on register i want it to say if a persons username is available when you make a account on this fourms what kind of coding is it?
CSS Codes
New Comer (less than 5 posts)
Username available
on register i want it to say if a persons username is available when you make a account on this fourms what kind of coding is it?
Global Moderator
While checking all of the submitted data (is the password blank? is the email valid?) check the submitted username against the database-- if you find a result, then it's unavailable and show them an error.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Junior Coders
script.php
Try customizing this code. This is what you want and it was a very basic inquiry.Code:<?php extract($_POST); // If your method was post in <form> $query = " SELECT userfield FROM usertable WHERE userfield='$uservariable' "; $res = mysql_query($query); if($res) { $count = mysql_num_rows($res); if(!$count) { echo "Username available"; } else echo "Username unavailable!"; } else echo "Transaction error!"; ?>
Global Moderator
That's one approach, but integration with the existing system may be difficult.
Also, I would not recommend using extract() that way. It's confusing and much more reliable to keep post variables in the $_POST array: just use $_POST['uservariable'] instead.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
global $Moderator;
usingextract()like that (blindly) also leads to security holes: you're basically adding a point where users can directly modify the variables in your script. If a user knows (or can guess) the names of variables in your script, he can use a home-made form to change their values, or even add new variables with whatever values he likes. Consider this (very simple example):
Used in concert with the username check, he could find a valid username (and automatically be logged in with it), and then change the password to whatever he wants.PHP Code:// earlier in the script, you check if the user is logged in:
if(/* check here */){ $loggedin = TRUE; }
// the user (who is NOT logged in) POSTs a form with the field "loggedin" and value "1"
// when you script comes to the username check,
extract($_POST);
// creates a variable called $loggedin with a value of 1 (which evaluates to TRUE)
// it doesn't affect the username check
// (in fact, if he also posts a 'uservariable' field, it won't even throw an error)
// however, he _IS_ logged in from that point on -
// without even knowing any real usernames or passwords.
even if the attack is not so refined, it doesn't take much to start screwing things up.
Posting Permissions
Reply With Quote
Bookmarks