Auto username suggestion - mysql

I want an auto username suggestion if a username is already used ,using mysql procedure

By User Name suggestion, do you mean you want a type-ahead autocomplete on a login form (i.e. once you type a few characters of your user name, the application will show all user names matching the supplied user name), or do you you mean a suggestion box that provides potential alternate user names if new user supplies an existing user name?
If you're looking for the first, I would recommend avoiding this. By providing a server-side autocomplete for user names, you are providing a simple way to access the names of all users in your system and reducing security (as people trying to access your site without permission will only need to determine a password instead of a user name and password).
If it's the second, one common approach is to append numbers at the end of an existing user name to provide a user name that does not exist. I would recommend doing this in a combination of MySQL and whatever server-side language you are using.
First, get all user names that start with the user name that was supplied (and already exists):
SELECT user_name FROM users where user_name LIKE #userName + '%'
Then, in your server side language, do the following (pseudo-code)
let user = username supplied (already exists)
let recordset = recordset from db call (above)
i = 0
alternateCount = 0
alternatesFound = new string[5]
while (alternateCount < 5 And i < 100)
potentialName = user + i
if (recordset does not contain potentialName)
alternatesFound[alternateCount] = potentialName
alternateCount++
end if
end while
What this does is attempts to insert sucessive numbers (1,2,3) etc. to the supplied user name until it finds 5 cases where the user name is unique. It also does a maximum of 100 iterations in case user1 - user99 is taken (you could increase this but a limit isn't a bad idea.

Related

Do i have to make 2 queries to authorize a User in an API?

Lets say i have 2 tables:
User (id, name)
Notes (id, userID, text)
Now i make a request to my API and supply the User ID. I want to change the text of a certain Note, but only if the User is also the author of that note.
Lets say my User ID is stored in a variable { uID } at the backend.
Do i have to query
"SELECT userID FROM Notes..."
first and compare the result to my uID variable and afterwards execute
"UPDATE Notes..." ?
It works, but it feels kind of wonky.
Is there a more elegant solution?
You can easily use a where clause:
UPDATE notes SET ... WHERE userID='uID'

How to retrieve a specific data from database in ASP and put that data in a variable

Problem: I have a database called admin which has id, username and password column. Now I need to put this id in a variable called Dim ID for a specific username.
If I run this query:
adoRS.Source = "SELECT * FROM admin WHERE username= '"& username &"' AND password ='"& password &"' "
I will get a particular row in the database and a particular id. So, the problem is how to retrieve that id from the above query and put it in the declared variable called ID
One particular solution would be using a while loop as shown below:
do
col1 = adoRS.Fields("id")
id = col1
adoRS.MoveNext
Loop While Not adoRS.EOF
Since we just have one piece of data in the col1 variable, it would be much nicer if we could skip the do while process. So the question is how you retrieve the data and put that data in the id variable without using a while loop statement.
When using an ADO recordset, if you just want the value, you can just grab the value.
ID = adoRS.Fields("ID").Value
If the admin table is going to have more than one row with the same userName and Password, you probably have problems elsewhere, but will want to either send whatever you're doing with ID off to a method, or load up all of the ID's into an array.
If there are more than a handful, the getRows method may be useful as well.
(And, really, you shouldn't do a SELECT * if you just want ID. SELECT ID FROM Admin should work just fine. And sanitize USER and PASSWORD when you build that SQL string. Consider using a command object. And don't store the password, store a hash of the password. And eat your vegetables.)

Setting the APP_USER as a value to be passed to target page in APEX

I'm making a student management system on apex. The short of it is a place where lecturers and students can log on. Lecturers create assignments, assign them, mark them, take attendance, record issues ...... all that, and students log on to view their attendance and results.
Now when a student clicks the "My Results" link it navigates to the same page that a lecturer sees, though the select list where a student is selected to view the results of is hidden. The select list displays the students name and returns the id for that student, which also happens to be the user name for a student to log in.
So i want to pass the value of the app-user when a student clicks the link so that only their results are shown.
I've tried to set
these items
:P10_SELECT_STUDENT
with these values
#APP_USER#
which works but no the message "no data found" is shown.
Just for testing i've set that select list to be displayed for a student, and when the page loads it loads with the null value at the top of the list which is
display value
select a student
return value
-1
I've gone and manually set the value passed to be the id of the test student. works a treat, the data loads for that student!!
So does anyone know why the #APP_USSER# value im sending isnt being set in the listbox
Thanks in advance
What you need is the session state of the APP_USER variable. In a query you would reference this with :APP_USER. When you need to pass on the value as a parameter for, for example, a link, you would use the substitution string notation &APP_USER. Much the same way you would refer any other variable/page item.
For example, setting up a button:
A good page to read up on Substitution strings: Application Builder Concepts
The hash-sign notation is commonly used for non-plsql-variables substitution, like the value of a column in report when passed through in a link,
Zac,
If the users haven't authenticate themselves then the :APP_USER parameter is null. If the user authenticated via a SSO, or via DB credentials or whatever you have in the application then the :APP_USER will get populated.
Here is what i understood :
In page 12 , P12_STUDENTS is a select list, and you want it to reflect the current student if he enters or the full list if he's a teacher right?
You don't need to pass :APP_USER via a link or a branch or whatever. It exists as a global Apex variable and is visible in page 12 via :APP_USER but again , its null if the user is not authenticated.
Your select list source should be like:
select display d, return r
from table
where (:APP_USER is NULL
OR (:APP_USER IS NOT NULL AND :APP_USER = student))
tell me if this helps?
regards,
Alex

sqlalchemy query issue

I have a user update function and I allow users to change their email address but the same address must be unique in the database so, before I update, I must check if their new email already exists in the database but the query I use to check that returns the same row. Example:
user = User.query.get(1)
user.email = 'some#email.com'
if user.validate(): # The validate function performs a query to see if 'some#email.com' is already taken
user.save()
Now going into the validate function I have:
check = User.query.filter_by(User.email='some#email.com').first()
if check:
# email already exists
Problem is that check holds the same user I'm editing. Sqlalchemy submits the update to the database but under some sort of transaction so my query returns the same user I'm editing. I've solved this by creating a second session object but seems like an overkill. Any better ideas? Am I making sense?
Why not check, whether a user with a given e-mail address exists, before manipulating an existing user? You could e.g. write a standalone function for that:
def user_email_exists(email):
return (not User.query.filter(User.email=email) == None)
Then call user_email_exists before the attempt to change the user object.
...
# User object to alter
user = ...
# the new email address, which needs to be checked
new_email_addr = 'new#shiny.com'
if user_email_exists(new_email_addr):
raise SomeMeaningfulException() # or some `flash` message + a redirect
else:
user.email = new_email_addr
db.session.add(user)
db.commit()
...
The simplest way is probably just to add a second filter to the query inside your validate function. Instead of having it select any user with that email address, have it select any user with that email address and NOT the same username or user id. That way you're ensuring to only get a return if there is a different user with that email address.

What is the best way to store 10 options in a mysql database?

I am modifying my PHP network's code to have "user roles" like wordpress here is my plan so far
0 = registred non email verified user
1 = registed and verified email
2 = moderator
3-9 = nothing yet
10= admin
In my PHP code I will use an array like this that will set what a role number does.
$user_role['10']
I was thinking of storing which value a user has in my mysql DB, would this be the best way to store the 10 different role options as an enum or is there a better way or faster way? I read that enum is not the fastest sometimes.
enum('0','1','2','3','4','5','6','7','8','9','10')
I guess INT or TINYINT is enough to store user level (role). Also you may consider multiplting the numbers by 10, so you'll have a space to add more levels in future.
Use bitmasks for permissions / user levels.
See example.