Right, so i've staring at this same php file for the last 5+ hours trying to fix all the bugs and work out some errors, but this still eludes me. The part of the script which wont work is the part where i check if the results from my database searches match the entered username/ip of the user who is trying to register, the rest works fine as far as i can tell. It should block anyone who's ip/username has allready been used, but it doesn't.
It's probably a logical mistake by me im guessing, but i don't believe staring at the file longer will help me find it, it's literally driving me insane as i've been laughing quietly at myself for the last 2 hours.
- Code: Select all
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$username = $_POST['username'];
$ip = $_SERVER['REMOTE_ADDR'];
include('safe.php');
if(!empty($password1) && !empty($username))
{
$opendb = mysql_connect($server, $dbuser,"") or die(mysql_error());
$selectdb = mysql_select_db($db);
$excuser = mysql_query("SELECT username FROM $table1 WHERE username = $username");
$excip = mysql_query("SELECT ip FROM $table1 WHERE ip = $ip");
if($password1 != $password2)
{
header("Location: register.php?error=1");
}
else if($excuser == $username)
{
header("Location: register.php?error=2");
}
else if($excip == $ip)
{
header("Location: register.php?error=3");
}
else
{
$excuser = mysql_query("INSERT INTO $table1(username, password, ip) VALUES('$username', '$hash', '$ip') ") or die(mysql_error());
$closedb = mysql_close($opendb);
header("Location: register.php?error=5");
}
}
else
{
header("Location: register.php?error=4");
}
Notes:
excuser/excip stands for 'exclusive ip/username'
error 5 = successful entry if anyone wonders why it's called that, i just figured there's no point in creating a seperate variable and if statement for a successful entry.
safe.php includes a bunch of variables and the encryption of passwords along with other things which need safekeeping, and that i dont want to have to do each time i acces a database/access a function which requires passwords to be encrypted(registration/log in/etc)
I will be adding protection against sql injections at some point, blah
