My activation only works after one join?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mcc_shane
Forum Newbie
Posts: 22
Joined: Sat May 12, 2012 1:47 pm

My activation only works after one join?

Post by mcc_shane »

Hi Everyone,

I was testing my script to see if it works. It did for the first registered user (me). I then registered another account using a different email but for some reason my activation page won't activate the account? I'm not sure what's wrong. Below is the syntax for both of the join page and activation. Any help/pointers?

http://whatsmyowncarworth.com/more-prac ... n_form.php

I've also included member information at the below URL
http://whatsmyowncarworth.com/more-prac ... isplay.php

Below is the URLS that were used to register members.
http://whatsmyowncarworth.com/more-prac ... n.php?id=7
http://whatsmyowncarworth.com/more-prac ... n.php?id=9

Thanks everyone!

activation script

Code: Select all

<?  

  error_reporting(E_ALL | E_STRICT); 
  ini_set("display_errors", 1); 

//Connect to the database through our include  
include_once "connect_to_mysql.php"; 
// Get the member id from the URL variable 
$id = $_REQUEST['id']; 
$id = ereg_replace("[^0-9]", "", $id); // filter everything but numbers for security 
if (!$id) { 
    echo "Missing Data to Run"; 
    exit();     
} 
// Update the database field named 'email_activated' to 1 
$sql = mysql_query("UPDATE members SET emailactivated='1' WHERE id='$id'");  
// Check the database to see if all is right now  
$sql_doublecheck = mysql_query("SELECT * FROM members WHERE id='$id' AND emailactivated='1'");  
$doublecheck = mysql_num_rows($sql_doublecheck);  
if($doublecheck == 0){  
// Print message to the browser saying we could not activate them 
print "<br /><br /><div align=\"center\"><h3><strong><font color=red>Your account could not be activated!</font></strong><h3><br /></div>";  
} elseif ($doublecheck > 0) { 
// Print a success message to the browser cuz all is good  
// And supply the user with a link to your log in page, please alter that link line  
print "<br /><br /><h3><font color=\"#0066CC\"><strong>Your account has been activated!<br /><br /> 
</strong></font><a href=\"http://whatsmyowncarworth.com/more-practice/login.php\">Click Here</a> to log in now.</h3>";  
}  
?>
>>>>>>>>>>>>>>>>>>>>>>>>>>

join page syntax

Code: Select all

<?php 

// Set error message as blank upon arrival to page 
$errorMsg = ""; 
// First we check to see if the form has been submitted  
if (isset($_POST['username'])){ 
    //Connect to the database through our include  
    include_once "connect_to_mysql.php"; 
    // Filter the posted variables 
    $username = preg_replace("[^A-Za-z0-9]", "", $_POST['username']); // filter everything but numbers and letters 
    $country = preg_replace("[^A-Z a-z0-9]", "", $_POST['country']); // filter everything but spaces, numbers, and letters 
    $state = preg_replace("[^A-Z a-z0-9]", "", $_POST['state']); // filter everything but spaces, numbers, and letters 
    $city = preg_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters 
    $email = stripslashes($_POST['email']); 
    $email = strip_tags($email); 
    $email = mysql_real_escape_string($email); 
    $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters 
    // Check to see if the user filled all fields with 
    // the "Required"(*) symbol next to them in the join form 
    // and print out to them what they have forgotten to put in 
    if((!$username) || (!$country) || (!$state) || (!$city) || (!$email) || (!$password)){ 
         
        $errorMsg = "You did not submit the following required information!<br /><br />"; 
        if(!$username){ 
            $errorMsg .= "--- User Name"; 
        } else if(!$country){ 
            $errorMsg .= "--- Country";  
        } else if(!$state){  
            $errorMsg .= "--- State";  
       } else if(!$city){  
           $errorMsg .= "--- City";  
       } else if(!$email){  
           $errorMsg .= "--- Email Address";  
       } else if(!$password){  
           $errorMsg .= "--- Password";  
       } 
    } else { 
    // Database duplicate Fields Check 
    $sql_username_check = mysql_query("SELECT id FROM members WHERE username='$username' LIMIT 1"); 
    $sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1"); 
    $username_check = mysql_num_rows($sql_username_check); 
    $email_check = mysql_num_rows($sql_email_check);  
    if ($username_check > 0){  
        $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another."; 
    } else if ($email_check > 0){  
        $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another."; 
    } else { 
        // Add MD5 Hash to the password variable 
       $hashedPass = md5($password);  
        // Add user info into the database table, claim your fields then values  
        $sql = mysql_query("INSERT INTO members (username, country, state, city, email, password, signupdate)  
        VALUES('$username','$country','$state','$city','$email','$hashedPass', now())") or die (mysql_error()); 
        // Get the inserted ID here to use in the activation email 
        $id = mysql_insert_id(); 
        // Create directory(folder) to hold each user files(pics, MP3s, etc.)  
        mkdir("memberFiles/$id", 0755);  
        // Start assembly of Email Member the activation link 
        $to = "$email"; 
        // Change this to your site admin email 
        $from = "admin@whatsmyowncarworth.com"; 
        $subject = "Complete your registration"; 
        //Begin HTML Email Message where you need to change the activation URL inside 
        $message = '<html> 
        <body bgcolor="#FFFFFF"> 
        Hi ' . $username . ', 
        <br /><br /> 
        You must complete this step to activate your account with us. 
        <br /><br /> 
        Please click here to activate now >> 
        <a href="http://whatsmyowncarworth.com/more-practice/activation.php?id=' . $id . '"> 
        ACTIVATE NOW</a> 
        <br /><br /> 
        Your Login Data is as follows:  
        <br /><br /> 
        E-mail Address: ' . $email . ' <br /> 
        Password: ' . $password . '  
        <br /><br />  
        Thanks!  
        </body> 
        </html>'; 
        // end of message 
        $headers = "From: $from\r\n"; 
        $headers .= "Content-type: text/html\r\n"; 
        $to = "$to"; 
        // Finally send the activation email to the member 
        mail($to, $subject, $message, $headers); 
        // Then print a message to the browser for the joiner  
        print "<br /><br /><br /><h4>OK $firstname, one last step to verify your email identity:</h4><br /> 
        We just sent an Activation link to: $email<br /><br /> 
        <strong><font color=\"#990000\">Please check your email inbox in a moment</font></strong> to click on the Activation <br /> 
        Link inside the message. After email activation you can log in."; 
        exit(); // Exit so the form and page does not display, just this success message 
    } // Close else after database duplicate field value checks 
  } // Close else after missing vars check 
} //Close if $_POST 
?>
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: My activation only works after one join?

Post by twinedev »

I'm not having a problem activating more than one account, however, unless I properly log out before hitting the login page again (after activating the second account) it still keeps me logged in as who I originally logged in as. (the listing of users correctly showed the second account WAS activated.)

So even after "logging in" with the second accounts info, it was still showing the first account data until I clicked on "Log Out", then it would properly let me log in on the second account. I then went straight to the login page (without hitting log out first), and tried to log in as the first account, and well it still had me logged in as the second account.

On a side note, your activation code allows me to easily activate other accounts just by changing the ID # in the url. Now granted, probably not going to do much, as if I just wanted to create an account with fake information to validate, I could just use guerrillamail.com for a temporary email address (like I did in testing this). But just a good idea to get in the practice of not having something so easy guessed. (for one of many ways to deal with it, see viewtopic.php?f=1&t=132062&p=664803 )

-Greg
Post Reply