Page 1 of 1

adding a email verification to my register script

Posted: Sat Jan 03, 2009 3:55 pm
by chris_s_22
i want to add a feature that when registering it sends a email with a code/link to verify that there email address is real and is in use. then when the email link is click registration is then activated and only then will they be able to login sucessfully

i understand that this as a lot of steps so heres where i up to and ill keep u posted
ive added a email address: feild to the registration form
ive added a email and register feild to the database table.

im now at the step that when people register only the login and password details are added to the database, i thought it was a case of just expanding

user_register ($_POST['username'], $_POST['password']);
to include the email for example
user_register ($_POST['username'], $_POST['password']);

but this hasnt worked, am i doing something wrong or do i have do do something else?

please note i am very new to php so try to keep things as simple. i dont want a new script im happy to work with what i have got, as im starting to understand it properly.

my msn addy is pinkangel_@hotmail.co.uk please feel free to add me if u like to go through it with me.

Re: adding a email verification to my register script

Posted: Sun Jan 04, 2009 1:30 am
by watson516
Use the mail function to send an email. Add a link to the email to finish registration.

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 5:19 am
by chris_s_22
i know to use the mail function but not quite at that step im very new to php coding please read my post again and see if u can answer the part where im up to
thx you help is gratefully recieved

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 6:18 am
by kaisellgren
Hi,

Add these database fields:
username VARCHAR(255)
email VARCHAR(255)
verification CHAR(32)
activated TINYINT
Once registration has been made, create some random text like $verification = md5(uniqid(mt_rand(),true)); then email a message <a href="site.com?verify.php?code=$verification">Click here to verify</a> and once the user receives the email he clicks the link and ur verify.php checks if the $_GET['code'] is the same as the one in the database.

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 4:00 pm
by chris_s_22
im at the point of creating a email confirmation that when a person recieves the email and clicks on the link it directs them to conformationcheck.php

Code: Select all

 
<?
include('config.php');
 
// Passkey that got from link 
$passkey=$_GET['passkey'];
 
// Retrieve data from table where row that match this passkey 
$sql1="SELECT * FROM user WHERE confirm_code ='$passkey'";
$result1=mysql_query($sql1);
 
// If successfully queried 
if($result1){
 
// Count how many row has this passkey
$count=mysql_num_rows($result1);
 
// if found this passkey in our database
if($count==1){
????
 
// Insert data  
$sql2="INSERT INTO user(registered)VALUES('$registered')";
$result2=mysql_query($sql2);
}
 
// if not found passkey, display message "Wrong Confirmation code" 
else {
header('Location: http://www.pinkangel4u.com/truthdare/conformation.php');
}
 
// if successfully inserted 
if($result2){
 
header('Location: http://www.pinkangel4u.com/truthdare/loginregister.php');
 
// Delete information in the confirmcode feild
$sql3="DELETE FROM user WHERE confirm_code = '$passkey'";
$result3=mysql_query($sql3);
}
}
?>
 
not sure want to add after if($count==1){ online 19
want i want this script to do firstly to get passkey from email then check it against my database, if found then insert "activated" into the registered feild in my database table.
i then want it to only delete and clear the confirmcode feild in my database feild think at the moment if deletes the whole record or that person registered

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 4:52 pm
by kaisellgren
chris_s_22 wrote:im at the point of creating a email confirmation that when a person recieves the email and clicks on the link it directs them to conformationcheck.php

Code: Select all

 
<?
include('config.php');
 
// Passkey that got from link 
$passkey=$_GET['passkey'];
 
// Retrieve data from table where row that match this passkey 
$sql1="SELECT * FROM user WHERE confirm_code ='$passkey'";
$result1=mysql_query($sql1);
 
// If successfully queried 
if($result1){
 
// Count how many row has this passkey
$count=mysql_num_rows($result1);
 
// if found this passkey in our database
if($count==1){
????
 
// Insert data  
$sql2="INSERT INTO user(registered)VALUES('$registered')";
$result2=mysql_query($sql2);
}
 
// if not found passkey, display message "Wrong Confirmation code" 
else {
header('Location: http://www.pinkangel4u.com/truthdare/conformation.php');
}
 
// if successfully inserted 
if($result2){
 
header('Location: http://www.pinkangel4u.com/truthdare/loginregister.php');
 
// Delete information in the confirmcode feild
$sql3="DELETE FROM user WHERE confirm_code = '$passkey'";
$result3=mysql_query($sql3);
}
}
?>
 
not sure want to add after if($count==1){ online 19
want i want this script to do firstly to get passkey from email then check it against my database, if found then insert "activated" into the registered feild in my database table.
i then want it to only delete and clear the confirmcode feild in my database feild think at the moment if deletes the whole record or that person registered
Wow, that's very unsafe. Google for SQL Injection.

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 5:45 pm
by chris_s_22

Code: Select all

 
<?
include('init.php');
    // Passkey that got from link 
    $passkey=mysql_real_escape_string($_GET['passkey']);
    $user_email = mysql_real_escape_string($_GET['user_email']);
    $query = "UPDATE user SET registered = 1 WHERE email = '$user_email' AND confirm_code = '$passkey'";
    if (!mysql_query($query)){  
    header('Location: http://www.pinkangel4u.com/truthdare/loginregister.php');
    }  
    else
    {     
    exit();
    }
?>
 
is this better?
please let me know if i done anything wrong

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 5:58 pm
by kaisellgren
chris_s_22 wrote:

Code: Select all

 
<?
include('init.php');
    // Passkey that got from link 
    $passkey=mysql_real_escape_string($_GET['passkey']);
    $user_email = mysql_real_escape_string($_GET['user_email']);
    $query = "UPDATE user SET registered = 1 WHERE email = '$user_email' AND confirm_code = '$passkey'";
    if (!mysql_query($query)){  
    header('Location: http://www.pinkangel4u.com/truthdare/loginregister.php');
    }  
    else
    {     
    exit();
    }
?>
 
is this better?
please let me know if i done anything wrong
I don't understand why you are doing else { exit(); }. The code will stop execution anyway.

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 6:03 pm
by chris_s_22
is this right

Code: Select all

 
<?
include('config.php');
    // Passkey that got from link 
    $passkey=mysql_real_escape_string($_GET['passkey']);
    $user_email = mysql_real_escape_string($_GET['user_email']);
    $query = "UPDATE user SET registered = 1 WHERE email = '$user_email' AND confirm_code = '$passkey'";
    if (!mysql_query($query))
    {  
    header('Location: http://www.pinkangel4u.com/truthdare/loginregister.php');
    }  
?>
 
doesnt seem to be working, its setting the registered feild to 0 do i need to edit other scripts or have i done something i shouldnt?
if there is a error have i made it goto that link?

Re: adding a email verification to my register script

Posted: Mon Jan 05, 2009 6:16 pm
by kaisellgren
chris_s_22 wrote:is this right

Code: Select all

 
<?
include('config.php');
    // Passkey that got from link 
    $passkey=mysql_real_escape_string($_GET['passkey']);
    $user_email = mysql_real_escape_string($_GET['user_email']);
    $query = "UPDATE user SET registered = 1 WHERE email = '$user_email' AND confirm_code = '$passkey'";
    if (!mysql_query($query))
    {  
    header('Location: http://www.pinkangel4u.com/truthdare/loginregister.php');
    }  
?>
 
doesnt seem to be working, its setting the registered feild to 0 do i need to edit other scripts or have i done something i shouldnt?
if there is a error have i made it goto that link?
No way that query sets it to 0. I think the initial value is 0, and for some reason the script will not set it to 1. Try:

Code: Select all

$result = mysql_query($query) or die(mysql_error());
if ($result)
{
...
}