Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    New Coder
    Join Date
    Dec 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Stopping Duplicates of a Username

    During testing of my CMS I came across a minor gaffe - a user can log in with a name and email address, then someone else can log in with the same name and email address. For obvious reasons, I would like to avoid this:

    Here is my add author page:

    PHP Code:
    <?php if (isset($_POST['name'])):

      
    // A new author has been entered
      // using the form below.

    include 'db.inc.php';

      
    $name $_POST['name'];
      
    $email $_POST['email'];
      
    $sql "INSERT INTO author SET
          name='$name',
          email='$email'"
    ;
      if (@
    mysql_query($sql)) {
        echo 
    '<p>New author added</p>';
      } else {
        echo 
    '<p>Error adding new author: ' .
            
    mysql_error() . '</p>';
      }

    ?>

    <p><a href="submit.php">You can now submit an article!</a></p>

    <?php else: // Allow the user to enter a new author ?>

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <p>Enter the new author:</p>
    <label>Name: <input type="text" name="name" /></label><br />
    <label>Email: <input type="text" name="email" /></label><br />
    <input type="submit" value="SUBMIT" />
    </form>

    <?php endif; ?>
    Would I use 'SELECT DISTINCT' in mysql query?
    Last edited by XiledWeb; 12-29-2006 at 08:37 PM.

  • #2
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Require actual username and password?

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #3
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Are we to assume you don't require posters to register before they can post content? I would do that at least to help combat spam. If you are not requiring registration then there is really nothing you can do to stop someone else from using someone elses name and email address to post stuff. To prevent multiple people from using the same name for posting each person would need their own registered login with username and password.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #4
    New Coder
    Join Date
    Nov 2006
    Location
    UK
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool

    Code:
    $query = "SELECT FROM author WHERE name='$name'";
    
    mysql_query($query);
    
     $client = mysql_num_rows();
     
     if ($client != 0 ) {
     
        echo '<p>Error adding new author: ' .  mysql_error() . '</p>';
    
      } 
      else {
        
      	echo '<p>New author added</p>';
    
      }
    This code should work... but it may need tweaking to suit your mysql connection method.
    Last edited by Linark; 12-29-2006 at 10:46 PM. Reason: Typo in code sample.
    - Mark

  • #5
    Regular Coder anarchy3200's Avatar
    Join Date
    Mar 2003
    Location
    England
    Posts
    261
    Thanks
    0
    Thanked 1 Time in 1 Post
    Fixed
    Last edited by anarchy3200; 12-29-2006 at 10:56 PM. Reason: Removed to avoid confusion
    Mike

  • #6
    New Coder
    Join Date
    Dec 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The system is set up so that users who want to post articles can give their username and email address, those who just want to read the articles don't have to do anything.

    The articles are subject to approval - everytime someone post an article, its sent to the database and I have to approve it.

  • #7
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    You really should require registration for authors or you can't stop someone from submitting as someone else if the name and e-mail are known.
    Passwords are a lot more secure.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #8
    New Coder
    Join Date
    Dec 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by nikkiH View Post
    You really should require registration for authors or you can't stop someone from submitting as someone else if the name and e-mail are known.
    Passwords are a lot more secure.
    Well, I'm at the stage right now where I need this done before I return to work next week - is the registration setup an easy process?

  • #9
    New Coder
    Join Date
    Nov 2006
    Location
    UK
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by anarchy3200 View Post
    Shouldn't that be:

    ...
    if ($client == 0 ) {
    ...

    As if a row is returned ( i.e. !=0 ) then that name already exists?
    Yes, sort off.

    The code sample has been changed to reflect my typo mistake.
    - Mark

  • #10
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    It can be as simple as adding one password field to your form(s) and database, or as complicated as captchas, login pages, and "remember me" (cookies)

    I'd be making the username unique on the DB side as well (constraint/index). Not just via code that checks with SQL if something already exists.

    How secure do you want it, how many users will use it, etc. You can always start small and add on layers as you go if you're in a hurry.

    For now, to avoid the deception of someone posting as someone else by guessing author/e-mail, you can just add a password field.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #11
    New Coder
    Join Date
    Nov 2006
    Location
    UK
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The registration system shouldn't take too much extra coding, but it really needs implementing other wise your system is going to prone to abuse.
    - Mark

  • #12
    New Coder
    Join Date
    Dec 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm really coding this as I go - its my first php project that I've built from the ground up, so the password registration thing may be beyond my ability at this point in time.

    It seems like when I've thought I've completed an area of the project, something crops up which I have to deal with.

  • #13
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    That is why it is best to design the software before you start coding.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •