Problems with email activation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

Do you know where to copy it too? because i don't seem to figure it out...sorry that i'm such a pain in the...but i just made a mysql database 3 days ago...used a .php database until now.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Problems with email activation

Post by Celauran »

Let's try this. Update your code with what I've pasted below and try the activation link again.

Code: Select all

<?php

session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
    $newusername = $_POST['username'];
    $newemail = $_POST['email'];
    $newpassword = $_POST['password'];
    $confirmpassword = $_POST['confirmpassword'];
    $website = $_SERVER['HTTP_HOST'];
    $script = $_SERVER['SCRIPT_NAME'];
    $timestamp = time();
    $code = md5($website . $timestamp . rand(100000, 999999));
    if ($newpassword != $confirmpassword)
    {
        $error_message = 'Password and Confirm Password are not the same!';
    }
    else
    if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
    {
        $error_message = 'Username is not valid, please check and try again!';
    }
    else
    if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
    {
        $error_message = 'Password is not valid, please check and try again!';
    }
    else
    if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
    {
        $error_message = 'Email is not a valid email address. Please check and try again.';
    }
    if (empty($error_message))
    {
        $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
        if (!$db)
        {
            die('Failed to connect to database server!<br>' . mysql_error());
        }
        mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
        $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
        $result = mysql_query($sql, $db);
        if ($data = mysql_fetch_array($result))
        {
            $error_message = 'Username already used. Please select another username.';
        }
    }
    if (empty($error_message))
    {
        $crypt_pass = md5($newpassword);
        $newusername = mysql_real_escape_string($newusername);
        $newemail = mysql_real_escape_string($newemail);
        $newfullname = mysql_real_escape_string($newfullname);
        $sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
        $result = mysql_query($sql, $db);
        mysql_close($db);
        $subject = 'Email confirmation';
        $message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
        $message .= "\r\nUsername: ";
        $message .= $newusername;
        $message .= "\r\nPassword: ";
        $message .= $newpassword;
        $message .= "\r\n";
        $message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
        $message .= "\r\n\r\nThis is an automated message - please do not reply";
        $header = "From: webmaster@myhoo22.com" . "\r\n";
        $header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
        $header .= "MIME-Version: 1.0" . "\r\n";
        $header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
        $header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
        $header .= "X-Mailer: PHP v" . phpversion();
        mail($newemail, $subject, $message, $header);
        header('Location: ' . $success_page);
        exit;
    }
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
    $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
    if (!$db)
    {
        die('Failed to connect to database server!<br>' . mysql_error());
    }
    mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
    // I'm assuming the column id exists. If not, use your primary key in place of id
    $sql = "SELECT id FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
    list($id) = mysql_fetch_row(mysql_query($sql));
    if (!$id)
    {
        die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
    }
    // User has been found, so we'll activate the account
    $query = "UPDATE {$mysql_table} SET active = '1' WHERE id = {$id}";
    mysql_query($query);
    header("refresh:5;url=log_in.php");
    echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
    exit;
}
?>
Last edited by Celauran on Tue Feb 28, 2012 8:44 pm, edited 1 time in total.
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

damn...still There was an error in the following sql statement:SELECT id FROM users WHERE username = 'Blaade' AND code = 'fe1812ff33adac8e6af9fa984965de76'
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Problems with email activation

Post by Celauran »

No more detail after that?
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

nothing
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

I remember something. This is the original, unmodified script of the Sign up form:

Code: Select all

<?php
$mysql_server = 'fgdfhdf';
$mysql_username = 'fgdfgdfg';
$mysql_password = 'gdgdfgd';
$mysql_database = 'gdfgdf';
$mysql_table = 'gdfgdfg';
$success_page = '';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newusername = $_POST['username'];
   $newemail = $_POST['email'];
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $newfullname = $_POST['fullname'];
   $website = $_SERVER['HTTP_HOST'];
   $script = $_SERVER['SCRIPT_NAME'];
   $timestamp = time();
   $code = md5($website.$timestamp.rand(100000, 999999));
   if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (!ereg("^[A-Za-z0-9_!@$]{1,50}$", $newusername))
   {
      $error_message = 'Username is not valid, please check and try again!';
   }
   else
   if (!ereg("^[A-Za-z0-9_!@$]{1,50}$", $newpassword))
   {
      $error_message = 'Password is not valid, please check and try again!';
   }
   else
   if (!ereg("^[A-Za-z0-9_!@$.' &]{1,50}$", $newfullname))
   {
      $error_message = 'Fullname is not valid, please check and try again!';
   }
   else
   if (!ereg("^.+@.+\..+$", $newemail))
   {
      $error_message = 'Email is not a valid email address. Please check and try again.';
   }
   if (empty($error_message))
   {
      $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
      if (!$db)
      {
         die('Failed to connect to database server!<br>'.mysql_error());
      }
      mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
      $sql = "SELECT username FROM ".$mysql_table." WHERE username = '".$newusername."'";
      $result = mysql_query($sql, $db);
      if ($data = mysql_fetch_array($result))
      {
         $error_message = 'Username already used. Please select another username.';
      }
   }
   if (empty($error_message))
   {
      $crypt_pass = md5($newpassword);
      $newusername = mysql_real_escape_string($newusername);
      $newemail = mysql_real_escape_string($newemail);
      $newfullname = mysql_real_escape_string($newfullname);
      $sql = "INSERT `".$mysql_table."` (`username`, `password`, `fullname`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newfullname', '$newemail', 0, '$code')";
      $result = mysql_query($sql, $db);
      mysql_close($db);
      $subject = 'Your new account';
      $message = 'A new account has been setup.';
      $message .= "\r\nUsername: ";
      $message .= $newusername;
      $message .= "\r\nPassword: ";
      $message .= $newpassword;
      $message .= "\r\n";
      $message .= "\r\nhttp://".$website.$script."?user=".$newusername."&code=$code";
      $header  = "From: webmaster@yourwebsite.com"."\r\n";
      $header .= "Reply-To: webmaster@yourwebsite.com"."\r\n";
      $header .= "MIME-Version: 1.0"."\r\n";
      $header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
      $header .= "Content-Transfer-Encoding: 8bit"."\r\n";
      $header .= "X-Mailer: PHP v".phpversion();
      mail($newemail, $subject, $message, $header);
      header('Location: '.$success_page);
      exit;
   }
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
   $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
   if (!$db)
   {
      die('Failed to connect to database server!<br>'.mysql_error());
   }
   mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
   $sql = "SELECT * FROM ".$mysql_table." WHERE username = '".$_GET['user']."' AND code = '".$_GET['code']."'";
   $result = mysql_query($sql, $db);
   if ($data = mysql_fetch_array($result))
   {
      $sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
      mysql_query($sql, $db);
   }
   else
   {
      die ('User not found!');
   }
   mysql_close($db);
   header("refresh:5;url=log_in.php");
    echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
    exit;
}
?>
It has

Code: Select all

$sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
which i need to change value 0 to 1 after the user clicks validation link BUT with this script when someone clicks the validation link this error appears "User not found!" instead of "Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click here" and be redirected to the login page. "User not found!" appears even though the user is in the database and can login if he re-enters the site. What i did is to change:

Code: Select all

$result = mysql_query($sql, $db);
   if ($data = mysql_fetch_array($result))
   {
      $sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
      mysql_query($sql, $db);
   }
   else
   {
      die ('User not found!');
   }
with:

Code: Select all

$data = mysql_query($sql);
   if(!$data) {
	  die("There was an error in the following sql statement :<hr>$sql");
	}  
and after this, the "Your user account was successfully activated. You\'ll be redirected in about 5 secs. If not, click here" message appears, after the user clicks validation link ,BUT now the value in the database won't change from 0 to 1 and he can't log in. So...either something must be modified so that the "Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click here" appears instead of "User not found!" error or something must be done with the

Code: Select all

$sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
.
I'll try to figure it out...if u have any ideas or suggestions please post them.
Thanks for all your help!
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: Problems with email activation

Post by temidayo »

Post a sample of your activation link, that is sent to the user after sign up here
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

http://www.myhoo22.com/sign_up.php?user ... 59fc6b2950

http://w ww.myhoo22.com/sign_up.php?user=Blade&code=2c52d4ce77a33794eae4ef59fc6b2950
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: Problems with email activation

Post by temidayo »

Here is a slight modification to the code by @Celauran. The change I made is at the UPDATE statement after a link is clicked

Code: Select all

<?php

session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
    $newusername = $_POST['username'];
    $newemail = $_POST['email'];
    $newpassword = $_POST['password'];
    $confirmpassword = $_POST['confirmpassword'];
    $website = $_SERVER['HTTP_HOST'];
    $script = $_SERVER['SCRIPT_NAME'];
    $timestamp = time();
    $code = md5($website . $timestamp . rand(100000, 999999));
    if ($newpassword != $confirmpassword)
    {
        $error_message = 'Password and Confirm Password are not the same!';
    }
    else
    if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
    {
        $error_message = 'Username is not valid, please check and try again!';
    }
    else
    if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
    {
        $error_message = 'Password is not valid, please check and try again!';
    }
    else
    if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
    {
        $error_message = 'Email is not a valid email address. Please check and try again.';
    }
    if (empty($error_message))
    {
        $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
        if (!$db)
        {
            die('Failed to connect to database server!<br>' . mysql_error());
        }
        mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
        $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
        $result = mysql_query($sql, $db);
        if ($data = mysql_fetch_array($result))
        {
            $error_message = 'Username already used. Please select another username.';
        }
    }
    if (empty($error_message))
    {
        $crypt_pass = md5($newpassword);
        $newusername = mysql_real_escape_string($newusername);
        $newemail = mysql_real_escape_string($newemail);
        $newfullname = mysql_real_escape_string($newfullname);
        $sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
        $result = mysql_query($sql, $db);
        mysql_close($db);
        $subject = 'Email confirmation';
        $message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
        $message .= "\r\nUsername: ";
        $message .= $newusername;
        $message .= "\r\nPassword: ";
        $message .= $newpassword;
        $message .= "\r\n";
        $message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
        $message .= "\r\n\r\nThis is an automated message - please do not reply";
        $header = "From: webmaster@myhoo22.com" . "\r\n";
        $header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
        $header .= "MIME-Version: 1.0" . "\r\n";
        $header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
        $header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
        $header .= "X-Mailer: PHP v" . phpversion();
        mail($newemail, $subject, $message, $header);
        header('Location: ' . $success_page);
        exit;
    }
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
    $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
    if (!$db)
    {
        die('Failed to connect to database server!<br>' . mysql_error());
    }
    mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
    // I'm assuming the column id exists. If not, use your primary key in place of id
    $sql = "SELECT id FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
    list($id) = mysql_fetch_row(mysql_query($sql));
    if (!$id)
    {
        die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
    }
    // User has been found, so we'll activate the account
    $query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
    mysql_query($query) or die(mysql_error());
    header("refresh:5;url=log_in.php");
    echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
    exit;
}
?>
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

Damn! same error:
There was an error in the following sql statement:SELECT id FROM users WHERE username = 'Blade' AND code = 'b66ea1d8919651527d1c6d5578aef059'

It's like i'm doomed with this problem...
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: Problems with email activation

Post by temidayo »

Blaade wrote:It's like i'm doomed with this problem...
Nope. You are not doomed with the problem. We just discovered one more way that did not work.
Here is another modification:

Code: Select all

<?php

session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
    $newusername = $_POST['username'];
    $newemail = $_POST['email'];
    $newpassword = $_POST['password'];
    $confirmpassword = $_POST['confirmpassword'];
    $website = $_SERVER['HTTP_HOST'];
    $script = $_SERVER['SCRIPT_NAME'];
    $timestamp = time();
    $code = md5($website . $timestamp . rand(100000, 999999));
    if ($newpassword != $confirmpassword)
    {
        $error_message = 'Password and Confirm Password are not the same!';
    }
    else
    if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
    {
        $error_message = 'Username is not valid, please check and try again!';
    }
    else
    if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
    {
        $error_message = 'Password is not valid, please check and try again!';
    }
    else
    if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
    {
        $error_message = 'Email is not a valid email address. Please check and try again.';
    }
    if (empty($error_message))
    {
        $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
        if (!$db)
        {
            die('Failed to connect to database server!<br>' . mysql_error());
        }
        mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
        $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
        $result = mysql_query($sql, $db);
        if ($data = mysql_fetch_array($result))
        {
            $error_message = 'Username already used. Please select another username.';
        }
    }
    if (empty($error_message))
    {
        $crypt_pass = md5($newpassword);
        $newusername = mysql_real_escape_string($newusername);
        $newemail = mysql_real_escape_string($newemail);
        $newfullname = mysql_real_escape_string($newfullname);
        $sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
        $result = mysql_query($sql, $db);
        mysql_close($db);
        $subject = 'Email confirmation';
        $message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
        $message .= "\r\nUsername: ";
        $message .= $newusername;
        $message .= "\r\nPassword: ";
        $message .= $newpassword;
        $message .= "\r\n";
        $message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
        $message .= "\r\n\r\nThis is an automated message - please do not reply";
        $header = "From: webmaster@myhoo22.com" . "\r\n";
        $header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
        $header .= "MIME-Version: 1.0" . "\r\n";
        $header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
        $header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
        $header .= "X-Mailer: PHP v" . phpversion();
        mail($newemail, $subject, $message, $header);
        header('Location: ' . $success_page);
        exit;
    }
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
    $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
    if (!$db)
    {
        die('Failed to connect to database server!<br>' . mysql_error());
    }
    mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
    // I'm assuming the column id exists. If not, use your primary key in place of id
    $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
    list($username) = mysql_fetch_row(mysql_query($sql));
    if (!$username)
    {
        die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
    }
    // User has been found, so we'll activate the account
    $query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
    mysql_query($query) or die(mysql_error());
    header("refresh:5;url=log_in.php");
    echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
    exit;
}
?>
 
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

Thanks for boosting my morale and helping out. I'm trying myself some combination and searching the internet but nothing helped til now. And unfortunately:

There was an error in the following sql statement:SELECT username FROM users WHERE username = 'Blade' AND code = '0eedf774fbd3d36295cbf26b4673f120'
Didn't work either :banghead:
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: Problems with email activation

Post by temidayo »

We are getting closer. Here is another modification:

Code: Select all

<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
    $newusername = $_POST['username'];
    $newemail = $_POST['email'];
    $newpassword = $_POST['password'];
    $confirmpassword = $_POST['confirmpassword'];
    $website = $_SERVER['HTTP_HOST'];
    $script = $_SERVER['SCRIPT_NAME'];
    $timestamp = time();
    $code = md5($website . $timestamp . rand(100000, 999999));
    if ($newpassword != $confirmpassword)
    {
        $error_message = 'Password and Confirm Password are not the same!';
    }
    else
    if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
    {
        $error_message = 'Username is not valid, please check and try again!';
    }
    else
    if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
    {
        $error_message = 'Password is not valid, please check and try again!';
    }
    else
    if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
    {
        $error_message = 'Email is not a valid email address. Please check and try again.';
    }
    if (empty($error_message))
    {
        $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
        if (!$db)
        {
            die('Failed to connect to database server!<br>' . mysql_error());
        }
        mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
        $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
        $result = mysql_query($sql, $db);
        if ($data = mysql_fetch_array($result))
        {
            $error_message = 'Username already used. Please select another username.';
        }
    }
    if (empty($error_message))
    {
        $crypt_pass = md5($newpassword);
        $newusername = mysql_real_escape_string($newusername);
        $newemail = mysql_real_escape_string($newemail);
        $newfullname = mysql_real_escape_string($newfullname);
        $sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
        $result = mysql_query($sql, $db);
        mysql_close($db);
        $subject = 'Email confirmation';
        $message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
        $message .= "\r\nUsername: ";
        $message .= $newusername;
        $message .= "\r\nPassword: ";
        $message .= $newpassword;
        $message .= "\r\n";
        $message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
        $message .= "\r\n\r\nThis is an automated message - please do not reply";
        $header = "From: webmaster@myhoo22.com" . "\r\n";
        $header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
        $header .= "MIME-Version: 1.0" . "\r\n";
        $header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
        $header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
        $header .= "X-Mailer: PHP v" . phpversion();
        mail($newemail, $subject, $message, $header);
        header('Location: ' . $success_page);
        exit;
    }
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
    $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
    if (!$db)
    {
        die('Failed to connect to database server!<br>' . mysql_error());
    }
    mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
    // I'm assuming the column id exists. If not, use your primary key in place of id
    $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
     $result = mysql_query($sql) or die(mysql_error());    
list($username) = mysql_fetch_row($result);
    if (!$username)
    {
        die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
    }
    // User has been found, so we'll activate the account
    $query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
    mysql_query($query) or die(mysql_error());
    header("refresh:5;url=log_in.php");
    echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
    exit;
}
?>
Blaade
Forum Commoner
Posts: 29
Joined: Tue Feb 28, 2012 8:44 am

Re: Problems with email activation

Post by Blaade »

Mission Impossible:

There was an error in the following sql statement:SELECT username FROM users WHERE username = 'Blade' AND code = '012c4abdc3f51547ac12060d3d62291c'
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: Problems with email activation

Post by temidayo »

Try this:

Code: Select all

<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
    $newusername = $_POST['username'];
    $newemail = $_POST['email'];
    $newpassword = $_POST['password'];
    $confirmpassword = $_POST['confirmpassword'];
    $website = $_SERVER['HTTP_HOST'];
    $script = $_SERVER['SCRIPT_NAME'];
    $timestamp = time();
    $code = md5($website . $timestamp . rand(100000, 999999));
    if ($newpassword != $confirmpassword)
    {
        $error_message = 'Password and Confirm Password are not the same!';
    }
    else
    if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
    {
        $error_message = 'Username is not valid, please check and try again!';
    }
    else
    if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
    {
        $error_message = 'Password is not valid, please check and try again!';
    }
    else
    if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
    {
        $error_message = 'Email is not a valid email address. Please check and try again.';
    }
    if (empty($error_message))
    {
        $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
        if (!$db)
        {
            die('Failed to connect to database server!<br>' . mysql_error());
        }
        mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
        $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
        $result = mysql_query($sql, $db);
        if ($data = mysql_fetch_array($result))
        {
            $error_message = 'Username already used. Please select another username.';
        }
    }
    if (empty($error_message))
    {
        $crypt_pass = md5($newpassword);
        $newusername = mysql_real_escape_string($newusername);
        $newemail = mysql_real_escape_string($newemail);
        $newfullname = mysql_real_escape_string($newfullname);
        $sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
        $result = mysql_query($sql, $db);
        mysql_close($db);
        $subject = 'Email confirmation';
        $message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
        $message .= "\r\nUsername: ";
        $message .= $newusername;
        $message .= "\r\nPassword: ";
        $message .= $newpassword;
        $message .= "\r\n";
        $message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
        $message .= "\r\n\r\nThis is an automated message - please do not reply";
        $header = "From: webmaster@myhoo22.com" . "\r\n";
        $header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
        $header .= "MIME-Version: 1.0" . "\r\n";
        $header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
        $header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
        $header .= "X-Mailer: PHP v" . phpversion();
        mail($newemail, $subject, $message, $header);
        header('Location: ' . $success_page);
        exit;
    }
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
    $db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
    if (!$db)
    {
        die('Failed to connect to database server!<br>' . mysql_error());
    }
    mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
    // I'm assuming the column id exists. If not, use your primary key in place of id
    $sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
     $result = mysql_query($sql) or die(mysql_error());    
/*list($username) = mysql_fetch_row($result);
    if (!$username)
    {
        die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
    }
*/   
 // User has been found, so we'll activate the account
    $query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
    mysql_query($query) or die(mysql_error());
    header("refresh:5;url=log_in.php");
    echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
    exit;
}
?>
Post Reply