Here is the code i came up with for validating input and checking for dubplicates. Neither seem to be working. What i mean is no data is going into the DB, and im getting an error on the dup check telling me that email and username are not valid....
This is my first shot at dupes and validation, so im positive i did something wrong. This was the stuff i wanted input on originally. Also note im using basic MD5 thats only because i already knew how and for getting things working i used it. It will be expanded and changed with SHA1 as suggested.
<?php
//Check for errors for testing purposes. Will remove later.
ini_set('display_errors', '1');
error_reporting(E_ALL);
//Connect to server
include('Connections/establish_dbconn.php');
//Select DB to work with
mysql_select_db("$database_ASA") or die(mysql_error());
//Read in values of the form, and confirm they are of correct type/content
$clubgroupname = $_POST["clubgroupname"];
$clubgroupname = filter_var($clubgroupname, FILTER_SANITIZE_STRING);
$type = $_POST["type"];
$address1 = $_POST["address1"];
$address1 = filter_var($address1, FILTER_SANITIZE_STRING);
$address2 = $_POST["address2"];
$address2 = filter_var($address2, FILTER_SANITIZE_STRING);
$city = $_POST["city"];
$city = filter_var($city, FILTER_SANITIZE_STRING);
$state = $_POST["state"];
$zip = $_POST["zip"];
$zip = filter_var($zip, FILTER_VALIDATE_INT);
$ownername = $_POST["ownername"];
$ownername = filter_var($ownername, FILTER_SANITIZE_STRING);
$phone1 = $_POST["phone1"];
$phone1 = filter_var($phone1, FILTER_VALIDATE_INT);
$contactname1 = $_POST["contactname1"];
$contactname1 = filter_var($contactname1, FILTER_SANITIZE_STRING);
$phone2 = $_POST["phone2"];
$phone2 = filter_var($phone2, FILTER_VALIDATE_INT);
$contactname2 = $_POST["contactname2"];
$contactname2 = filter_var($contactname2, FILTER_SANITIZE_STRING);
$url = $_POST["url"];
if(filter_var($url, FILTER_VALIDATE_URL) === FALSE)
{
$url = "";
}
else
{
return $url;
}
$email = $_POST["email"];
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE)
{
$email = "";
}
else
{
return $email;
}
$ismembershipreq = $_POST["ismembershipreq"];
$byob = $_POST["byob"];
$sex = $_POST["sex"];
$dresscode = $_POST["dresscode"];
$username = $_POST["username"];
$username = filter_var($username, FILTER_SANITIZE_STRING);
$rss = $_POST["rss"];
//$banner = $_POST["banner"];
//Here we will check the supplied email and username against
//the database to make sure they arent already in use
$request = "SELECT * FROM test_clubs";
$db_result = mysql_query($request);
$article = mysql_fetch_object($db_result);
$num_rows = mysql_num_rows($db_result);
$row_count = 0;
while ($row_count < $num_rows) {
$article = mysql_fetch_object($db_result);
$row_count++;
if ($article->email == $email) {
displayError("The email you provided is already registered to an account.");
exit(); }
else if ($article->username == $username) {
displayError("The username you requested is already taken.");
exit(); }
}
//Automatically generate the password
$length = 8;
$password = "";
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
$i = 0;
while ($i < $length) {
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
//Send the user their login name and password (plaintext)
$from = "Webmaster@asaandyou.com";
$to = "$email";
$subject = "ASA Account Information";
$body = "Thank you for joining the ASA. Your username is $username and your account password is $password. Please save this email in your records.";
mail($to, $subject, $body, "From: $from");
//Here we secure the password using MD5 before inserting
//to the database. We will change this to SHA1 and use
//salting for final version
$password = md5($password);
//Insert data into the database
mysql_query("
INSERT INTO test_clubs
(clubgroupname, type, address1, address2, city,
state, zip, ownername, phone1, contactname1,
phone2, contactname2, url, email, ismembershipreq,
byob, sex, dresscode, username, password, rss)
VALUES ('$clubgroupname', '$type', '$address1',
'$address2', '$city', '$state', '$zip', '$ownername',
'$phone1', '$contactname1', '$phone2', '$contactname2',
'$url', '$email', '$ismembershipreq', '$byob', '$sex',
'$dresscode', '$username', '$password', '$rss')");
//Terminate server connection
mysql_close($ASA);
//Redirect user back to form
header( 'Location: group_registration.php') ;
?>