter your table and add unique attribute that username column... that all at backend..
now comes front end
..in the form when user has chosen/entered username you can make a ajax call which checks user entered username in your DB and returns TRUE Or FALSE accordingly you can then n there notify user that hey this user name is already taken also you can restrict user to submit that form
Related
I am integrating a user verification feature into a plugin I am developing whereby a user must verify their email address by clicking a link sent to them.
It is based on code provided on Github
At the moment I create a 'temporary' user, then delete the user from the users table. Only after verification is the user added back into the users table.
Is there a way to disable the core user registration in Wordpress so that I don't have to delete the user, therefore it is never stored in the database until it is created by the verification code?
I am finding, quite naturally, the user IDs are skipping every one digit so that for example, a verified user has an id '1' then the next is '3'.
Thanks,
Leon
The standar way to do that is through a field in the table users that is set to true for example whenever the user have validated his email via your link.
And with this field you control that if the field is not validated you dont let them sign in on you website.
So in order to apply this you need to find the sections in your wordpress that control de sign in to put the restriction with this new field
I'm going to be more specific so you can remove the downvote...
Lets think for example that you have a field named email_verify which will just contain a 1 or a 0 if the email is already validated or not.
Then you have another field for example session_token with a sha1 or random token that must be unique for the link that will validate the email when clicking on it.
You need to have a php function that catches when someone enters that link and you do it by extracting the sha1 from the link as an url parameter and searching in your table for whoever have that session_token, when you find a record with this session_token then you turn your email_verify value to 1 meaning the email is already verified and then you turn null the session_token field so the link expires.
I have a table groups with some fields including username.
In my form page, I used an Ajax call to check the username availability. It works. But if two users process the checking at the same time, both of them can see that username is available. How can I avoid this?
You need to check username on each keystroke. So when someone start entering username, on each key stroke you need to check username availabity(using ajax). Key press event you can get with using jQuery's .keypress().
Here may be one problem will occur, if before submission of one form some other user took the same username. To overcome with this problem you need to recheck the username availability on form submission as well and if at that time username is not available just provide the message that username already chosen please enter another.
I'm adding an option for my users to change their email, and I'm thinking what is the best way of doing it in a safe and fool-proof manner.. so far I have the following options
1) When user changes the email, system stores in a temporary column in the database and sends an email to the new one, requiring the user to click the link to confirm it and only then, change it (I would need 2 extra fields on my DB - temp_email and email_token)
2) When user changes the email, system would gather data from AccountID and New Email, encrypt it and send it to the new email.. when the user clicks the link, system decrypts it and changes accordingly.
I really like the second option, since it does not require saving extra fields on the database.. so my question is.. which one is a better solution? Or perhaps a third one..
I have two fields in my users table: recovery_hash and recovery_time that are updated when a user changes something. I put in a random hash and the current time.
I then send an email to that person (in your case, to their new address), and in the link is the hash (http://foobar.com/verify/randomHashG03sHere). The user clicks the link and it goes to a verify script on the server - which validates the hash and then checks to see if the current time is within an hour of the recovery_time. If both checks validate, I make the change, which, in your case would be updating the users email field with their new email address - which you could store in a separate table, or even in the same users table as a new_email field.
Since you're anticipating the user wanting to change things, you could just store the new email address in a separate table, such as users_temp.email and then update the users table with that new value after it's been validated.
You could just create another table to deal with temporary e-mail addresses (e-mail + AccountID + token + timestamp (possibly)).
I would highly avoid option 2. Keep all your data local on your server! In case someone breaks your encryption he can mess up your entire database or webservice. Especially credentials or email-addresses should never be outsourced. Option 1 is much more recommended, though the data could also be stored in a different manner.
I have a problem to make a web application where I could input a data of a customer, where user level-1 could input data and then user level-2 could check the data, and then user level-3 could approve the data and save it to database. So in every page I want to keep login with different username and password. So every level user would have their own username and password. And how can I make the application where the data that has been inputted by user level-1 in computer-1 to go to user level-2 in computer-2 for checking without saving the data to database and to user level-3 for approval in computer-3 where they would save the data ?
I'm using php and mysql. Could someone maybe give me a help? please.
you could have a second database for unapproved/unchecked data but that would not be the ideal way to do it, you would be better to do as u_mulder suggested and save to the database and have a separate column in the database table to show the status of the data
my questions are about login, and changing already saved data.
Question 1
Until now I've only saved input in the tables of the database (registration steps), now I need to check if the input (login steps), match what is in database. In fact I have 3 types of users, then I'll have to check 3 kind of tables. Then if the input data matches with one of those 3 tables I will redirect the user to their specific area.
I'm thinking about saving the submitted data $login=$_REQUEST['login']; and $password=$_REQUEST['password']; and compare with the login column in the database. Then if the login matches, I'll compare the password submitted with the one in the row, not in the column. But I don't know how to do this search and comparison, neither what to use. Then if both matches I'll redirect the user. Else I'll send a login error message; I know how to do this already.
Question 2
What if I need to change an already saved user, for example if they change their email address? My changing user's data web page is exactly the same like the registration user web page. Can I load the already saved options and values of registration? Then the user will change whatever is necessary, and then when they submit the new information, they would not create a new row in my table, but just overwrite the old information? How can I do this?
Check this out.
Then if that doesn't help a bit, take a look at this.