Page 1 of 1

email insert

Posted: Tue Jan 14, 2014 12:12 pm
by bred
I would please would like some help..First of all I am not a php coder but I have a private game server where also we have some developers that provide free codes so I can use

Basically the code for the game registration we use is as such

Code: Select all

<?php
require_once('recaptchalib.config.php');
require_once('recaptchalib.php');
require_once('db.config.php');

$user_ip = $_SERVER['REMOTE_ADDR'];
$username = isset($_POST['username']) ? mssql_escape_string(trim($_POST['username'])) : '';
$Email = isset($_POST['Email']) ? mssql_escape_string(trim($_POST['Email'])) : '';
$password = isset($_POST['password']) ? mssql_escape_string(trim($_POST['password'])) : '';
$password2 = isset($_POST['password2']) ? mssql_escape_string(trim($_POST['password2'])) : '';
$errors = array();
$success = false;
if(isset($_POST) && !empty($_POST)){
	require_once('db.php');
	
	// Validate user name.
	$result = @odbc_exec($conn,"SELECT UserID FROM UserData.dbo.Users WHERE UserID = '{$username}'") or die('Failed to verify is the provided user named already exists.');
	if(empty($username)){
		$errors[] = 'Please provide a user name.';
	}else if(strlen($username) < 3 || strlen($username) > 16){
		$errors[] = 'User name must be between 3 and 16 characters in length.';
	}else if(ctype_alnum($username) === false){
		$errors[] = 'User name must consist of numbers and letters only.';
	}else if(odbc_num_rows($result)){
		$errors[] = 'User name already exists, please choose a different user name.';
	}

	 //Validate user password.
	if(empty($password)){
		$errors[] = 'Please provide a password.';
	}else if(strlen($password) < 3 || strlen($password) > 16){
		$errors[] = 'Password must be between 3 and 16 characters in length.';
	}else if($password != $password2){
		$errors[] = 'Passwords do not match.';
	}
	// Validate reCAPTCHA.  This is to prevent someone botting account creation.
	$response = recaptcha_check_answer($recaptcha_private_key,$_SERVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);
	if(!$response->is_valid){
		if($response->error == 'incorrect-captcha-sol'){
			$errors['recaptcha'] = 'Incorrect answer to reCAPTCHA';
		}else{
			$errors['recaptcha'] = $response->error;
		}
	}
	// Persist the new account to the database if no previous errors occured.
	if(count($errors) == 0){
		$sql = "INSERT INTO UserData.dbo.Users
				(UserID,Pw,JoinDate,Admin,AdminLevel,UseQueue,Status,Leave,LeaveDate,UserType,Point,EnPassword,UserIp)
				VALUES ('{$username}','{$password}',GETDATE(),0,0,0,0,0,GETDATE(),'N',0,'','{$user_ip}')";
		// Remove the @ symbol here to see what the SQL error message is when running the above query in $sql.
		if($result = @odbc_exec($conn,$sql)){
			$success = "Account {$username} successfully created!";
		}else{
			// This means the insert statement is probably not valid for your database.  Fix the query or fix your database, your choice ;)
			$errors[] = 'Failed to create a new account, please try again later';
		}
	}
}
// Determine which view to show.
if($success === false){
	require_once('register.view.php');
}else{
	require_once('success.view.php');
}
?>
I try adding this part below after I read through some tutorials and codes ( I added it after the Username Validation)
I got it to work but the problem is that it does allowed any simple word format to be enetered (ex mail$gmail.com not just the @)

Code: Select all

	// Validate an Email.
	$result = @odbc_exec($conn,"SELECT Email FROM UserData.dbo.Users WHERE Email = '{$Email}'") or die('Provided Email adress already exists.');
 	if (empty($_POST['Email'])) {//if the email supplied is empty
	        $error[] = 'Please enter a valid Email ';
	 } else {
	 
	 if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) {
	 $Email = $_POST['Email'];
	 } else {
	       $error[] = 'Your EMail Address is invalid  ';
	 }
This is the register.view

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title>Welcome To Register</title>
		<meta http-equiv="content-type" content="text/html;charset=utf-8" />
		<meta http-equiv="Content-Style-Type" content="text/css" />
		<style type="text/css">#error {color:#ff0000; list-style:none;}</style>
		<script type="text/javascript">var RecaptchaOptions = {theme:'clean'};</script>
	</head>
	<body>
		<h3>SIGN UP FOR A FREE  ACCOUNT</h3>
		<?php if(count($errors)){ ?>
			<ul id="error">
			<?php foreach($errors as $error){ ?>
				<li><?php echo $error; ?></li>
			<?php } ?>
			</ul>
		<?php } ?>
		<form action="register.php" method="post">
			<div style="width:436px; border:opx solid #000000; padding:16px;">
				User Name - <font color="gray">'At least 4 characters/numbers.'</font>
				<input name="username" value="<?php if(isset($_POST['username'])){ echo $_POST['username']; } ?>" style="width:100%;" />
				<div style="height: 5px;">&nbsp;</div>
				Email - <font color="gray">'At least 4 characters/numbers.'</font>
				<input name="Email" value="<?php if(isset($_POST['Email'])){ echo $_POST['Email']; } ?>" style="width:100%;" />
				<div style="height: 5px;">&nbsp;</div>
				Password - <font color="gray">'At least 4 characters/numbers and max 11.'</font>
				<input name="password" type="password" value="<?php if(isset($_POST['password'])){ echo $_POST['password']; } ?>" style="width:100%;" />
				<div style="height: 5px;">&nbsp;</div>
				Confirm Password - <font color="gray">'If your passwords aren’t equal, you will fail registering '</font>
				<input name="password2" type="password" value="<?php if(isset($_POST['password2'])){ echo $_POST['password2']; } ?>" style="width:100%;" />
				<div style="height: 5px;">&nbsp;</div>
				Please type this in the text box below to prove you are human
				<?php echo recaptcha_get_html($recaptcha_public_key); ?>
				<div style="height: 5px;">&nbsp;</div>
				<input type="submit" value="Create Account" />
			</div>
		</form>
	</body>
</html>
So my help will be of 2 kind if that is possible
1:) To be able to register by also inserting an email address ( which will help in password recovery)
2:) Be able to register by inserting a valid email address plus a confirmation link send to that email ( this part I have nothing so might need another .php part maybe)

Re: email insert

Posted: Tue Jan 14, 2014 1:57 pm
by requinix
bred wrote:I try adding this part below after I read through some tutorials and codes ( I added it after the Username Validation)
I got it to work but the problem is that it does allowed any simple word format to be enetered (ex mail$gmail.com not just the @)
It does actually check that the email address is valid, but if not it puts the error message in the wrong place: the variable is called "$errors". Plural. With no added error message (at least not where it's supposed to go) it doesn't look like there was an error at all.
bred wrote:2:) Be able to register by inserting a valid email address plus a confirmation link send to that email ( this part I have nothing so might need another .php part maybe)
It would be best if you could get one or more of those developers to do this: they probably know the system better than we do and are more familiar with how things are set up.

Regardless who does the work, the basic steps are:
1a. Create the user account anyways but somehow mark it as pending activation
1b. Generate a random code and store that along with the user data
1c. Send that code to the email with a link to a validation page
2a. Make a validation page that takes an email address and a validation code (either through the URL, which you put in the email, or a regular form the user fills out)
2b. The page looks up the email, checks the code, (displays a message or something if the code is wrong,) and unmarks the account as pending