user is already taken?

user is already taken? - php

I have this code:
$username = $_POST["username"];
$password_input = $_POST["password"];
$password = md5($password_input);
$email_input = $_POST["emailaddress"];
$email = md5($email_input);
if (!($stmt = $con->prepare("INSERT INTO `users` (`username`,`password`,`email_address`) VALUES (?,?,?)")) || !is_object($stmt)) {
die( "Error preparing: (" .$con->errno . ") " . $con->error);
}
$stmt->bind_param('sss', $username, $password, $email);
$stmt->execute();
$stmt->close();
echo "User has been Created! Feel free to login - <a href='login.php'><span class='button color_blue'>Login</span></a>";
Within the SQL database an email/username can only be used once (UNIQUE) and I wondered if there was a way to change the echo to only appear if the data was successfully added and then a different message for if it wasn't successful.
Thanks - I'm still a rookie!
EDIT: so after using some code from the answer i am now at:
$username = $_POST["username"];
$password_input = $_POST["password"];
$password = md5($password_input);
$email_input = $_POST["emailaddress"];
$email = md5($email_input);
if (!($stmt = $con->prepare("INSERT INTO `users` (`username`,`password`,`email_address`) VALUES (?,?,?)")) || !is_object($stmt)) {die( "Error preparing: (" .$con->errno . ") " . $con->error);}
$stmt->bind_param('sss', $username, $password, $email);
$stmt->execute();
$stmt->close();
if ($con->affected_rows == 1) {echo "User has been Created! Feel free to login - <a href='login.php'><span class='button color_blue'>Login</span></a>";}
var_dump($con->affected_rows);
successful and unsuccessful INSERTS for some reason all have -1 as their "affected rows" output

The execute() method returns true if successful.
Replace:
$stmt->execute();
with:
if($stmt->execute()) {
echo "user created!";
} else {
echo "error: " . $stmt->error;
}

Yes, you just have to check if the query was successful or not:
change the end of your code by this:
$success = $stmt->execute();
$stmt->close();
if ($success)
echo "User has been Created! Feel free to login - <a href='login.php'><span class='button color_blue'>Login</span></a>";
else
echo "Impossible to create that user: ".$stmt->error;

To provide many different messages I work with flags. Simply say: if the username equals an existing db name, userExistMsg = 1.
To check if the User Exists, simply use a SELECT query in sql and ask for any entrys on the given user. This query should result in none obkects if the username is free.
Btw. You seem to use simple md5 for pw encoding. That's not verry secure. Better use something like salted passwords.

To check for successful UPDATE/INSERT/DELETE query, you would need to check if returned affected rows are more than zero.
http://php.net/mysqli_affected_rows
Returns the number of rows affected by the last INSERT, UPDATE,
REPLACE or DELETE query.
In your case:
if ($con->affected_rows == 1) {
echo "User has been Created! Feel free to login - <a href='login.php'><span class='button color_blue'>Login</span></a>";
}

Try this. This is a sample answer change this according to your code..
$username = $_POST["username"];
$password_input = $_POST["password"];
$password = md5($password_input);
$email_input = $_POST["emailaddress"];
$email = md5($email_input);
$con=mysqli_connect("HOST","USER","PASSWORD","your_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT COUNT(username) FROM users WHERE username = $username ");
$datacount2 = mysql_num_rows($result );
if($datacount2 < 1)
{
if (!($stmt = $con->prepare("INSERT INTO `users` (`username`,`password`,`email_address`) VALUES (?,?,?)")) || !is_object($stmt)) {
die( "Error preparing: (" .$con->errno . ") " . $con->error);
}
$stmt->bind_param('sss', $username, $password, $email);
$stmt->execute();
$stmt->close();
if($stmt)
{
echo "User has been Created! Feel free to login - <a href='login.php'><span class='button color_blue'>Login</span></a>";
}
else
{
echo "Insert Failed";
}
}
else
{
echo "User already exists..";
}

You could use mysqli_stmt::affected_rows to find out if rows were affected. If not, you can print out your error message

Related

if statement failure(no errors) in checking to see if two hash variables are equal

I am trying to register a user by checking if the variable in the dynamic link I sent them by email matches the hash value that is stored in mysql.
I tried debugging this. I found that $verify and $hash are indeed equal when echoed out into the browser just before my if statement.
One hash value comes from mysqli select query whereas the other comes from a $_GET[''] post.
My hash contains (=,$+) symbols. Could that be preventing it from evaluating correctly? When my code is displayed in the browser it doesn't do anything with the if statement.(I don't receive a echo of "it works" nor an echo of "it doesn't work")
If you know what this problem might be or have advise on trouble shooting it would be much appreciated. Thanks for all your help in advance.
Part of the code I seem to be having trouble with:
if ($verify === $hash ){
echo "It works!";}
else{ echo "It doesn't work!";}
I also tried evaluating it with the 2 following alternatives and they didn't work:
$values = array($verify, $hash);
if(count(array_unique($values)) === 1) {
echo "It works!";}
if (strcmp("$verify","$hash")===0){
echo "It works!";
Here is my complete code:
$servername = "localhost";
$un = "root";
$password = "";
$dbname = "secure_login";
$conn = new mysqli($servername, $un, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$username = mysqli_real_escape_string($conn,$_GET['username']);
$hash = mysqli_real_escape_string($conn,$_GET['hash']);
$sql = "SELECT hash FROM login WHERE username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$verify = $row["hash"];
}
} else {
echo "0 results";
echo "Error Selecting record: " . $conn->error;
}
echo $username;
echo $hash;
if ($verify == $hash ){
echo "It works!";
$sql = "UPDATE login SET active = 1 WHERE username = '$username'";
}
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo $conn->error;
}
$conn->close();
}

MySQL Insert occurs twice on one submit

I have this PHP file that handle's users input to signup using mysql... I have a problem with it that makes the users input be entered twice... So, this was only one input into the signup form. Below is about half of my signup form (the most useful part)...
if ($_SERVER["REQUEST_METHOD"] == "POST") {
require("db-settings.php");
// Security
if (empty($_POST['name'])) {
echo "Sorry, fullname input was empty, please retry if you like.";
die();
} else {
$fullname = $_POST['name'];
}
if (empty($_POST['email'])) {
echo "Sorry, email input was emty, please retry if you like.";
die();
} else {
$email = $_POST['email'];
}
if (empty($_POST['password'])) {
echo "Sorry, password was empty, please retry if you like.";
die();
} else {
$password = $_POST['password'];
// If password variable is success to set, let's encrypt it now!
$password = password_hash($password, PASSWORD_DEFAULT)."\n";
}
// Log users IP and store in variable
$ip = $_SERVER["REMOTE_ADDR"];
// Create connection
$conn = new mysqli($servername, $username, $db_password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO `table-ex` (fullname, email, password, ip) VALUES ('$fullname', '$email', '$password', '$ip')";
$stmt = $conn->prepare($sql);
//$stmt->bind_param('sss', $fullname, $email, $password, $ip);
$stmt->execute();
if ($conn->query($sql) === TRUE) {
echo "New user was created successfully, please wait for activation...";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
So, with all this here. I will also give the entire form section in the html code below...
<form action="signup.php" method="post">
<h1>Sign up</h1><br/>
<span class="input"></span>
<input type="text" name="name" placeholder="Full name" title="Format: Xx[space]Xx (e.g. John Doe)" autofocus autocomplete="off" required pattern="^\w+\s\w+$" />
<span class="input"></span>
<input type="email" name="email" placeholder="Email address" required />
<span id="passwordMeter"></span>
<input type="password" name="password" id="password" placeholder="Password" title="Password min 10 characters. At least one UPPERCASE and one lowercase letter" required pattern="(?=^.{10,}$)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$"/>
<button type="submit" value="Sign Up" title="Submit form" class="icon-arrow-right"><span>Sign up</span></button>
</form>
So, there must be something in the code that makes it enter in twice... Plus, how do I reset the id numbers? Cause every time I make a new user, and this happens (which is every time) then I just delete the users and it still counts as though they still exist.

It's because of this line. You don't need to put an if else statement.
if ($conn->query($sql) === TRUE) {
echo "New user was created successfully, please wait for activation...";
}
Simply do this-
$sql = "INSERT INTO `table-ex` (fullname, email, password, ip) VALUES ('$fullname', '$email', '$password', '$ip')";
$stmt = $conn->prepare($sql);
//$stmt->bind_param('sss', $fullname, $email, $password, $ip);
//Set the variables here for $fullname, $email, $password and $ip
if($stmt->execute())
{
echo "New user was created successfully, please wait for activation...";
}
else { echo "There was a problem";}
$stmt->close();
$conn->close();
UPDATE
For the id part, I assume you are using auto increment but I would suggest you to insert them manually instead of relying on it. I would suggest you to use a unique key derivation function and encoding them (in case you would prefer them to be plaintext and using them as IDs).
If you want to track how many entries are in there, you can always count the number of rows with mysqli_num_rows().

You used both execute() and query(), thus executing twice.
Firstly, it inserted 1 row at $stmt->execute();. Then it inserted another row at $conn->query($sql).
$stmt->execute();
if ($conn->query($sql) === TRUE) {
echo "New user was created successfully, please wait for activation...";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
You should only $stmt->execute();:
if ($stmt->execute()) {
echo "New user was created successfully, please wait for activation...";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
Note:
It's a better practice is to stick with prepared statements and use execute() for increased security rather than using $conn->query($sql). More information of the difference at PDO's query vs execute.

if ($_SERVER["REQUEST_METHOD"] == "POST") {
require("db-settings.php");
// Security
if (empty($_POST['name'])) {
echo "Sorry, fullname input was empty, please retry if you like.";
die();
} else {
$fullname = $_POST['name'];
}
if (empty($_POST['email'])) {
echo "Sorry, email input was emty, please retry if you like.";
die();
} else {
$email = $_POST['email'];
}
if (empty($_POST['password'])) {
echo "Sorry, password was empty, please retry if you like.";
die();
} else {
$password = $_POST['password'];
// If password variable is success to set, let's encrypt it now!
$password = password_hash($password, PASSWORD_DEFAULT)."\n";
}
// Log users IP and store in variable
$ip = $_SERVER["REMOTE_ADDR"];
// Create connection
$conn = new mysqli($servername, $username, $db_password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO `table-ex` (fullname, email, password, ip) VALUES ('$fullname', '$email', '$password', '$ip')";
$stmt = $conn->prepare($sql);
//$stmt->bind_param('sss', $fullname, $email, $password, $ip);
if ($stmt->execute()) {
echo "New user was created successfully, please wait for activation...";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$stmt->close();
$conn->close();

Handling no results returned from a prepared select statement

I'm trying to make a basic login system. User enters username + password in a form which is then posted and used in the following code:
if(isset($_POST['submit'])) {
$sql = "SELECT username, password FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if(!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$username = $_POST['username'];
$password = $_POST['password'];
var_dump($username);
var_dump($password);
$bind_result = $stmt->bind_param("ss", $username, $password);
if(!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if(!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($returned_username, $returned_password);
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
If I type in the correct username and password, everything works fine and it logs in correctly. The problems start to arise when I enter incorrect information, either using the wrong password or a username that isn't in the database. The "incorrect username or password" line has never worked at all.
My understanding of prepared statements are that once I bind the results, I can only access them in the while loop using fetch. However, if no results are found, that loop will never run, so I have no way of testing whether the query found any results or not.

I am suggest to you, use it like this:
if (isset($_POST['submit'])) {
//Checking, is a user exists with these credentials?
$sql = "SELECT COUNT(*) AS cnt FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if (!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$bind_result = $stmt->bind_param("ss", $_POST['username'], $_POST['password']);
if (!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if (!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($cnt);
$stmt->fetch();
if ($cnt > 0) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}

The problem you're having is based in the logic implemented in your code. If no user is retrieve from the database then the code that checks for the correct username and password is never run, just by changing a few lines of your code you can fix that, try this:
//this is your code at the moment
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
//replace that for this
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
}
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}

How about testing if you get any results, and if you don't throw error:
if($stmt->fetch())
{
do {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
} while($stmt->fetch());
}
else
{
echo "Incorrect username or password";
}

Fetching results from a prepared select query

I'm trying to create a basic log-in system. Username and password are entered into a form and the results are sent to this page. If I enter the correct details, it works fine, but if I try to log-in with nonsense it never displays the error message. The line seems to be skipped every single time.
if(isset($_POST['submit'])) {
$sql = "SELECT username,password FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if(!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$username = $_POST['username'];
$password = $_POST['password'];
$bind_result = $stmt->bind_param("ss", $username, $password);
if(!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if(!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($returned_username, $returned_password);
while($stmt->fetch()) {
if($_POST['username'] == $returned_username && $_POST['password'] == $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
echo $stmt->fetch();
include 'disconnect.php';
}

this should work...
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT password FROM tbl_users where username = ?";
$stmt= $conn->prepare($sql);
$result->bind_param('s',$username);
$result->execute();
$result->bind_result($pass);
$stmt->fetch()
// echo "<pre>"; print_r($pass);
if($pass == $password) {
echo "You are now logged in! <br><br>";
}
else{
echo 'Incorrect username or password<br>';
}
comment if not working...

PHP code always shows wrong result

I am learning PHP and able to create a Registration form. But the code doesn't working properly. It always goes to else statement of Username exists Try Again. Any help appreciated and any explanation greatly welcomed :)
function session() {
$usn = $_POST['username'];
$pwd = $_POST['password'];
$email = $_POST['Email'];
$con=mysqli_connect("********","***********","**********","*********");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM Accounts
WHERE username = '$usn'");
If($result == Null) {
mysqli_query($con,"INSERT INTO Accounts (username, password, Email)
VALUES ('$usn', '$pwd','$email')");
$result = mysqli_query($con,"SELECT * FROM Accounts WHERE username = '$usn'");
while($row = mysqli_fetch_array($result)) {
if (($row['password']==$pwd) and ($row['Email']==$email)) {
echo "Registration Success";
}
else {
echo "Registration Failed";
}
}
}
else {
echo "Username Exists Try Again";
}
mysqli_close($con);
}

$result will never be null. You need to check for something like number of rows -
$row_cnt = mysqli_num_rows($result);
If that is greater than 0, then go to your else.

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

user is already taken? - php

The execute() method returns true if successful. Replace: $stmt->execute(); with: if($stmt->execute()) { echo "user created!"; } else { echo "error: " . $stmt->error; }

You could use mysqli_stmt::affected_rows to find out if rows were affected. If not, you can print out your error message

Related

if statement failure(no errors) in checking to see if two hash variables are equal

MySQL Insert occurs twice on one submit

Handling no results returned from a prepared select statement

Fetching results from a prepared select query

PHP code always shows wrong result

Categories

Resources