Results 1 to 4 of 4
  1. #1
    Join Date
    Jan 2004
    Posts
    18

    Unanswered: a script confusion

    hi,

    ive been trying to write a script to ensure that when a user is registering they dont take a username that is already in use. this is a validation script which builds a session registered errors array and if it is not found empty then it returns to the form page and displays the encountered errors. the username comparison code doesnt appear to do anything meaningful and while this is very frustrating what is really confusing me is that the error messages ive placed for debugging arent recognised and displayed unless one of the if statements hold true and their error messages are registered. then they are both displayed.

    im quite new to all this so i guess im missing something fundamental. if anyone has the inclination to give me some pointers id be enormously grateful.

    heres the code:

    Code:
    session_start();
    	
    if(!session_is_registered("errors"))
    session_register("errors");
    	
    $errors = array();
    	
    if(!session_is_registered("formVars"))
    session_register("formVars");
    	
    foreach($HTTP_POST_VARS as $varname => $value)
    $formVars[$varname] = trim(clean($value, 50));
    	
    //debugging error message
    
    $errors["test"] = "snarl";
    	
    if(empty($idStaff))
    $errors["idStaff"] = "You have reached this page incorrectly. Please select a staff member and choose the link to create a contact.";
    
    //this works
    	
    if(empty($formVars["StaffUserName"]))
    $errors["StaffUserName"] = "A user name must be supplied.";
    
    //so does this
    	
    if(empty($formVars["StaffUserPassword"]) || empty($formVars["StaffConfirmPassword"]))
    $errors["Password1"] = "A password and its confirmation must be supplied.";
    	
    if(!empty($formVars["StaffUserPassword"]) &&  !empty($formVars["StaffConfirmPassword"]))
    {
                    $pass = $formVars["StaffUserPassword"];
    	$pass2 = $formVars["StaffConfirmPassword"];
    	$name = $formVars["StaffUserName"];	
    
    //this also works
    		
    if(strcmp($pass, $pass2) != 0)
    {
    	$errors["Password2"] = "Your password and password confirmation do not match.";
    }
    
    //i dont think any of this does
    
    else
    {
          $query = "SELECT StaffUserName FROM StaffUsers";
    		
    if(!($connection = @ mysql_pconnect($hostname, $username, $password)))
    showerror();
    	
    if(!mysql_select_db($databaseName, $connection))
    showerror();
    		
    if(!($result = @ mysql_query($query, $connection)))
    showerror();
    	
    $row = mysql_fetch_array($result);
    			
    foreach($row as $value)
    {	
    if(strcmp($name, $value) == 0)
    {
    $errors["Password3"] = "That user name is not available. Please choose another";	
    }
    }
    }	
    }	
    if(count($errors))
    {
    	header("Location: create_staff_user.php");
    }
    Last edited by jst; 02-23-04 at 06:28.

  2. #2
    Join Date
    Feb 2002
    Location
    San Francisco, CA
    Posts
    441
    Your code is very poorly structured and indented. Just an idea but writing it in a more structured way and indenting it properly);

    i.e.
    PHP Code:
    session_start();
        
    if(!
    session_is_registered("errors"))
    session_register("errors");
        
    $errors = array();
        
    if(!
    session_is_registered("formVars"))
    session_register("formVars");
        
    foreach(
    $HTTP_POST_VARS as $varname => $value)
    $formVars[$varname] = trim(clean($value50));
        
    //debugging error message

    $errors["test"] = "snarl";
        
    if(empty(
    $idStaff))
    $errors["idStaff"] = "You have reached this page incorrectly. Please select a staff member and choose the link to create a contact.";

    //this works
        
    if(empty($formVars["StaffUserName"]))
    $errors["StaffUserName"] = "A user name must be supplied.";

    //so does this
        
    if(empty($formVars["StaffUserPassword"]) || empty($formVars["StaffConfirmPassword"]))
    $errors["Password1"] = "A password and its confirmation must be supplied.";
        
    if(!empty(
    $formVars["StaffUserPassword"]) &&  !empty($formVars["StaffConfirmPassword"]))
    {
                    
    $pass $formVars["StaffUserPassword"];
        
    $pass2 $formVars["StaffConfirmPassword"];
        
    $name $formVars["StaffUserName"];    

    //this also works
            
    if(strcmp($pass$pass2) != 0)
    {
        
    $errors["Password2"] = "Your password and password confirmation do not match.";
    }

    //i dont think any of this does

    else
    {
          
    $query "SELECT StaffUserName FROM StaffUsers";
            
    if(!(
    $connection = @ mysql_pconnect($hostname$username$password)))
    showerror();
        
    if(!
    mysql_select_db($databaseName$connection))
    showerror();
            
    if(!(
    $result = @ mysql_query($query$connection)))
    showerror();
        
    $row mysql_fetch_array($result);
                
    foreach(
    $row as $value)
    {    
    if(
    strcmp($name$value) == 0)
    {
    $errors["Password3"] = "That user name is not available. Please choose another";    
    }
    }
    }    
    }    
    if(
    count($errors))
    {
        
    header("Location: create_staff_user.php");

    becomes;
    PHP Code:
    session_start();
        
    if(!
    session_is_registered("errors")){
        
    session_register("errors");
    }
        
    $errors = array();
        
    if(!
    session_is_registered("formVars")){
        
    session_register("formVars");
    }
        
    foreach(
    $HTTP_POST_VARS as $varname => $value){
        
    $formVars[$varname] = trim(clean($value50));
    }
        
    //debugging error message

    $errors["test"] = "snarl";
        
    if(empty(
    $idStaff)){
        
    $errors["idStaff"] = "You have reached this page incorrectly. Please select a staff member and choose the link to create a contact.";
    }

    //this works
        
    if(empty($formVars["StaffUserName"])){
        
    $errors["StaffUserName"] = "A user name must be supplied.";
    }

    //so does this
        
    if(empty($formVars["StaffUserPassword"]) || empty($formVars["StaffConfirmPassword"])){
        
    $errors["Password1"] = "A password and its confirmation must be supplied.";
    }
        
    if(!empty(
    $formVars["StaffUserPassword"]) &&  !empty($formVars["StaffConfirmPassword"]))
    {
        
    $pass $formVars["StaffUserPassword"];
        
    $pass2 $formVars["StaffConfirmPassword"];
        
    $name $formVars["StaffUserName"];    

        
    //this also works
            
        
    if(strcmp($pass$pass2) != 0)
        {
            
    $errors["Password2"] = "Your password and password confirmation do not match.";
        }else{
            
    //i dont think any of this does
            
    $query "SELECT StaffUserName FROM StaffUsers";
            
            if(!(
    $connection = @ mysql_pconnect($hostname$username$password))){
                
    showerror();
            }
            
            if(!
    mysql_select_db($databaseName$connection)){
                
    showerror();
            }
                    
            if(!(
    $result = @ mysql_query($query$connection))){
                
    showerror();
            }
        
            
    $row mysql_fetch_array($result);
                
            foreach(
    $row as $value){    
                if(
    strcmp($name$value) == 0){
                    
    $errors["Password3"] = "That user name is not available. Please choose another";    
                }
            }
        }    
    }    
    if(
    count($errors))
    {
        
    header("Location: create_staff_user.php");

    Anyway back to the code.

    That is a horrible way of checking for a duplicate user name - replace the query with something like this;
    PHP Code:
    $query sprintf("SELECT * FROM StaffUsers WHERE StaffUserName='%s' LIMIT 1",$name); 
    Instead of returning EVERY user (which could be 10's of 1000's or more), returning every record (via ODBC or such like) AND then iterating through every record, it searches for 1 occurance (LIMIT 1) of StaffUserName which is equal to the user name entered.

    Note: this may or may not want to be case sensitive. On a postgres database and some others you would need to do this (for example) to make it case insenstive;

    PHP Code:
    $query sprintf("SELECT * FROM StaffUsers WHERE StaffUserName ILIKE '%s' LIMIT 1",$name); 
    hope it helps

  3. #3
    Join Date
    Jan 2004
    Posts
    18
    great thanks, thats exactly what i was looking for..... and yes im fully aware that my code is terrible - im paddling away in the deep end at the moment, looking for the ledge. i also hadnt noticed i lost all my indents from cutting and pasting - sorry that mustve been very hard to read. do you know why the $errors[test] isnt being recognised?

    thanks again

  4. #4
    Join Date
    Jan 2004
    Posts
    18
    ive implemented your query - but it still ignores the test. any suggestions?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •