How to prevent repeat sign ups from being put into db?

BrentonHale

Hi, I was needing some help with preventing repeat sign ups. I need a query to check the submitted email address ($e) is currently in the database by attempting to select that record. If it's not in the database, then it's safe to register.

Here is the existing code (with/out) the prevention of repeated sign ups. Please tell me on which lines (where to add) the code you provide in your replies. If at all possible please provide the code I should add also. I'm noobie at php with less than two weeks experience with it.

<?php # Script 7.3 - register.php

$page_title = 'Register';
include ('./header.html');

// Check if the form has been submitted.
if (isset($_POST['submitted'])) {

$errors = array(); // Initialize error array.

// Check for a first name.
if (empty($_POST['first_name'])) {
    $errors[] = 'You forgot to enter your first name.';
        } else {
        $fn = trim($_POST['first_name']);
        }

// Check for a last name.
if (empty($_POST['last_name'])) {
    $errors[] = 'You forgot to enter your last name.';
    } else {
    $ln = trim($_POST['last_name']);
    }

// Check for an email address.
if (empty($_POST['email'])) {
    $errors[] = 'You forgot to enter your email address.';
    } else {
    $e = trim($_POST['email']);
    }

// Check for a password and match against the confirm password.
if (!empty($_POST['password1'])) {
    if ($_POST['password1'] != $_POST['password2']) {
        $errors[] = 'Your password did not match the confirmed password.';
        } else {
            $p = trim($_POST['password1']);
            }
    } else {
        $errors[] = 'You forgot to enter your password.';
        }

if (empty($errors)) { // If everythings okay.

// Register the user in the database.
require_once ('mysql_connect.php'); // Connect to the db.

$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);

$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
    die('Not connected : ' . mysql_error());
}

// Check for previous registration.

$query = "SELECT user_id FROM users WHERE email='$e'";
$result =  mysql_query($query);
if (mysql_num_rows($result) == 0) {

} else { 

echo // Already registered.

'<h1 id="mainhead">Error!</h1>
<p class="error">This email address has already been registered.</p>;
}

// make sitename the current db
$db_selected = mysql_select_db('sitename', $link);
if (!$db_selected) {
    die ('Can\'t use sitename : ' . mysql_error());
}

// make sitename the current db
$db_selected = mysql_select_db('sitename', $link);
if (!$db_selected) {
    die ('Can\'t use sitename : ' . mysql_error());
}

// Make the query.
$query = "INSERT INTO users (first_name, last_name, email, password, registration_date) VALUES ('$fn', '$ln', '$e', SHA
('$p'), NOW() )";
$result = @mysql_query ($query); // Run the query.
if ($result) { // If it ran OK.

// Send an email, if desired.

// Print a message.
echo '<h1 id="mainhead">Thank you!</h1>
<p>You are now registered.  In Chapter 9 you will actually be able to log in!</p><p><br/></p>';

// Include the footer and quit the script (to not show the form).
include ('./footer.html');
exit();

} else { // If it did not run OK.
echo '<h1 id="mainhead">System Error</h1>
<p class="error">You could not be registered due to a system error.  We apologize for any inconvenience.</p>'; // Public message.
echo '<p>' . mysql_error() . '<br/><br/>Query: ' . $query . '</p>'; // Debugging message.
include ('./footer.html');
exit();
}

mysql_close(); // Close the database connection.

} else { // Report errors.

echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occurred:<br/>';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br/>\n";
}
echo '</p><p>Please try again</p><p><br/></p>';

} // End of if (empty($errors)) IF.

} // End of the main Submit conditional.
?>
<h2>Register</h2>
<form action="register.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST

['first_name'])) echo $_POST['first_name']; ?>" /></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="<?php if (isset($_POST['last_name'])) 

echo $_POST['last_name']; ?>" /></p>
<p>Email Address: <input type="text" name="email" size="20" maxlength="40" value"<?php if (isset($_POST['email'])) echo 

$_POST['email']; ?>" /></p>
<p>Password: <input type="password" name="password1" size="10" maxlength="20" /></p>
<p>Confirm Password: <input type="password" name="password2" size="10" maxlength="20" /></p>
<p><input type="submit" name="submit" value="Register" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
include ('./footer.html');
?>

laserlight

What you can do is to declare the database column that stores the email addresses as unique. Then, you attempt to insert the record with the given email address, and check if there is a unique constraint violation (i.e., the query failed to run, and the error code matches the error code for MySQL's unique constraint violation error).

NogDog

I've done what LL suggested above enough times now that I know the MySQL error code by memory: 1062. 🙂