0

this codes adds username and email to MYSQL database successfully but it accepts the SAME USER NAME and the SAME EMAIL if they are submitted in Upper case / lower case / or comobo of both ? what do I need to do to avoid adding the same USERNAME OR EMAIL all together ?

Note if I use for example USERNAME: moenagy18 I can also sign up with MoeNAGY18

this is the code in my register.php file. 

//if logged in redirect to members page
if( $user->is_logged_in() ){ header('Location: memberpage.php'); exit(); }

//if form has been submitted process it
if(isset($_POST['submit'])){

if (!isset($_POST['username'])) $error[] = "Please fill out all fields";
if (!isset($_POST['email'])) $error[] = "Please fill out all fields";
if (!isset($_POST['password'])) $error[] = "Please fill out all fields";

$username = $_POST['username'];

//very basic validation
if(!$user->isValidUsername($username)) {
$error[] = 'Usernames must be at least 3 Alphanumeric characters';
} else {
$stmt = $db->prepare('SELECT username FROM members WHERE username = :username');
$stmt->execute(array(':username' => $username));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

if(!empty($row['username'])){
$error[] = 'Username provided is already in use.';
}

}

if(strlen($_POST['password']) < 3){
$error[] = 'Password is too short.';
}

if(strlen($_POST['passwordConfirm']) < 3){
$error[] = 'Confirm password is too short.';
}

if($_POST['password'] != $_POST['passwordConfirm']){
$error[] = 'Passwords do not match.';
}

//email validation
$email = htmlspecialchars_decode($_POST['email'], ENT_QUOTES);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$error[] = 'Please enter a valid email address';
} else {
$stmt = $db->prepare('SELECT email FROM members WHERE email = :email');
$stmt->execute(array(':email' => $email));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

if(!empty($row['email'])){
$error[] = 'Email provided is already in use.';
}

}


//if no errors have been created carry on
if(!isset($error)){

//hash the password
$hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT);

//create the activasion code
$activasion = md5(uniqid(rand(),true));

try {

//insert into database with a prepared statement
$stmt = $db->prepare('INSERT INTO members (username,password,email,active) VALUES (:username, :password, :email, :active)');
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':active' => 'Yes' 
));
$id = $db->lastInsertId('memberID');

//send email
$to = $_POST['email'];
$subject = "Registration Confirmation";
$body = "<p>Thank you for registering at demo site.</p>
<p>To activate your account, please click on this link: <a href='".DIR."activate.php?x=$id&y=$activasion'>".DIR."activate.php?x=$id&y=$activasion</a></p>
<p>Regards Site Admin</p>";

$mail = new Mail();
$mail->setFrom(SITEEMAIL);
$mail->addAddress($to);
$mail->subject($subject);
$mail->body($body);
$mail->send();

//redirect to index page
header('Location: index.php?action=joined');
exit;

//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}

}

}
Møhamëd Nagý
  • 13
  • 6
  • Add a unique constraint to your columns. – Qirel May 12 '18 at 22:43
  • https://dev.mysql.com/doc/refman/8.0/en/case-sensitivity.html – M. Eriksson May 12 '18 at 22:50
  • I added unique constraints through Alter table Qirel earlier bfore I posted this.!!! , it didn’t so anything!!!! I’m pulling my hairs out – Møhamëd Nagý May 12 '18 at 22:58
  • 2
    Possible duplicate of [PHP Registration accepts SAME USERNAME and EMAIL in uppper and lower case](https://stackoverflow.com/questions/50310328/php-registration-accepts-same-username-and-email-in-uppper-and-lower-case) – James May 12 '18 at 23:03
  • You've duplicated your own question here. If you have something specific different to the ones linked to in your other question, feel free to edit and explain that. Otherwise the knowledge you seek are in the linked answers – James May 12 '18 at 23:04
  • not duplicate , because I have a different script here that I'm trying to edit .. specifically this script. – Møhamëd Nagý May 12 '18 at 23:05
  • Does the first duped link in your other question not give you the info you need? https://stackoverflow.com/questions/5629111/how-can-i-make-sql-case-sensitive-string-comparison-on-mysql – James May 12 '18 at 23:06
  • not really still don't have a way to this :( i'd be really happy to get this fixed – Møhamëd Nagý May 12 '18 at 23:12
  • Looks like you want the first answer to [this similar question](https://stackoverflow.com/questions/5938037/how-to-make-a-select-in-php-mysql-case-insensitive), in your case it would be `WHERE username LIKE :username` or `WHERE LOWER(username) = LOWER(:username)` – krubo May 13 '18 at 00:46
  • Who on Earth upvoted this duplicated question? And why? They posted their found solution in a comment on another answer :wall: – James May 13 '18 at 12:55

1 Answers1

0

Use BINARY in the query and it will do a byte by byte comparison this will check for an exact match(it will check if it is case sensitive).

 $stmt = $db->prepare('SELECT username FROM members WHERE BINARY username = :username');

Another method is using php strcmp(). Example: This compares 2 strings. If the same will = 0.

if(strcmp($dataA, $dataB) !== 0){$response = "Username or Password are Invalid!";
echo $response;
exit();}
Jonny
  • 1,319
  • 1
  • 14
  • 26
  • I got it solved , it was actually a line at the end of my CREATE TABLE statement at the end of the sql that did this mess. I removed , created the table and now the unique constraints work :))) but thanx for ur effort ! – Møhamëd Nagý May 13 '18 at 01:57