PHP - Need more help

Discussion in 'Computer Games and General Discussion' started by Waflix, Aug 5, 2011.

  1. Waflix

    Waflix El Psy Congroo

    Dec 17, 2010
    (previous question)
    (my site)
    I'm still busy writing my site, and I've come at another problem. First the registration worked fine, but I've found a mistake.
    After you've registered yourself, you will get a message "You've successfully been registered!". But when you reload the page, your account will be duplicated. After a little bit of thinking, I came to the conclusion that I use the wrong code to check if the username or e-mailadress already exists.

    I've edited the code many times, with many solutions found at Google, but they just don't seem to work.
    The code below fails because after pressing the 'register' button, the page is empty. (Click here to try registering, and see for yourself...)

  2. tj_cool

    tj_cool Site dev

    Jan 7, 2009
    This planet
    Maybe not the solution you're looking for, but you can put an unique constraint on your "name" column in the database. Then it'll error when trying to insert the same name again.

    Other than that, you could add a new session variable "success" or something, and check whether success is already true (and if so, skip all the rest).
  3. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    Oct 27, 2002
    Engine room, learning
    I think this is because when refreshing the page, you accept to send again the POST data. (the browser should ask you if you are sure to refresh the page because it will send the data again).
    There is a way to prevent sending POST data after a refresh (used in forums for example, so you can refresh the forum page just after posting a message to see if other users posted after you).

    Then include safepost.php at the top of your form page where you check if you have a POST data.
    It will save the POST data in a SESSION string, reload the page without the POST "information" for the browser to ignore any refresh command later, put back the saved SESSION information in a POST and destroy the SESSION.

    Then, like tj_cool said, you should automatically log the user and create a "currently logged" session when the user has correctly registered his new account, and check if the user is already logged before registering a new account again or even hide the registration form to logged users.
    Same, you should check if the name is already present in the database to prevent duplicate usernames used by different persons.
  4. Waflix

    Waflix El Psy Congroo

    Dec 17, 2010
    ^ First, I thought this was the problem too. But after I looked at it again, I found out that if the query would be send again, it first must check if the data already exists. And if it does, the query won't be send.
    The problem is really that it doesn't check if the username and e-mailadress already exists.