Confirm unique username before submit - NEED HELP!

Ok, so I have a registration form, that is connected to a mysql db. I am using php to check the db to see if the username is unique…if it is not, then I have javascript displaying an “alert.” However, this is what is happening - My form is getting submitted, the alert pops up, and nothing is placed in my db. So it is doing everything right, except, it is submitting the form (and subsequently going to my “thank you page.” Can someone look at the code and tell me what is wrong.

Code:



<?php require_once('../../Connections/restaurants.php'); ?>
<?php
if (!isset($_POST['submit'])){
?>
<table>
<tr><td></td></tr>
<tr>
<td><font color="white"><b>Add A Registered User</b></font></td>
</tr>
<tr><td></td></tr>
</table>
<form action="add_user.php" method="post">
<table>
<tr>
<td><font color="white">Username: </font></td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td><font color="white">Password: </font></td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td><font color="white">Email Address: </font></td>
<td><input type="text" name="email"></td>
</tr>
<tr>
<td><font color="white">Firstname: </font></td>
<td><input type="text" name="firstname"></td>
</tr>
<tr>
<td><font color="white">Lastname: </font></td>
<td><input type="text" name="lastname"></td>
</tr>
<tr>
<td><font color="white">Access Level: </font></td>
<td><font color="white">Default is "Community" which allows for comments, voting, and creating profiles</font></td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="submit" value="Submit!">
</td>
</tr>
</table>
<?php
}else{
$username = $_POST['username'];
$password = sha1($_POST['password']);
$email = $_POST['email'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$created = date('Y-m-d H:i:s');
$createdby = $_SERVER['REMOTE_USER'];

$user_exist = mysql_result(mysql_query("SELECT COUNT(1) username FROM registration WHERE username='$username'"), 0);
	if($user_exist > 0){
		echo '<script type="text/javascript">
	      	<!--
	      	alert("Username already exists.  Please choose another username")
	      	//-->
	      	</script>';
		  unset($username);
	}
mysql_query("INSERT INTO `registration` (username, password, email, firstname, lastname,  created, createdby) VALUES ('$username', '$password', '$email', '$firstname', '$lastname', '$created', '$createdby')");
echo "<font color='white'>New User has been registered!<br><a href= '/tools/restaurants/add_user.php'>Add Another User</a></font>";
}
?>

Thanks!

I think its because you are missing an else statement. At the bottom of your script you check to see if $user_exist > 0, and if it is, you display the alert and unset the $username variable. But then you go ahead and run the insert statement, no matter what. You should only run the insert statement and echo statement that says “New user has been registered!” in an else after the $user_exist > 0 if statement.

I changed the order in which things are done. First I check the user posted data (if the form is posted), then if the username already exists, or if the form hasn’t been posted, the form is sent.

It isn’t perfect, but should give you an idea.

You should check the user data before using it in your script and SQL though (safety!).


<?php require_once('../../Connections/restaurants.php'); ?>
<?php
// initialize user_exist
  $user_exist = 1;
// If the form has been posted, check the data
 if (isset($_POST['submit'])){
//  ***** BTW: YOU SHOULD CHECK THE USER INSERTED DATA BEFORE USING IT !!
   $username = $_POST['username'];
   $password = sha1($_POST['password']);
   $email = $_POST['email'];
   $firstname = $_POST['firstname'];
   $lastname = $_POST['lastname'];
   $created = date('Y-m-d H:i:s');
   $createdby = $_SERVER['REMOTE_USER'];
   $user_exist = mysql_result(mysql_query("SELECT COUNT(1) username FROM registration WHERE username='$username'"), 0);
// If the user doesn't exist yet, insert it
   if($user_exist == 0){
       mysql_query("INSERT INTO `registration` (username, password, email, firstname, lastname,  created, createdby) VALUES ('$username', '$password', '$email', '$firstname', '$lastname', '$created', '$createdby')");
       echo "<font color='white'>New User has been registered!<br><a href= '/tools/restaurants/add_user.php'>Add Another User</a></font>";
   }else{
       echo '<script type="text/javascript">
               <!--               alert("Username already exists.  Please choose another username")
               //-->               </script>';
       unset($username);
   }
}

// If the form has not been posted, or the username already existed, resend the form.

if($user_exist > 0){

?>
<table>
  <tr>
     <td></td>
  </tr>
  <tr>
    <td><font color="white"><b>Add A Registered User</b></font></td>
  </tr>
  <tr>
    <td></td>
  </tr>
</table>
<form action="add_user.php" method="post">
<table>
  <tr>
    <td><font color="white">Username: </font></td>
    <td><input type="text" name="username"></td>
  </tr>
  <tr>
    <td><font color="white">Password: </font></td>
    <td><input type="password" name="password"></td>
  </tr>
  <tr>
    <td><font color="white">Email Address: </font></td>
    <td><input type="text" name="email"></td>
  </tr>
  <tr>
    <td><font color="white">Firstname: </font></td>
    <td><input type="text" name="firstname"></td>
  </tr>
  <tr>
    <td><font color="white">Lastname: </font></td>
    <td><input type="text" name="lastname"></td>
  </tr>
  <tr>
    <td><font color="white">Access Level: </font></td>
    <td><font color="white">Default is "Community" which allows for comments, voting, and creating profiles</font></td>
  </tr>
  <tr>
    <td></td>
    <td> <input type="submit" name="submit" value="Submit!"> </td>
  </tr>
</table>

<?PHP
}
?>

marc - tried this, still submitting the form:

Guido - the only difference between your code and mine (from what I see) is that you use ‘isset’ and I used ‘!isset’ I dont see how that will change anything.

The major problem here is that the javascript code has to “validate that username is unique” before submitting the form. I am struggling with that part.

if you want the form to verify that a username is not taken without submitting the form you will undoubtedly have to look into using ajax. you make a simple http request to a script that verifies the username is unique. if it is not use the response javascript code to show the appropriate information to the user.

If you want to verify the username is unique prior to registration, then you should use ajax to call a php script that unhides the rest of the registration form if and only if the php script determines the username is unique.

Page 1 would have the registration form, starting with a username and a custom button scripted to send the username via an ajax call to a php script that will send back javascript to enable the rest of the form. You’ll also want to setup a script that hides this div again (containing the rest of the registration form) onfocus for the username field (if they change it they have to confirm it’s unique again).

Or, you could have a two step process.

Or you could have a on-step process and forward them back to the form again if the username is not unique.

Study the code a bit better, and you’ll see the difference. My code displays the form again if the check doesn’t give the desired result. Yours never could, as your checks are at the end.

If you want JS to do the checking, then you must use AJAX.