Another Problem

The problem is I can signup more then once, I don't know what is wrong in my coding but if their is more then one ip in the users it shouldn't let them signup. Also, if I goto that page, even without hitting submit it says "You can not make more then one account!".

Please help





<?php
$title = "Signup";
include("top.php");
$IP = $_SERVER['REMOTE_ADDR'];
?>


<div id="content">
<span>Signup</span>


<p>
<form method="POST" action="signup.php?action=signup">
Username:<br> <input type="text" name="username" size="20" maxlength="15"><br>
Password:<br> <input type="password" name="password" size="20" maxlength="15"><br>
Verify Password:<br> <input type="password" name="verpassword" size="20" maxlength="15"><br>
Email:<br> <input type="text" name="email" size="20" maxlength="25"><br><br>


Note: Your ip will be logged so please do not make multiple accounts<br><br>
<input type="submit" name="action" value="Signup"></form>


<?php
$ipcheck = mysql_query("select * from users where IP='$IP'");
IF(@mysql_numrows($ipcheck) > 0){
$ipused = yes;
}else{
$ipused = no;
}





IF ($action == "Signup" && $ipused == "no"){
$userupdate = mysql_query("INSERT INTO users (id, username, email, password, status, ipaddress, age) VALUES ('', '$username', '$email', '$password', '', '$IP', '')");
echo "Thank you for signing up.";
}else{
echo "You can not make more then one account!";
}
?>




</div>


<?php
include("bottom.php");
?>

Validating with IP is meaningless as anyone could go to a internet cafe, freind, connect via modem, have a dynbamic IP or use a proxy.

You cannot trust that remote_addr is accurate, dialup will always change, and if you have a dynamic high speed connection, your ip will also change.

The only way to control this is to disallow users from signing up more than once, meaning the user must be logged in to control that they do not create more than one account.
But there is no other accurate way of controlling this.

Can you guys just help me get this working please?? I am gonna try this for now because I am just making it. I will worry about that situation later.

well first off, you input an age into the query, but you don't have an age section in the form, might want to fix that first.
$userupdate = mysql_query("INSERT INTO users (id, username, email, password, status, ipaddress, age) VALUES ('', '$username', '$email', '$password', '', '$IP', '')");

unless you just have the age auto_increment which just doesn't make any sense to me

I do not have a status one etheir, it is default set to 0 and my status one is default set to member

You have (note "signup")

<form method="POST" action="signup.php?action=signup">

But then you have (note Signup)

IF ($action == "Signup" && $ipused == "no"){

PHP is case sensitive.

EDIT: And shouldn't it be $_GET['action'] ?
EDIT2: or maybe $_POST['action']?

No, that was for the button the submit button and the value = Signup...

Thanks

The submit button will be $_POST['action'] as that's what you've named the button..

I agree $action isn't Signup so you will never execute your query.

<?php
$title = "Signup";
include("top.php");
$IP = $_SERVER['REMOTE_ADDR'];
?>


<div id="content">
<span>Signup</span>


<p>
<form method="POST" action="signup.php?action=signup">
Username:<br> <input type="text" name="username" size="20" maxlength="15"><br>
Password:<br> <input type="password" name="password" size="20" maxlength="15"><br>
Verify Password:<br> <input type="password" name="verpassword" size="20" maxlength="15"><br>
Email:<br> <input type="text" name="email" size="20" maxlength="25"><br><br>


Note: Your ip will be logged so please do not make multiple accounts<br><br>
<input type="submit" name="action" value="Signup"></form>


<?php
if(isset($_POST['action'])){
$ipcheck = mysql_query("SELECT IP FROM users WHERE IP='$IP'");
IF(@mysql_num_rows($ipcheck) > 0){

echo "You can not make more then one account!";

}else{
$userupdate = mysql_query("INSERT INTO users (id, username, email, password, status, ipaddress, age) VALUES ('',$_POST['username'],$_POST['email'],$_POST['password'],'',$IP,'')");
echo "Thank you for signing up.";
}
}
}
?>

</div>

<?php
include("bottom.php");
?>


Still not 100% efficient, but it's been cleaned up a bit