hello i've made a registration page but my problem is that once somone register in it , he can register again and again and again in the same info ... how can i block this ? plz help
| SitePoint Sponsor |
hello i've made a registration page but my problem is that once somone register in it , he can register again and again and again in the same info ... how can i block this ? plz help
Last edited by Erez; Jan 4, 2005 at 13:46. Reason: plz help
setup a cookie, or a session variable once they register and check that.
now there is no guarantee that will work because cookie can be deleteed and browser can be restarted and in that case session is destroyed.
next option is you log the IP address , BUT again if the user is with dialup then the IP can be changed on next connection.
all in all there is no real way to stop the user from again registering. you can make it more hard for them but to fullly stop them is simply NO IN MY OPINION.(as i always say i mght be wrong)
Check if that info exists in the database before allowing them to register again.
eg if the email address or postal address is already registered then do not let them register again.
Obviously if they change any of those details they will be able to register again anyway.
One thing to bear in mind regarding what jaswinder_rana said about ip addresses, many isps (aol especially) use multiple proxy servers for thier customers so 3 page requests from the same user can come from 2 or more ip addresses regradless of if they have disconnected or are still connected via the same ip address.
You will (especially with aol) only see the ip address of the proxy server as America Off Line seem to believe that you have no right to discover who is accessing your site and do not include any x-forwarded-for headers or any other methods of tracking anyone past the proxy server.
This used to cause all sorts of problems for us when I was running an online game site.
err i've got now the code that should prevent double account name ...
this :
but i duno where to put it and if it works ... can u tell me?Code:$sql_check = mysql_query("SELECT account FROM '$grade_reg_table' WHERE account='$account'"); $check = mysql_num_rows('$sql_check'); if ($check!=1) $grade_insert_errors.="u cant make 2 accounts in the same name";
here is my code:
my fields are : account,password,Email,ageCode:<?php include "notice.html"; include "connection.php"; if (!isset($_POST["submit"])) { ?> <FORM action="<?= $_SERVER["notice.php"]; ?>" method="POST"> <TABLE border=0 cellpadding=7 cellspacing=7> <TR> <br><br><br><br> <TD><font color="#ffbc8c83">account:</font></TD> <TD><INPUT type="TEXT" name="account" size=20 maxlength=20 value="<?= $_POST["account"]; ?>"></TD> </TR> <TR> <TD><font color="#ffbc8c83">password:</font></TD> <TD><INPUT type="password" name="password" size=20 maxlength=20 value="<?= $_POST["password"]; ?>"></TD> </TR> <TR> <TD><font color="#ffbc8c83">Email:</font></TD> <TD><INPUT type="TEXT" name="Email" size=30 maxlength=50 value="<?= $_POST["Email"]; ?>"></TD> </TR> <TR> <TD><font color="#ffbc8c83">age:</font></TD> <TD><INPUT type="TEXT" name="age" size=2 maxlength=2 value="<?= $_POST["age"]; ?>"></TD> </TR> <TR> <TD align="right"><INPUT type="SUBMIT" name="submit" value="register"></TD> <TD align="left"><INPUT type="RESET" value="reset"></TD> </TR> </TABLE> </FORM> <? } if (isset($_POST["submit"])) { $account=$_POST["account"]; $password=$_POST["password"]; $e_mail=$_POST["Email"]; $age=$_POST["age"]; $grade_insert_errors=""; if ('$account'=="") $grade_insert_errors.="<br>account name isnt good.<BR>"; if ('$password'=="") $grade_insert_errors.="password just isnt right.<BR>"; if ('$e_mail'=="") $grade_insert_errors.="type a working Email plz.<BR>"; if ($age=="") $grade_insert_errors.="age isnt good.<BR>"; if ('' == $grade_insert_errors) { // make sure strings are quoted and escaped $account = '\''. mysql_real_escape_string($account) . '\''; $password = '\''. mysql_real_escape_string($password) . '\''; $e_mail = '\''. mysql_real_escape_string($e_mail) . '\''; $age = $age; $grade_reg_table = 'reg'; $grade_insert_query = 'INSERT INTO ' . $grade_reg_table . ' (account, password, Email, age)' . ' VALUES (' . $account . ', ' . $password . ', ' . $e_mail . ', ' . $age . ')' ; $result = mysql_query ($grade_insert_query,$chan); if (false == $result) { echo ' Failed to execute ' . $grade_insert_query . ' due to ' . mysql_error() . '<br />'; } else { echo '<br><br><font color="#ffbc8c83">Account created </font><br />'; } } else { echo "<BR><br><FONT color=\"#ffbc8c83\">".$grade_insert_errors."</FONT><BR>"; unset($_POST["submit"]); } } ?>
any idias ? plz help
I hope that helpsPHP Code:// make sure strings are quoted and escaped
$account = '\''. mysql_real_escape_string($account) . '\'';
$password = '\''. mysql_real_escape_string($password) . '\'';
$e_mail = '\''. mysql_real_escape_string($e_mail) . '\'';
$age = $age;
$grade_reg_table = 'reg';
// check to see if this username already exists
$sql = 'SELECT COUNT(*)'
. ' FROM ' . $grade_reg_table
. ' WHERE'
. ' account = ' . $account
;
$result = mysql_query($sql);
$num_users = mysql_result($result, 0);
if(0 == $num_users)
{
// rest of insert code goes here
$grade_insert_query ......
}
else
{
echo 'You can\'t make 2 accounts in the same name<br />';
}
to swdev:
man u are amasing.
thank you ever so much .
may the knowlage(force) be with you .
erez(the noob)
my pleasure
these forums are all about experienced people giving back something to the community by helping those with different experience.
None of us know it all. There will always be stuf that I don't know, and this is always my second port of call (after the manual) coz here I know that I'll get great advice.
Keep on coding
Posting Permissions
Bookmarks