0

So I've been looking at numerous references for a php registration page, however I'm running into trouble. Upon reload of page, the line "Username already exists" is always there. I know there's a problem with my code, but seeing that I'm not PHP Savvy, I don't really know how to fix it; I've been looking around for a couple hours and can't seem to fix this still, as well as trying many many different ways to register an account. Maybe one of you can help me. Here's my code:

            <html>
                <body>
                    <form method="post" action=""> 
                        Username: <input type="text" name="username" value="" /><br/> 
                        Password: <input type="password" name="pass" value="" /><br/> 
                        Repeat Password: <input type="password" name="pass2" value=""/><br/> 
                        <input type="submit" name="submit" value="Submit" /> 
                    </form> 
                </body>
            </html>

            <?php 
                $con = mysql_connect("localhost", "root", "123"); 
                $db = mysql_select_db("cq3"); 

                $Username = isset($_POST['Username']);
                $sql = "SELECT * FROM accounts WHERE Username = '$Username'";
                $result = mysql_query($sql, $con);
                if(mysql_num_rows($result)){
                    echo "Username already exists!";
                }
                else
                {
                    if(isset($_POST['submit'])) 
                    {   
                        $sql = "INSERT INTO `accounts` (Username, Password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; 
                        $sql = mysql_query($sql);
                    }
                }
            ?>
Donavon
  • 323
  • 2
  • 6
  • 11
  • compare `name="username"` with `$_POST['Username']` - Then this won't work `$Username = isset($_POST['Username']);` for 2 reasons. Use error reporting AND a safer method to store passwords as well as the MySQL API. – Funk Forty Niner Aug 06 '15 at 03:12
  • @Fred-ii- I don't think he's trying to ask about an undefined index error. He's asking why his code is still showing up even though the user hasn't pressed the submit button. – Script47 Aug 06 '15 at 03:21
  • @Script47 you better look again and go over my first comment to them. – Funk Forty Niner Aug 06 '15 at 03:21
  • @Fred-ii- *I'm running into trouble. Upon reload of page, the line "Username already exists" is always there. I know there's a problem with my code, but seeing that I'm not PHP Savvy, I don't really know how to fix it;* I did and look. That is his question, not the other issues in his code, even thought there might be. – Script47 Aug 06 '15 at 03:22
  • @Script47 not the words, the code. I'm not reopening the question. – Funk Forty Niner Aug 06 '15 at 03:23
  • @Fred-ii- ah, I see what you did. Although this question should not be closed because that error isn't the main focus of this question. Although that error exists, the OP isn't talking about it. I see what you mean though. I'm surprised that he's not posted that error and is worried about code beneath it. – Script47 Aug 06 '15 at 03:25
  • 1
    @Script47 their code is the entire foundation as to why it was closed. Go over their code again and with a fine toothed comb, including my first comment to them as to why their code is failing. Ok, can't chat anymore. You'll need to adjust your answer because it's not entirely correct. Edit: code speaks louder and clearer than words ;-) – Funk Forty Niner Aug 06 '15 at 03:27

1 Answers1

1

You should put the username check inside the $_POST['submit'] if statement so it only runs once the user clicks the submit button. This should fix your issue.

Edit 1

As Fred pointed out,

<input type="text" name="username" value="" />

Yet you for some reason are doing,

$Username = isset($_POST['Username']);

It should be,

$username = isset($_POST['username']);

Notice the lowercase u in $_POST['username']

Also to solve your other issue of the error message showing when it shouldn't,

    $con = mysql_connect("localhost", "root", "123"); 
    $db = mysql_select_db("cq3"); 

    $username = isset($_POST['username']) ? htmlspecialchars($_POST['username'], ENT_QUOTES) : false;
    $sql = "SELECT * FROM accounts WHERE Username = '$Username'";
    $result = mysql_query($sql, $con);

    if(isset($_POST['submit'])) {
        $sql = "SELECT * FROM accounts WHERE Username = '$Username'";
        $result = mysql_query($sql, $con);

        if(mysql_num_rows($result)){
            echo "Username already exists!";
        } else {
            $sql = "INSERT INTO `accounts` (Username, Password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; 
            $sql = mysql_query($sql);
        }
    }

You need to ensure that all your inputs names match with the keys in $_POST.

What that does is only insert the user if the submit button is pressed AND if the username doesn't exist, also now the username check will run once the user presses submit.

Edit 2 + 3

If you can, you should stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and consider using PDO, it's really not hard.

It appears that you may be storing passwords in plain text. If this is the case, it is highly discouraged.

It is recommended that you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

Community
  • 1
  • 1
Script47
  • 14,230
  • 4
  • 45
  • 66
  • *"This should fix your issue."* - I hate to be the bearer of bad news here, but it won't. Remember, in most or all coding/programming languages, variables are case-sensitive as are POST arrays. Plus, their `isset()` that's a fail there too. – Funk Forty Niner Aug 06 '15 at 03:32
  • `$username = isset($_POST['username']);` close, but no cigar. That's incorrect. Refs: http://php.net/manual/en/function.isset.php and http://php.net/manual/en/language.operators.comparison.php – Funk Forty Niner Aug 06 '15 at 03:35
  • @Fred-ii- gah, his code, I missed that. Editing now. – Script47 Aug 06 '15 at 03:36
  • 1
    You see why I closed the question? I think 99.9% of community members will agree with me ;-) – Funk Forty Niner Aug 06 '15 at 03:37
  • 1
    @Fred-ii- I now agree with you. That's why I up-voted your comment. :P – Script47 Aug 06 '15 at 03:37