Error when doing register page

[thientanchuong]

I already test all validation functions, it is about 80 % working. The rest is my problem about duplicate user name or email.

You can try my demo:

http://yoongda.com/customer/include/register.php

My code: register.php

Code:

<?php
require_once ('../../library/config.php');

function protect ($string)
{
	$string = mysql_real_escape_string ($string);
	$string = strip_tags ($string);
	$string = addslashes ($string);
	return $string;
}
if (!isset($_POST['submit']))
{
	echo "<table border=\"0\">";
	echo"<form action=\"register.php\" method=\"post\">";
	echo"<tr></td></td></tr>";
	echo"<tr><td>Username:</td><td>";
	echo"<input type=\"text\" name=\"username\" maxlength=\"60\"  />";
	echo"</td></tr>";
	echo"<tr><td>Password:</td><td>";
	echo"<input type=\"password\" name=\"pass1\" maxlength=\"10\">";
	echo"</td></tr>";
	echo"<tr><td>Confirm Password:</td><td>";
	echo"<input type=\"password\" name=\"pass2\" maxlength=\"10\">";
	echo"</td></tr>";
	echo"<tr><td>Email:</td><td>";
	echo"<input type=\"text\" name=\"email\" maxlength=\"10\" id=\"email\">";
	echo"</td></tr>";
	echo"<tr><th colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr> ";
	echo"</form>";
	echo"</table>";
} else 
{
	$username = protect($_POST['username']);
	$password = protect($_POST['pass1']);
	$confirm = protect($_POST['pass2']);
	$email = protect($_POST['email']);
	
	$errors = array();
	if (!$username)
	{
		$errors[]= "You should enter your user name";
	}
	if ($username)
	{
		if (!ctype_alnum($username))
		{
			$errors[]= "User name can only contain letters and numbers";
		}
		$range = range(1,20);
		if (!in_array(strlen($username),$range))
		{
			$errors[]= "User name must be between 1 and 20 characters";
		}
	}
	if ($username)
	{
		$sql = "SELECT `customer_id` FROM `tbl_customer` WHERE `customer_name`= '($username)'";
		$reg = mysql_query($sql) or die (mysql_error());
			if (mysql_num_rows($reg)>0)
			{
				$errors[]="The user name <strong>($username)</strong> is already registered";
			}
	}
	if (!$password)
	{
		$errors[]= "You should enter your password";
	}
	if ($password)
	{
		if (!$confirm)
		{
			$errors[]= "You should enter the confirmed password";
		}
	}
	if ($password && $confirm)
	{
		if($password != $confirm)
		{
			$errors[]= "Passwords do not match";
		}
	}
	if (!$email)
	{
		$errors[]= "You should enter email";
	}
	if($email)
	{
            $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
            if(!preg_match($checkemail, $email)){
                $errors[] = "E-mail is not valid, must be name@server.tld!";
            }
     }
	if ($email)
	{
		$sql2 = "SELECT * FROM `tbl_customer` WHERE email ='($email)'";	
		$reg2= mysql_query ($sql2) or die(mysql_error());
			if (mysql_num_rows ($reg2) >0)
			{
				$errors[]= "The email: <strong> ($email) </strong> is already registered";	
			}
	}
	if (count($errors) >0)
	{
		foreach ($errors as $error)
		{
			echo $error . "<br>";
		}
?>
<table width="200" border="0">
<form action="register.php" method="post">
<tr><td>Username:</td><td>
<input type="text" name="username" id="username" />
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass1" id="pass1" />
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" id="pass2" />
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" id="email" />
</td></tr>
<tr>
  <td colspan="2" align="center"><input type="submit" name="submit" value="Register"></td>
  </tr>
 </form>
</table>
<?php
	}else {
			$sql3 = "INSERT INTO `tbl_customer` 
					(`customer_name`,`customer_password`,`email`,`customer_regdate`)VALUES 
					('$username','".md5($password)."','$email',NOW());";	
			$reg3 = mysql_query ($sql3) or die (mysql_error());
			echo "Thank you for registering at  Yoongda.com, you can login now for shopping.";
		}
}
?>

my idea is If user register the same name or the same email, it should display these error messages

The username: <strong> ($email) </strong> is already registered

The email: <strong> ($email) </strong> is already registered

However, when I test, if I register the same user name , it will display:

Duplicate entry 'hung' for key 2

if the same email, it will be inserted into databse without validating

Can you help fix the code, please ?

thanks
Mong bạn kiểm tra và fix code dùm

[Nile]

It seems to work for me:

The user name (Nile) is already registered
The email: (nile@unlinkthis.net) is already registered

Are there any specific conditions that it doesn't work under?



Now for your code, for this:

PHP Code:

    $string = mysql_real_escape_string ($string);
    $string = strip_tags ($string);
    $string = addslashes ($string); 


Make sure that you always do the most important thing last. So change ti to this:

PHP Code:

    $string =  strip_tags ($string);
    $string = addslashes ($string);
    $string = mysql_real_escape_string ($string); 


And for this:

PHP Code:

if (!isset($_POST['submit']))
{
    echo "<table border=\"0\">";
    echo"<form action=\"register.php\" method=\"post\">";
    echo"<tr></td></td></tr>";
    echo"<tr><td>Username:</td><td>";
    echo"<input type=\"text\" name=\"username\" maxlength=\"60\"  />";
    echo"</td></tr>";
    echo"<tr><td>Password:</td><td>";
    echo"<input type=\"password\" name=\"pass1\" maxlength=\"10\">";
    echo"</td></tr>";
    echo"<tr><td>Confirm Password:</td><td>";
    echo"<input type=\"password\" name=\"pass2\" maxlength=\"10\">";
    echo"</td></tr>";
    echo"<tr><td>Email:</td><td>";
    echo"<input type=\"text\" name=\"email\" maxlength=\"10\" id=\"email\">";
    echo"</td></tr>";
    echo"<tr><th colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr> ";
    echo"</form>";
    echo"</table>";
} 


Its best not to use all those echo's. So take a look at this, or just completely exit PHP, paste all the HTML, and start it again.

I like the way your using your errors in an array (I usually do this), but its kind of messy.

Good luck!