Hi, all

I've been banging my head on this one for about a day, now, so I figure it might be time to consult experts.
I've got a form, here, that has 3 fields (First, Last Name, and E-Mail address). It's supposed to auto-generate a username and password, insert into a table, and e-mail the address supplied on the form.

The script works, in that the user gets one e-mail without a problem, but the record insert duplicates itself, so three records of the same data are inserted, and I can't figure out where the loop is (or where PHP is sending an 'insert multiple records' command).

I put a counter around the insert statement, and, when I echo it back, it only trips once, so it doesn't seem to be a loop in PHP.
When I execute the statement in the SQL form in PHPMyAdmin, it does a single record insert, so I don't think it's with the query.

Anyone have any ideas/suggestions? My code is below (the three includes referred to do not execute any DB commands. My next move would be to strip the code down to bare minimum, and build up again from there, but I wanted to see if anyone here had any suggestions.

Thanks in advance!

<?PHP
session_start();
#error_reporting(-1);
include('includes/fnctns.php');

if(!($_SESSION["auth"]))
$_SESSION["auth"] = "n";

#auth_check($_SESSION["auth"]);

include('includes/alert.php');
require_once('includes/dbconnectionstuff.php');

IF ($_POST["Submit"] == "Create Admin")
{
    $random_PW = generatePassword(8,1);
    $username = strtolower($_POST["FirstName"][0]).strtolower($_POST["LastName"]);
    $emailaddress = $_POST["Email"];

    $counter = 0;
    mysql_select_db($database_CMDB, $CMDB);
    $createadminquery = "INSERT INTO siteadmins (username,password,FirstName,LastName,EMailAddress) VALUES ('$username','".md5($random_PW)."','$_POST[FirstName]','$_POST[LastName]','$_POST[Email]')";
    $Result = mysql_query($createadminquery, $CMDB) or die(mysql_error());
    $counter++;
    echo "Counter: ".$counter;

    if (mysql_query($createadminquery))
    {
        $_SESSION['Alert'] = "Admin account for ".$_POST["FirstName"]." ".$_POST["LastName"]." has been created successfully.";
        $_SESSION['Alert'] .= "<BR>The user will receive an e-mail with their username and initial password shortly.";
        $_SESSION['Alert_Type'] = "success";

        $to = $emailaddress;
        $subject = "Site Admin Setup";
        $message = "Hello! This message is to inform you that your account with our website has been created.\r\n";
        $message .= "You can now log onto the administration portion of the website (found at http://www.website.com/admin.php,\r\nand create news posts, events, and other stuch stuff.\r\n";
        $message .= "Please log in, using the credentials supplied below. After logging in, you may change your password, if you like:\r\n";
        $message .= "\r\n";
        $message .= "Username: ".$username."\r\n";
        $message .= "Password: ".$random_PW."\r\n";
        $message .= "\r\n";
        $message .= "If you have any trouble logging in, you can either request a password reset at the login page, or contact Jay at admin@website.com.";
        $from = "no-reply@website.com";
        $headers = "From: ".$from."\r\n";
        $headers .= 'MIME-Version: 1.0' ."\r\n"; 
        $headers .= 'Content-type: text/plain; charset=iso-8859-1' ."\r\n";
        $headers .= "X-Mailer: PHP/ ". phpversion();
        mail($to,$subject,$message,$headers);
    }
    unset($_POST);
}

?>

<HTML>
<HEAD>
<TITLE>Website Administration - Create Admin Account</TITLE>
</HEAD>
<BODY>
<TABLE WIDTH="85%" BORDER="1" ALIGN="center">
    <TR>
        <TD>
            <FORM NAME="CreateAdmin" METHOD="post">
            <TABLE WIDTH="100%">
                <TR>
                    <TD COLSPAN="2" ALIGN="center">
                        Type the first name, last name, and e-mail address of the person you would like to add in the spaces below.
                        <BR>
                        Their username and initial password will be auto-generated for them, and their initial login credentials will be e-mailed to him/her.
                    </TD>
                </TR>
                <?PHP 
                if (mysql_query($createadminquery)&&$_POST["Submit"] == "Create Admin")
                { ?>
                <TR>
                    <TD COLSPAN="2" ALIGN="center">
                        <?PHP include('includes/alert.php'); ?>
                    </TD>
                </TR>
                <?PHP
                }
                ?>
                <TR>
                    <TD ALIGN="right" WIDTH="50%">
                        First Name:
                    </TD>
                    <TD ALIGN="left" WIDTH="50%">
                        <INPUT TYPE="TEXT" MAXCHAR="20" NAME="FirstName" ID="FirstName">
                    </TD>
                </TR>
                <TR>
                    <TD ALIGN="right">
                        Last Name:
                    </TD>
                    <TD ALIGN="left">
                        <INPUT TYPE="TEXT" MAXCHAR="20" NAME="LastName" ID="LastName">
                    </TD>
                </TR>
                <TR>
                    <TD ALIGN="right">
                        E-Mail Address:
                    </TD>
                    <TD ALIGN="left">
                        <INPUT TYPE="TEXT" MAXCHAR="75" NAME="Email" ID="Email">
                    </TD>
                </TR>
                <TR>
                    <TD ALIGN="center" COLSPAN="2">
                        <INPUT TYPE = "Submit" Name = "Submit" VALUE = "Create Admin">
                    </TD>
                </TR>
            </TABLE>
            </FORM>
        </TD>
    </TR>
</TABLE>
</BODY>
</HTML>

it happned to me , when i refresh page, as many times i refresh, it inserts, so I used cookie to stop this duplicate inserts

1) on button submit i set cookie variable to 0,
2) on proccess page code, i check if cookie is =0 then allow insert else do not allow
3) after insert set cookie vairalbe to 1, so on refresh, its do not go in insert code.

Hi, utrivedi- thanks for your suggestion!

I think I may have already effectively tried your suggestion, with the "IF ($_POST["Submit"] == "Create Admin").."statement on line 14. If the script recognizes that the submit button has been hit, it should run through the bracketed commands only once.

Regardless, while your suggestion might have taken care of the problem on this page, it would only be a band-aid fix. The problem will return in more work I do on this server down the line, until I figure out what I'm doing wrong, here.

Either way, I do apprecate your response- it's just not the permanent fix I'm looking for.

post submit will onways create admin on on refresh always
but cookies can be different on all refresh

So, you're saying I should unset '$_SESSION' as well as '$_POST' at line 50 to blow away any session cookies that might be sitting on the server?

Or could the problem be with my own browser cookies?

seesion and post are fine, add cookie checking to ur condition

Ah, I got it figured out!

It turned out that the instances of "(mysql_query($createadminquery))" found in lines 23, 27, 73 were executing the insert statement three times. Once I corrected the latter two to "if($Result)", that got rid of the extra inserts.

Thank you, again, urtrivedi for being a second pair of eyes on my code!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.