Hey,
I was using the tutorial, however I noticed a flaw in the new user script.
It allows duplicate users.
The code is as follows ~
<?PHP
$newUser = $_POST['newUser'];
$passOne = $_POST['passOne'];
$passTwo = $_POST['passTwo'];
if ($passOne == $passTwo) {
$newPass = $passOne;
} else {
print "Passwords mismatched";
}
if (($REQUEST_METHOD=='POST')) {
for(reset($HTTP_POST_VARS);
$key=key($HTTP_POST_VARS);
next($HTTP_POST_VARS)) {
$this = addslashes($HTTP_POST_VARS[$key]);
$this = strtr($this, ">", " ");
$this = strtr($this, "<", " ");
$this = strtr($this, "|", " ");
$$key = $this;
}
if ($newUser && $newPass ) {
$query = "insert into auth (userid,username,userpassword) ";
$query .= "VALUES(0000,'$newUser','$newPass')";
mysql_connect("dbhostname","dbusername","dbpassword)
or die("Unable to connect to SQL server");
mysql_select_db("dbname") or die("Unable to select database");
$result = mysql_query($query) or die("Insert Failed!");
}
}
if ( $result ){
print "You have successfully entered ".$newUser." with the password of ".$newPass." to your database!!";
}
?>
<html>
<head>
<title>Database Insert Form for kirupa</title>
</head>
<body bgcolor="#FFFFFF">
<h1>Insert Into Database • UCS</h1>
<form action="usercheck.php" method="POST">
New User Name: <input type="text" size="20" name="newUser" style="background-color: cyan;"><br>
New User Password: <input type="text" size="20" name="passOne" style="background-color: cyan;"><br>
Verify Password: <input type="text" size="20" name="passTwo" style="background-color: cyan;"><br>
<input type="submit" value="Add User" style="background-color: cyan;">
</form>
<br><br>
<hr>
<?
$queryb="SELECT COUNT(*) FROM auth";
mysql_connect("mysql.host.com","username","password")
or die("Unable to connect to SQL server");
mysql_select_db("yourdatabase") or die("Unable to select database");
$numusers=mysql_query($queryb) or die ("Select Failed - count");
$numuser=mysql_fetch_array($numusers);
?>
<h3>Current Users in Database</h3>
<p>
There are <? echo $numuser[0]; ?> current users in database.<br>
Listed in alphabetical order by user's name:<br>
<br>
<?
$queryc="SELECT * FROM auth ORDER BY username";
$userlist=mysql_query($queryc) or die("Select Failed - users");
?>
<center>
<table border="1" bordercolor="#000000">
<tr>
<td width="20%" bgcolor="#000000">
<font size="2" color="#FFFFFF"><center>
USERS
</font></center>
</td>
<td width="20%" bgcolor="#000000">
<font size="2" color="#FFFFFF"><center>
PASSWORDS
</font></center>
</td>
</tr>
<?
while ($userinfo = mysql_fetch_array($userlist)){
?>
<tr>
<td width="20%" bgcolor="#FFCC33">
<center>
<? echo $userinfo['username']; ?>
</center>
</td>
<td width="20%" bgcolor="#FFCC33">
<center>
<? echo $userinfo['userpassword']; ?>
</center>
</td>
</tr>
<? } ?>
</table>
</center>
<p>
With this form, you can submit new users and passwords. However, you are not able to update or erase enteries once
entered. All changes made to your database are updated in real time.
<br><br><br>
</body>
</html>
Can anyone modify the script to not allow duplicate usernames. If possible, display the results in a flash text box called result. But if not, then just the script.
Cheers, Althorne
