Page 2 of 3
Re: Problems with email activation
Posted: Tue Feb 28, 2012 8:23 pm
by Blaade
Do you know where to copy it too? because i don't seem to figure it out...sorry that i'm such a pain in the...but i just made a mysql database 3 days ago...used a .php database until now.
Re: Problems with email activation
Posted: Tue Feb 28, 2012 8:28 pm
by Celauran
Let's try this. Update your code with what I've pasted below and try the activation link again.
Code: Select all
<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website . $timestamp . rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Email confirmation';
$message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
$message .= "\r\n\r\nThis is an automated message - please do not reply";
$header = "From: webmaster@myhoo22.com" . "\r\n";
$header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
$header .= "MIME-Version: 1.0" . "\r\n";
$header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
$header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
$header .= "X-Mailer: PHP v" . phpversion();
mail($newemail, $subject, $message, $header);
header('Location: ' . $success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
// I'm assuming the column id exists. If not, use your primary key in place of id
$sql = "SELECT id FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
list($id) = mysql_fetch_row(mysql_query($sql));
if (!$id)
{
die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
}
// User has been found, so we'll activate the account
$query = "UPDATE {$mysql_table} SET active = '1' WHERE id = {$id}";
mysql_query($query);
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>
Re: Problems with email activation
Posted: Tue Feb 28, 2012 8:36 pm
by Blaade
damn...still There was an error in the following sql statement:SELECT id FROM users WHERE username = 'Blaade' AND code = 'fe1812ff33adac8e6af9fa984965de76'
Re: Problems with email activation
Posted: Tue Feb 28, 2012 8:43 pm
by Celauran
No more detail after that?
Re: Problems with email activation
Posted: Tue Feb 28, 2012 8:44 pm
by Blaade
nothing
Re: Problems with email activation
Posted: Wed Feb 29, 2012 6:38 am
by Blaade
I remember something. This is the original, unmodified script of the Sign up form:
Code: Select all
<?php
$mysql_server = 'fgdfhdf';
$mysql_username = 'fgdfgdfg';
$mysql_password = 'gdgdfgd';
$mysql_database = 'gdfgdf';
$mysql_table = 'gdfgdfg';
$success_page = '';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$newfullname = $_POST['fullname'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website.$timestamp.rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z0-9_!@$]{1,50}$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9_!@$]{1,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9_!@$.' &]{1,50}$", $newfullname))
{
$error_message = 'Fullname is not valid, please check and try again!';
}
else
if (!ereg("^.+@.+\..+$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>'.mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
$sql = "SELECT username FROM ".$mysql_table." WHERE username = '".$newusername."'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `".$mysql_table."` (`username`, `password`, `fullname`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newfullname', '$newemail', 0, '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Your new account';
$message = 'A new account has been setup.';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://".$website.$script."?user=".$newusername."&code=$code";
$header = "From: webmaster@yourwebsite.com"."\r\n";
$header .= "Reply-To: webmaster@yourwebsite.com"."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
mail($newemail, $subject, $message, $header);
header('Location: '.$success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>'.mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
$sql = "SELECT * FROM ".$mysql_table." WHERE username = '".$_GET['user']."' AND code = '".$_GET['code']."'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
mysql_query($sql, $db);
}
else
{
die ('User not found!');
}
mysql_close($db);
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>
It has
Code: Select all
$sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
which i need to change value 0 to 1 after the user clicks validation link BUT with this script when someone clicks the validation link this error appears "User not found!" instead of "Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click here" and be redirected to the login page. "User not found!" appears even though the user is in the database and can login if he re-enters the site. What i did is to change:
Code: Select all
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
mysql_query($sql, $db);
}
else
{
die ('User not found!');
}
with:
Code: Select all
$data = mysql_query($sql);
if(!$data) {
die("There was an error in the following sql statement :<hr>$sql");
}
and after this, the "Your user account was successfully activated. You\'ll be redirected in about 5 secs. If not, click here" message appears, after the user clicks validation link ,BUT now the value in the database won't change from 0 to 1 and he can't log in. So...either something must be modified so that the "Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click here" appears instead of "User not found!" error or something must be done with the
Code: Select all
$sql = "UPDATE `".$mysql_table."` SET `active` = 1 WHERE `username` = '".$_GET['user']."'";
.
I'll try to figure it out...if u have any ideas or suggestions please post them.
Thanks for all your help!
Re: Problems with email activation
Posted: Wed Feb 29, 2012 12:46 pm
by temidayo
Post a sample of your activation link, that is sent to the user after sign up here
Re: Problems with email activation
Posted: Wed Feb 29, 2012 1:13 pm
by Blaade
http://www.myhoo22.com/sign_up.php?user ... 59fc6b2950
http://w ww.myhoo22.com/sign_up.php?user=Blade&code=2c52d4ce77a33794eae4ef59fc6b2950
Re: Problems with email activation
Posted: Wed Feb 29, 2012 2:19 pm
by temidayo
Here is a slight modification to the code by @Celauran. The change I made is at the UPDATE statement after a link is clicked
Code: Select all
<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website . $timestamp . rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Email confirmation';
$message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
$message .= "\r\n\r\nThis is an automated message - please do not reply";
$header = "From: webmaster@myhoo22.com" . "\r\n";
$header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
$header .= "MIME-Version: 1.0" . "\r\n";
$header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
$header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
$header .= "X-Mailer: PHP v" . phpversion();
mail($newemail, $subject, $message, $header);
header('Location: ' . $success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
// I'm assuming the column id exists. If not, use your primary key in place of id
$sql = "SELECT id FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
list($id) = mysql_fetch_row(mysql_query($sql));
if (!$id)
{
die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
}
// User has been found, so we'll activate the account
$query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
mysql_query($query) or die(mysql_error());
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>
Re: Problems with email activation
Posted: Wed Feb 29, 2012 2:39 pm
by Blaade
Damn! same error:
There was an error in the following sql statement:SELECT id FROM users WHERE username = 'Blade' AND code = 'b66ea1d8919651527d1c6d5578aef059'
It's like i'm doomed with this problem...
Re: Problems with email activation
Posted: Wed Feb 29, 2012 3:22 pm
by temidayo
Blaade wrote:It's like i'm doomed with this problem...
Nope. You are not doomed with the problem. We just discovered one more way that did not work.
Here is another modification:
Code: Select all
<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website . $timestamp . rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Email confirmation';
$message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
$message .= "\r\n\r\nThis is an automated message - please do not reply";
$header = "From: webmaster@myhoo22.com" . "\r\n";
$header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
$header .= "MIME-Version: 1.0" . "\r\n";
$header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
$header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
$header .= "X-Mailer: PHP v" . phpversion();
mail($newemail, $subject, $message, $header);
header('Location: ' . $success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
// I'm assuming the column id exists. If not, use your primary key in place of id
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
list($username) = mysql_fetch_row(mysql_query($sql));
if (!$username)
{
die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
}
// User has been found, so we'll activate the account
$query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
mysql_query($query) or die(mysql_error());
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>
Re: Problems with email activation
Posted: Wed Feb 29, 2012 3:42 pm
by Blaade
Thanks for boosting my morale and helping out. I'm trying myself some combination and searching the internet but nothing helped til now. And unfortunately:
There was an error in the following sql statement:SELECT username FROM users WHERE username = 'Blade' AND code = '0eedf774fbd3d36295cbf26b4673f120'
Didn't work either

Re: Problems with email activation
Posted: Wed Feb 29, 2012 3:54 pm
by temidayo
We are getting closer. Here is another modification:
Code: Select all
<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website . $timestamp . rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Email confirmation';
$message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
$message .= "\r\n\r\nThis is an automated message - please do not reply";
$header = "From: webmaster@myhoo22.com" . "\r\n";
$header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
$header .= "MIME-Version: 1.0" . "\r\n";
$header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
$header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
$header .= "X-Mailer: PHP v" . phpversion();
mail($newemail, $subject, $message, $header);
header('Location: ' . $success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
// I'm assuming the column id exists. If not, use your primary key in place of id
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
$result = mysql_query($sql) or die(mysql_error());
list($username) = mysql_fetch_row($result);
if (!$username)
{
die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
}
// User has been found, so we'll activate the account
$query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
mysql_query($query) or die(mysql_error());
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>
Re: Problems with email activation
Posted: Wed Feb 29, 2012 4:14 pm
by Blaade
Mission Impossible:
There was an error in the following sql statement:SELECT username FROM users WHERE username = 'Blade' AND code = '012c4abdc3f51547ac12060d3d62291c'
Re: Problems with email activation
Posted: Wed Feb 29, 2012 4:38 pm
by temidayo
Try this:
Code: Select all
<?php
session_start();
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = 'password';
$mysql_database = 'database';
$mysql_table = 'USERS';
$success_page = './thank_you_page.html';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$website = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$timestamp = time();
$code = md5($website . $timestamp . rand(100000, 999999));
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z][a-z_.]{3,25}[a-z0-9]$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[a-z0-9]{5,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9\.|-|_]*[@]{1}[A-Za-z0-9\.|-|_]*[.]{1}[a-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $newusername . "'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username already used. Please select another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$newusername = mysql_real_escape_string($newusername);
$newemail = mysql_real_escape_string($newemail);
$newfullname = mysql_real_escape_string($newfullname);
$sql = "INSERT `" . $mysql_table . "` (`username`, `password`, `email`, `active`, `code`) VALUES ('$newusername', '$crypt_pass', '$newemail', '0', '$code')";
$result = mysql_query($sql, $db);
mysql_close($db);
$subject = 'Email confirmation';
$message = 'Hi!Thanks for creating an account on our site. Click the link below to confirm your email address:';
$message .= "\r\nUsername: ";
$message .= $newusername;
$message .= "\r\nPassword: ";
$message .= $newpassword;
$message .= "\r\n";
$message .= "\r\nhttp://" . $website . $script . "?user=" . $newusername . "&code=$code";
$message .= "\r\n\r\nThis is an automated message - please do not reply";
$header = "From: webmaster@myhoo22.com" . "\r\n";
$header .= "Reply-To: webmaster@myhoo22.com" . "\r\n";
$header .= "MIME-Version: 1.0" . "\r\n";
$header .= "Content-Type: text/plain; charset=utf-8" . "\r\n";
$header .= "Content-Transfer-Encoding: 8bit" . "\r\n";
$header .= "X-Mailer: PHP v" . phpversion();
mail($newemail, $subject, $message, $header);
header('Location: ' . $success_page);
exit;
}
}
else
if (isset($_GET['code']) && isset($_GET['user']))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
if (!$db)
{
die('Failed to connect to database server!<br>' . mysql_error());
}
mysql_select_db($mysql_database, $db) or die('Failed to select database<br>' . mysql_error());
// I'm assuming the column id exists. If not, use your primary key in place of id
$sql = "SELECT username FROM " . $mysql_table . " WHERE username = '" . $_GET['user'] . "' AND code = '" . $_GET['code'] . "'";
$result = mysql_query($sql) or die(mysql_error());
/*list($username) = mysql_fetch_row($result);
if (!$username)
{
die("There was an error in the following sql statement:<hr>$sql<br />" . mysql_error());
}
*/
// User has been found, so we'll activate the account
$query = "UPDATE {$mysql_table} SET active = '1' WHERE username = ".$_GET['user'];
mysql_query($query) or die(mysql_error());
header("refresh:5;url=log_in.php");
echo 'Your user account was succesfully activated. You\'ll be redirected in about 5 secs. If not, click <a href="log_in.php">here</a>.';
exit;
}
?>