The problem I am having is that the form is processing the insert after the check for a unique username. If the username is unique it makes the insert but the message to the user is that the username is taken after the script runs.
Can someone explain why this is happening.
The message is if the username is taken "
/html/$lang/reg_error6.html
if the insert runs it should go to :
/html/$lang/reg_thankyou.html
What is the problem with my script???
/****************************************************************************
read POSTed and/or session variables
*****************************************************************************/
$firstname = $HTTP_POST_VARS["firstname"];
$middlename = $HTTP_POST_VARS["middlename"];
$lastname = $HTTP_POST_VARS["lastname"];
$sex = strtolower($HTTP_POST_VARS["sex"]);
$language = strtolower($HTTP_POST_VARS["language"]);
$password = strtolower($HTTP_POST_VARS["password"]);
$login = strtolower($HTTP_POST_VARS["login"]);
$email = $HTTP_POST_VARS["email"];
$country = $HTTP_SESSION_VARS ["country"] . "";
if ($country == "") {$country = $HTTP_POST_VARS["country"];}
$age = $HTTP_SESSION_VARS["age"];
$senderEmail = "blank@blank.com";
// ******* set the content-type for macs that don't like text/html ***********
if (!$html) {
header("Content-Type: application/x-www-form-urlencoded");
}
/*******************************************************************************
make sure all the necessary fields were submitted
********************************************************************************/
if (!$country) {
if ($html){
header("Location: /html/$lang/reg_error1.html");
die();
} else { die ("error=".urlencode("A required field was not submitted.")); }
}
if (($firstname == "") || ($lastname == "") || ($login == "")
|| ($sex == "") || ($password == "") || ($email == "")) {
if ($html)
{
header("Location: /html/$lang/reg_error1.html");
die();
} else { die ("error=".urlencode("A required field was not submitted.")); }
}
/*******************************************************************************
make sure all the necessary fields are of the proper
type and within the expected value set
********************************************************************************/
errorif(($sex != "m" && $sex != "f"),"Sex must be m or f"); // sex
errorif(($age == "no"),"underage"); // age
$cStr = preg_replace ("/[^A-Za-z0-9]/", "", $login); // login
if($cStr!=$login){ //die("error=".urlencode("username contains invalid characters"));
if ($html) { header("Location: /html/$lang/reg_error3.html"); die();}
else { die ("error=".urlencode("username contains invalid characters")); }
}
if(strlen($login)>12) {
if ($html) { header("Location: /html/$lang/reg_error4.html"); die();}
else { die ("error=".urlencode("login must be 12 characters or less")); }
}
$cStr = preg_replace ("/[^A-Za-z0-9]/", "", $password); // password
if($cStr!=$password) {
if ($html) { header("Location: /html/$lang/reg_error2.html"); die();}
else { die ("error=".urlencode("password contains invalid characters")); }
}
if(strlen($password)>12){
if ($html) { header("Location: /html/$lang/reg_error5.html"); die();}
else { die ("error=".urlencode("password must be 12 characters or less")); }
}
if ($login == "guest") { // guest
$HTTP_SESSION_VARS["login"] = "guest";
//echo "status=loggedin";
//exit();
if ($html) {
header("Location: /html/$lang/reg_thankyou.html"); die();
} else {
die ("status=loggedin");
}
}
// ********************************** db connection ****************************
db_connect();
/********************************************************************************
get the country's id number from the database if it exists in the db
********************************************************************************/
$sqlstr = "SELECT id FROM countries WHERE lower(name) = '$country'";
$result = query($sqlstr);
$countryid=0;
if ((num_rows($result))) {
$row = fetch_assoc($result);
$countryid = $row["id"];
}
$userlevelid = ($countryid == 0)?2:1; // set their user-level accordingly
/********************************************************************************
ensure that the user name doesn't already exist
********************************************************************************/
$sqlstr = "SELECT id FROM users WHERE login = '".$login."'";
$result = query($sqlstr);
if (num_rows($result) != 0) {
if ($html) { header("Location: /html/$lang/reg_error6.html"); die();} else { die ("error=".urlencode("login already taken.")); }
}
/********************************************************************************
insert the new user into the db
********************************************************************************/
$HTTP_SESSION_VARS["login"]=$login;
$sqlstr = "INSERT INTO users (firstname, middlename, lastname, email,age, sex, ";
$sqlstr .= "language, country, userlevelid, login, password) ";
$sqlstr .= "VALUES ('$firstname', '$middlename', '$lastname','$email', '$age', '$sex',";
$sqlstr .= "'$language', '$country', '$userlevelid', '$login', '$password')";
$result = query($sqlstr);
$senderId = get_userid($login); // get the newly inserted user's id # (confusing var name here)
if (!$result) die ("error=".urlencode('cant add user to db')); //error-handle in case INSERT failed
/*****************************************************************************
Log the user in by forwarding them accordingly.
*****************************************************************************/
if ($lang) {
header ("Location: /html/$lang/reg_thankyou.html"); } else {
header("Location: login.php?login=$login&password=$password&lang=$lang&html=$html");
}
