Register form not working properly

watson100

Hello, im having some trouble getting my register form to work properly.

Here is the process file for the registration -

<?php
require_once("db/connect.php"); 

session_start(); 

//Declare Variables

$Username = $_POST['username'];
$Email = $_POST['email'];
$Email1 = "@";
$Email_Check = strpos($Email,$Email1);
$Password = sha1($_POST['password']); 
$Re_Password = sha1($_POST['re-password']);

//Check To See If All Information Is Correct
if($Email == "")
{	die("You have not entered your email!");	}
if($Email_Check === false)
{	die("Your email is incorrect!");			}
//Check to see if the email address is already in use
$email = mysql_query("SELECT * FROM users");
if (mysql_num_rows($email) > 0)
{	die("That email is already in use");		}
if($Username == "")
{	die("You didn't enter a username!");		}
//Check to see if the username is already in use
$user = mysql_query("SELECT * FROM users");
if (mysql_num_rows($user) > 0)
{	die("That username is already taken");		}
if($Password == "" || $Re_Password == "")
{	die("You didn't enter a password!");		}
if($Password != $Re_Password)
{	die("Your passwords don't match!");			}

//Insert Into Database
if(!mysql_query("INSERT INTO users (email, username, password) VALUES ('$Email', '$Username', '$Password')"))
{	die("We could not register you due to a error (Contact the website owner if this continues to happen.)");
}else{	die("User Created");	}

?>

Im trying to get it so that if check to see whether the email address or username is already in use but when i type in a different email but the same username it tells me this message -

That email is already in use

This section -

die("That email is already in use");

dagon

your query is missing a WHERE clause at the moment your only checking if there is anything in the users table

watson100

I don't know what i would put in the WHERE clause,

WHERE email='$email' ?

dagon

watson100;10983656 wrote:
I don't know what i would put in the WHERE clause,

WHERE email='$email' ?

what ever you are checking already exists.

watson100

Right ive updated my coding which is now -

<?php
require_once("db/connect.php"); 

session_start(); 

//Declare Variables

$Username = $_POST['username'];
$Email = $_POST['email'];
$Email1 = "@";
$Email_Check = strpos($Email,$Email1);
$Password = sha1($_POST['password']); 
$Re_Password = sha1($_POST['re-password']);

//Check To See If All Information Is Correct
if($Email == "")
{	die("You have not entered your email!");	}
if($Email_Check === false)
{	die("Your email is incorrect!");			}
//Check to see if the email address is already in use
$email_add = mysql_query("SELECT * FROM users WHERE email='$email_add'");
if (mysql_num_rows($email_add) > 0)
{	die("That email is already in use");		}
if($Username == "")
{	die("You didn't enter a username!");		}
//Check to see if the username is already in use
$user = mysql_query("SELECT * FROM users WHERE username='$username'");
if (mysql_num_rows($user) > 0)
{	die("That username is already taken");		}
if($Password == "" || $Re_Password == "")
{	die("You didn't enter a password!");		}
if($Password != $Re_Password)
{	die("Your passwords don't match!");			}

//Insert Into Database
if(!mysql_query("INSERT INTO users (email, username, password) VALUES ('$Email', '$Username', '$Password')"))
{	die("We could not register you due to a error (Contact the website owner if this continues to happen.)");
}else{	die("User Created");	}

?>

And here are the outcomes -

Although i have put in the same email address that is already in the database it shows me the message -

You didn't enter a username!

so it doesn't check the database to if the email is already in there and i also now receive this error message -

Notice: Undefined variable: email_add in ...... on line 21

watson100

Sorry dont worry i fixed it, i put email='$email_add' when i should have put WHERE email='$Email' but thanks for your help

dagon

now thats fixed, you should fix the gaping security wholes by sanitising all user inputs before using them in any query.

watson100

Ok im an amateur with php so i didn't understand that at all

dagon

77 posts should know a little by now :-)

all user data is suspect, it can be use to compromise your system, don't trust it.

at the minimum apply mysql_real_escape_string() to the strings, losts more details can be found using the boards search engine