0

I'm trying to check if the username is available and display it for the user to see when they check there account settings, which I have done.

BUT when the user tries to fill out another field I get the Your username is unavailable! which should not pop up because its the users username already. I want to know how can I fix this problem using PHP so that the users name is displayed every time the user views their account settings and it wont cause problems when a user submits additional info?

Here is the PHP code.

if (isset($_POST['submitted'])) {

    require_once '../htmlpurifier/library/HTMLPurifier.auto.php';

    $config = HTMLPurifier_Config::createDefault();
    $config->set('Core.Encoding', 'UTF-8');
    $config->set('HTML.Doctype', 'XHTML 1.0 Strict');
    $config->set('HTML.TidyLevel', 'heavy');
    $config->set('HTML.SafeObject', true);
    $config->set('HTML.SafeEmbed', true);
    $purifier = new HTMLPurifier($config);

    $mysqli = mysqli_connect("localhost", "root", "", "sitename");
    $dbc = mysqli_query($mysqli,"SELECT users.*
                                 FROM users 
                                 WHERE user_id=3");

    $first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
    $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));


    if($_POST['username']) {
        $u = "SELECT user_id 
              FROM users 
              WHERE username  = '$username'";
        $r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli));

        if (mysqli_num_rows($r) == TRUE) {
            $username = NULL;
            echo '<p class="error">Your username is unavailable!</p>';
        } else if(mysqli_num_rows($r) == 0) {
            $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));



    if ($_POST['password1'] == $_POST['password2']) {
        $sha512 = hash('sha512', $_POST['password1']);
        $password = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($sha512)));
    } else {
        $password = NULL;
    } 

    if($password == NULL) {
        echo '<p class="error">Your password did not match the confirmed password!</p>';
    } else {


        if (mysqli_num_rows($dbc) == 0) {
                $mysqli = mysqli_connect("localhost", "root", "", "sitename");
                $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, username, password) 
                                             VALUES ('$user_id', '$first_name', '$username', '$password')");
        }


        if ($dbc == TRUE) {
                $dbc = mysqli_query($mysqli,"UPDATE users 
                                             SET first_name = '$first_name', username  = '$username', password = '$password' 
                                             WHERE user_id = '$user_id'");

                echo '<p class="changes-saved">Your changes have been saved!</p>';

        }

        if (!$dbc) {
                print mysqli_error($mysqli);
                return;
        }

    }

        }

    }
}

Here is the html form.

<form method="post" action="index.php">
    <fieldset>
        <ul>
            <li><label for="first_name">First Name: </label><input type="text" name="first_name" id="first_name" size="25" class="input-size" value="<?php if (isset($_POST['first_name'])) { echo  stripslashes(htmlentities(strip_tags($_POST['first_name']))); } else if(!empty($first_name)) { echo  stripslashes(htmlentities(strip_tags($first_name))); } ?>" /></li>
            <li><label for="username">UserName: </label><input type="text" name="username" id="username" size="25" class="input-size" value="<?php if (isset($_POST['username'])) { echo  stripslashes(htmlentities(strip_tags($_POST['username']))); } else if(!empty($username)) { echo  stripslashes(htmlentities(strip_tags($username))); } ?>" /><br /><span>(ex: CSSKing, butterball)</span></li>
            <li><label for="password1">Password: </label><input type="password" name="password1" id="password1" size="25" class="input-size" value="<?php if (isset($_POST['password1'])) { echo  stripslashes(htmlentities(strip_tags($_POST['password1']))); } ?>" /></li>
            <li><label for="password2">Confirm Password: </label><input type="password" name="password2" id="password2" size="25" class="input-size" value="<?php if (isset($_POST['password2'])) { echo  stripslashes(htmlentities(strip_tags($_POST['password2']))); } ?>" /></li>

            <li><input type="submit" name="submit" value="Save Changes" class="save-button" />
                <input type="hidden" name="submitted" value="true" />
            <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
            </ul>
    </fieldset>

</form>
Improve this question

1 Answer 1

Reset to default
1

When you're checking for the submitted form on these lines:

if($_POST['username']) {
    $u = "SELECT user_id 
          FROM users 
          WHERE username  = '$username'";

You should put the user's id to prevent getting locked into the same record:

    $u = "SELECT user_id 
          FROM users 
          WHERE username  = '$username'
          AND user_id <> 3";

That's because the checking needs to be done on ALL other user's username field, EXCLUDING the current user :)

Hope this helps!

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Dang. beat me to it... Of course, this still makes me wonder why the user_id is hardcoded like that.
heh heh...i guess he'll eventually get the user_id from session.
<> is the sql operator for "not equal to"...think "!=" in php
@TaG: Is user_id the primary key of that table? Every user has a unique user_id? If that's the case, then saying "user_id = 3" means that everyone's going to be seeing user #3's firstname/lastname
@Marc B, I see where you are coming from, I will eventually change the number 3 to grab a users user_id dynamically I just have it at 3 to test my script. But good looking out.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.