php - Why wont this check to see if a user exists? -


i'm performing query check if user exists before adding database. if result comes die , echo 'username exists' if comes empty add new user database.

for reason adds new user database anyway.

        //if post          if (isset($_post['submit'])) {          // check if username blank         if (!isset($_post['username']) || empty($_post['username'])) {             echo "username blank<br />";             die();         } else {             $username = mysqli_real_escape_string($connection, $_post['username']);         }          // check if password blank         if (!isset($_post['password']) || empty($_post['password'])) {             echo "password blank<br />";             die();         } else {             $password = mysqli_real_escape_string($connection, $_post['password']);             $password2 = md5($password);             //echo $password;         }          // check if email blank         if (!isset($_post['email']) || empty($_post['email'])) {             echo "email blank<br />";             die();         } else {             $email = mysqli_real_escape_string($connection, $_post['email']);             //$password = md5($password);             //echo $password;         }          //check see if username alread exsists          $query_check = "select * users user = '$username' limit 1";         $result_check = mysqli_query($connection, $query_check);           if(count(mysqli_fetch_array($result_check)) === 1) {             echo "username exists.";             die();              } else {                 $query = "insert users (user, pass, email) values ('$username','$password2','$email');";                 $result = mysqli_query($connection, $query);                 if($result){  // returned true, e.g. in case of delete sql                       $_session["username"] = $username;                     header("location: ../profile.php");                  } else { // returned false                     //echo "error: " . mysqli_error($connection);                     echo "error during register <a href='../register.php'>back register</a>";                     die();                 }          }        } else {         header("location: ../index.php"); }

after taking few minutes testing code, found you're using wrong function.

mysqli_fetch_array():

fetch result row associative, numeric array, or both

you're trying fetch associative array.

as opposed mysqli_num_rows():

gets number of rows in result

replace (and seems have been taken félix's answer)

if(count(mysqli_fetch_array($result_check)) === 1)

with

if(mysqli_num_rows($result_check) == 1)

or

if(mysqli_num_rows($result_check) > 0)

your original post contained:

if(mysqli_fetch_array($result_check) === 1)

which still stands wrong method.

if(mysqli_num_rows($result_check) >0) , make sure $username defined. don't know how/where if defined.

now, if fails, form element isn't named, and/or else in form failing you.

i.e.: <input type="text" name="username">

add error reporting top of file(s) find errors.

<?php  error_reporting(e_all); ini_set('display_errors', 1);  // rest of code

sidenote: error reporting should done in staging, , never production.

regarding using md5.

that isn't considered safe use anymore, far password hashing goes.

  • that technology old , considered broken.

for password storage, use crypt_blowfish or php 5.5's password_hash() function.

for php < 5.5 use password_hash() compatibility pack.

pulled ircmaxell's answer uses pdo prepared statements , password_hash():

just use library. seriously. exist reason.

don't yourself. if you're creating own salt, you're doing wrong. should using library handles you.

$dbh = new pdo(...);  $username = $_post["username"]; $email = $_post["email"]; $password = $_post["password"]; $hash = password_hash($password, password_default);  $stmt = $dbh->prepare("insert users set username=?, email=?, password=?"); $stmt->execute([$username, $email, $hash]);

and on login:

$sql = "select * users username = ?"; $stmt = $dbh->prepare($sql); $result = $stmt->execute([$_post['username']]); $users = $result->fetchall(); if (isset($users[0]) {     if (password_verify($_post['password'], $users[0]->password) {         // valid login     } else {         // invalid password     } } else {     // invalid username }

footnotes:

i noticed using headers.

you should add exit; after each header. otherwise, code may want continue executing.

header("location: ../profile.php");     exit;

and same other 1 also.

you're using sessions. session_start(); isn't present in posted , fail if isn't included; an insight.


Comments

Post a Comment

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

i have following sample code used pre-decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(--c); cout << c << endl; return; } } this function give output input 4 : dp3 dp2 dp1 dp0 0 1 2 3 but when use post decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(c--); cout << c << endl; return; } } output goes in infinite loop dp4 can explain me in detail why happens ? this happens because function(c--) called same value of c , when finishes c decremented. recursively called, hence called same value no chance of return , hit stack overflow error. assume this, int x = 1, y = 0; y = x++ result y == 1 , x == 2. if y = ++x , bot x , y 2.
Read more

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

i added new project. made mistake in projectname.conf file in sites-available apache2, led me reinstalling apache2. after reinstalling , re-enabling projects on every page of every project .. <body> run(); </body> .. i've run composer update, restarted service, restarted pc, checked config files, tried disabling new project. there nothing in error log, , access.log: 127.0.0.1 - - [15/may/2015:01:40:47 +0200] "get / http/1.1" 304 181 "-" "mozilla/5.0 (x11; ubuntu; linux x86_64; rv:38.0) gecko/20100101 firefox/38.0" maybe i'm forgetting apache2 reinstall? don't think did different last time installed it. looks haven't setup php correctly. take @ this great guide , maybe you're forgetting link php config apache2.
Read more

php - How can I echo out this array? -

i don't know how go grabbing data in variable , put foreach loop. class tree{ private $info = array( array('name'=>'jim','state'=>'nu','company'=>'nu','phone'=>array('cell'=>'5615111111','office'=>'5611111111'),'email'=>array('primary'=>'exs@example.com','ex@there.com')), array('name'=>'joe smith','city'=>'phoenix','phone'=>'4805551111','email'=>'jsmith@some_email.com'), array('name'=>'john doe','city'=>'chandler','company'=>'doe co.','email'=>array('jdoe@gmail.com','personal'=>'email@email.com'),'phone'=>'6025550002') ); } if you're inside of class, can access private variable using $this->variablename . example, i
Read more