Tip #1
Never check if a user profile exists by using their password.

Recently I was charged with researching a helpdesk ticket solution for internal IT. One of the things I knew that had to be part of the system was that users had to be able to use the same username and password that they do for our domain. So wrote a little hack so that they were authenticated against the domain and then an entry was saved to the database to make it as if they registered themselves or we added them manually. For the first draft of this hack users were only added when they first logged in, so checking to see if they existed by password wasn't such a big deal (though there could still be problems with two users having the same password). However later on I wrote another script that added everyone on the domain to the database with dummy passwords to test a "Proxy Ticket" system. No problem, it works for me since my password is already in the database, but today my coworker tried logging in to test it and had an 1062 MySQL error which is the duplicate entry error.

As you may have guessed, since he was supplying his real password and my hack was checking if his account existed by comparing his real password against the dummy one, it was trying to add another account with the same email/username.

Well, I haven't been around here long enough to know if I should be poking fun at you for making a newbie databasing mistake (seeing as you're a moderator and all), or consoling you with the fact that it's a common mistake to make. So, I'll just smile and nod.

I will comment though, that it's a good idea to only verify accounts against an unchanging unique field (or combination of fields).

2¢