View Full Version : Stopping Duplicates of a Username

12-29-2006, 08:31 PM
During testing of my CMS I came across a minor gaffe - a user can log in with a name and email address, then someone else can log in with the same name and email address. For obvious reasons, I would like to avoid this:

Here is my add author page:

<?php if (isset($_POST['name'])):

// A new author has been entered
// using the form below.

include 'db.inc.php';

$name = $_POST['name'];
$email = $_POST['email'];
$sql = "INSERT INTO author SET
if (@mysql_query($sql)) {
echo '<p>New author added</p>';
} else {
echo '<p>Error adding new author: ' .
mysql_error() . '</p>';


<p><a href="submit.php">You can now submit an article!</a></p>

<?php else: // Allow the user to enter a new author ?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Enter the new author:</p>
<label>Name: <input type="text" name="name" /></label><br />
<label>Email: <input type="text" name="email" /></label><br />
<input type="submit" value="SUBMIT" />

<?php endif; ?>

Would I use 'SELECT DISTINCT' in mysql query?

12-29-2006, 09:03 PM
Require actual username and password?

12-29-2006, 09:08 PM
Are we to assume you don't require posters to register before they can post content? I would do that at least to help combat spam. If you are not requiring registration then there is really nothing you can do to stop someone else from using someone elses name and email address to post stuff. To prevent multiple people from using the same name for posting each person would need their own registered login with username and password.

12-29-2006, 09:08 PM
$query = "SELECT FROM author WHERE name='$name'";


$client = mysql_num_rows();

if ($client != 0 ) {

echo '<p>Error adding new author: ' . mysql_error() . '</p>';

else {

echo '<p>New author added</p>';

}This code should work... but it may need tweaking to suit your mysql connection method.

12-29-2006, 09:13 PM

12-29-2006, 09:14 PM
The system is set up so that users who want to post articles can give their username and email address, those who just want to read the articles don't have to do anything.

The articles are subject to approval - everytime someone post an article, its sent to the database and I have to approve it.

12-29-2006, 09:54 PM
You really should require registration for authors or you can't stop someone from submitting as someone else if the name and e-mail are known.
Passwords are a lot more secure.

12-29-2006, 10:38 PM
You really should require registration for authors or you can't stop someone from submitting as someone else if the name and e-mail are known.
Passwords are a lot more secure.

Well, I'm at the stage right now where I need this done before I return to work next week - is the registration setup an easy process?

12-29-2006, 10:47 PM
Shouldn't that be:

if ($client == 0 ) {

As if a row is returned ( i.e. !=0 ) then that name already exists?
Yes, sort off.

The code sample has been changed to reflect my typo mistake.

12-29-2006, 10:53 PM
It can be as simple as adding one password field to your form(s) and database, or as complicated as captchas, login pages, and "remember me" (cookies)

I'd be making the username unique on the DB side as well (constraint/index). Not just via code that checks with SQL if something already exists.

How secure do you want it, how many users will use it, etc. You can always start small and add on layers as you go if you're in a hurry.

For now, to avoid the deception of someone posting as someone else by guessing author/e-mail, you can just add a password field.

12-29-2006, 10:57 PM
The registration system shouldn't take too much extra coding, but it really needs implementing other wise your system is going to prone to abuse.

12-29-2006, 11:22 PM
I'm really coding this as I go - its my first php project that I've built from the ground up, so the password registration thing may be beyond my ability at this point in time.

It seems like when I've thought I've completed an area of the project, something crops up which I have to deal with.

12-30-2006, 12:08 AM
That is why it is best to design the software before you start coding. :thumbsup: