PHP submit problem
I'm trying to check if the username
is available and display it for the user to see when they check there account settings, which I have done.
BUT when the user tries to fill out another field I get the Your username is unavailable!
which should not pop up because its the users username
already. I want to know how can I fix this problem using PHP so that the users name is displayed every time the user views their account settings and it wont cause problems when a user submits additional info?
Here is the PHP code.
if (isset($_POST['submitted'])) {
require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('HTML.TidyLevel', 'heavy');
$config->set('HTML.SafeObject', true);
$config->set('HTML.SafeEmbed', true);
$purifier = new HTMLPurifier($config);
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"SELECT users.*
FROM users
WHERE user_id=3");
$first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
$username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));
if($_POST['username']) {
$u = "SELECT user_id
FROM users
WHERE username = '$username'";
$r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli));
if (mysqli_num_rows($r) == TRUE) {
$username = NULL;
echo '<p class="error">Your username is unavailable!</p>';
} else if(mysqli_num_rows($r) == 0) {
$username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));
if ($_POST['password1'] == $_POST['password2']) {
$sha512 = hash('sha512', $_POST['password1']);
$password = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($sha512)));
} else {
$password = NULL;
}
if($password == NULL) {
echo '<p class="error">Your password did not match the confirmed password!</p>';
} else {
if (mysqli_num_rows($dbc) == 0) {
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, username, password)
VALUES ('$user_id', '$first_name', '$username', '$password')");
}
if ($dbc == TRUE) {
$dbc = mysqli_query($mysqli,"UPDATE users
开发者_开发问答 SET first_name = '$first_name', username = '$username', password = '$password'
WHERE user_id = '$user_id'");
echo '<p class="changes-saved">Your changes have been saved!</p>';
}
if (!$dbc) {
print mysqli_error($mysqli);
return;
}
}
}
}
}
Here is the html form.
<form method="post" action="index.php">
<fieldset>
<ul>
<li><label for="first_name">First Name: </label><input type="text" name="first_name" id="first_name" size="25" class="input-size" value="<?php if (isset($_POST['first_name'])) { echo stripslashes(htmlentities(strip_tags($_POST['first_name']))); } else if(!empty($first_name)) { echo stripslashes(htmlentities(strip_tags($first_name))); } ?>" /></li>
<li><label for="username">UserName: </label><input type="text" name="username" id="username" size="25" class="input-size" value="<?php if (isset($_POST['username'])) { echo stripslashes(htmlentities(strip_tags($_POST['username']))); } else if(!empty($username)) { echo stripslashes(htmlentities(strip_tags($username))); } ?>" /><br /><span>(ex: CSSKing, butterball)</span></li>
<li><label for="password1">Password: </label><input type="password" name="password1" id="password1" size="25" class="input-size" value="<?php if (isset($_POST['password1'])) { echo stripslashes(htmlentities(strip_tags($_POST['password1']))); } ?>" /></li>
<li><label for="password2">Confirm Password: </label><input type="password" name="password2" id="password2" size="25" class="input-size" value="<?php if (isset($_POST['password2'])) { echo stripslashes(htmlentities(strip_tags($_POST['password2']))); } ?>" /></li>
<li><input type="submit" name="submit" value="Save Changes" class="save-button" />
<input type="hidden" name="submitted" value="true" />
<input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
</ul>
</fieldset>
</form>
When you're checking for the submitted form on these lines:
if($_POST['username']) {
$u = "SELECT user_id
FROM users
WHERE username = '$username'";
You should put the user's id to prevent getting locked into the same record:
$u = "SELECT user_id
FROM users
WHERE username = '$username'
AND user_id <> 3";
That's because the checking needs to be done on ALL other user's username field, EXCLUDING the current user :)
Hope this helps!
精彩评论