xkrazykidx Posted December 4, 2012 Share Posted December 4, 2012 The invitation code part seems to get bypassed. If I fill out the form correctly with any invitation code it will still sign up the user. As in the code I want $msg to echo out 'The Invitation code is invalid' when the user inserts in a code that's not in my database. Later down the code if the user does end up inserting in a correct code I have the database update the table used from 0 to 1 to know that that current code has been used. Not sure if my if statement is wrong or something else is goofing up. //Clean Mandatory Fields $firstname = mysql_escape_string($first_name_d); $lastname = mysql_escape_string($last_name_d); $email = mysql_escape_string($email_d); $password = mysql_escape_string($password_d); $password_check = mysql_escape_string($confirm_password_d); $invite_code = mysql_escape_string($invite_code_d); $join_date = date("F j, Y"); //Check For Duplicates $code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); $dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'"); if(mysql_num_rows($dup) >0) {$msg = 'You already have an account! Try logging in.';} elseif($password != $password_check) {$msg = 'Passwords do not match!';} elseif(mysql_num_rows($code) < 0) {$msg = '<div class="statusmsg">The invitation code is invalid.</div>';} else { if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.';} else { // Return Success - Valid Email $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.'; $hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable. mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES( '". mysql_escape_string($firstname) ."', '". mysql_escape_string($lastname) ."', '". mysql_escape_string(md5($password)) ."', '". mysql_escape_string($email) ."', '". mysql_escape_string($zip) ."', '". mysql_escape_string($sex) ."', '". mysql_escape_string($birth_month) ."', '". mysql_escape_string($birth_day) ."', '". mysql_escape_string($birth_year) ."', '". mysql_escape_string($join_date) ."', '". mysql_escape_string($hash) ."') ") or die(mysql_error()); mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); $to = $email; //Send email to our user $subject = 'Signup | Verification'; //// Give the email a subject $message = ' Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. ------------------------ Name: '.$firstname.' Password: '.$password.' ------------------------ Please click this link to activate your account: http://%site%/verify.php?email='.$email.'&hash='.$hash.' '; // Our message above including the link //$headers = 'From:%email%' . "\r\n". // Set from headers //'errors-to: webmaster@example.com' . "\r\n" . //'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '-f %email%'); // Send the email } } } } Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 4, 2012 Share Posted December 4, 2012 You are not checking if $msg exists or echoing it anywhere to stop the registration... Quote Link to comment Share on other sites More sharing options...
xkrazykidx Posted December 4, 2012 Author Share Posted December 4, 2012 You are not checking if $msg exists or echoing it anywhere to stop the registration... I actually am, I am just not showing all the code as it works, the only issue I am having is that the validation for invite code is failing Full code below: <?php get_header(); ?> <div id="wrapper"> <?php // If the form is submitted // if (isset($_POST['submit'])) { //First Name Validation $first_name_d = $_POST['first_name']; if(empty($first_name_d)) {$msg = 'We\'re sorry but the First Name is missing';} //Last Name Validation $last_name_d = $_POST['last_name']; if(empty($last_name_d)) {$msg = 'We\'re sorry but the Last Name is missing';} //Email Validation $email_d = $_POST['email']; if(empty($email_d)) {$msg = 'We\'re sorry but the Email field is missing';} //Sex Validation $sex_d = $_POST['sex']; if(empty($sex_d)) {$msg = 'We\'re sorry but the Sex field is missing';} //Password Validation $password_d = $_POST['password']; if(empty($password_d)) {$msg = 'Please insert a password';} //Password Check Validation $confirm_password_d = $_POST['password_check']; if(empty($confirm_password_d)) {$msg = 'Please confirm your password';} //Password Check Validation $invite_code_d = $_POST['invite_code']; if(empty($invite_code_d)) {$msg = 'Please insert Invite Code';} //All Empty Validation if(empty($first_name_d) AND empty($last_name_d) AND empty($email_d) AND empty($sex_d) AND empty($password_d) AND empty($confirm_password_d) AND empty($invite_code_d)) {$msg = 'It seems like all the fields are empty';} //Check if mandatory fields are set if(isset($first_name_d) && !empty($first_name_d) AND isset($last_name_d) && !empty($last_name_d) AND isset($email_d) && !empty($email_d) AND isset($password_d) && !empty($password_d) AND isset($confirm_password_d) && !empty($confirm_password_d) AND isset($invite_code_d) && !empty($invite_code_d)) { //BIRTHDATE not required if(empty($_POST['birth_month'])) {$birth_month = '';} else {$birth_month = mysql_escape_string($_POST['birth_month']);} if(empty($_POST['birth_day'])) {$birth_day = '';} else {$birth_day = mysql_escape_string($_POST['birth_day']);} if(empty($_POST['birth_year'])) {$birth_year = '';} else {$birth_year = mysql_escape_string($_POST['birth_year']);} //ZIP not required if(empty($_POST['zip'])) {$zip = '';} else {$zip = mysql_escape_string($_POST['zip']);} //Clean Mandatory Fields $firstname = mysql_escape_string($first_name_d); $lastname = mysql_escape_string($last_name_d); $email = mysql_escape_string($email_d); $password = mysql_escape_string($password_d); $password_check = mysql_escape_string($confirm_password_d); $invite_code = mysql_escape_string($invite_code_d); $join_date = date("F j, Y"); //Check For Duplicates $code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); $dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'") or die(mysql_error()); if(mysql_num_rows($dup) >0) {$msg = 'You already have an account! Try logging in.';} elseif($password != $password_check) {$msg = 'Passwords do not match!';} elseif(mysql_num_rows($code) < 0) {$msg = '<div class="statusmsg">The invitation code is invalid.</div>';} else { if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.';} else { // Return Success - Valid Email $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.'; $hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable. mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES( '". mysql_escape_string($firstname) ."', '". mysql_escape_string($lastname) ."', '". mysql_escape_string(md5($password)) ."', '". mysql_escape_string($email) ."', '". mysql_escape_string($zip) ."', '". mysql_escape_string($sex) ."', '". mysql_escape_string($birth_month) ."', '". mysql_escape_string($birth_day) ."', '". mysql_escape_string($birth_year) ."', '". mysql_escape_string($join_date) ."', '". mysql_escape_string($hash) ."') ") or die(mysql_error()); mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); $to = $email; //Send email to our user $subject = 'Signup | Verification'; //// Give the email a subject $message = ' Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. ------------------------ Name: '.$firstname.' Password: '.$password.' ------------------------ Please click this link to activate your account: %website%/verify.php?email='.$email.'&hash='.$hash.' '; // Our message above including the link //$headers = 'From:%email%' . "\r\n". // Set from headers //'errors-to: webmaster@example.com' . "\r\n" . //'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '-f %email%'); // Send the email } } } } ?> <?php if(isset($msg)){ // Check if $msg is not empty echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg } ?> <form action="" method="post"> <label for="first_name"><em>*</em>First Name:</label> <input type="text" name="first_name" value="" /> <br> <label for="last_name"><em>*</em>Last Name:</label> <input type="text" name="last_name" value="" /> <br> <label for="email"><em>*</em>Email:</label> <input type="text" name="email" value="" /> <br> <label for="signup-birthdate">Birthdate</label> <select name="birth_month"> <option value="">---</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="birth_day"> <?php {echo "<option value=''>---</option>";} for ($i=1; $i<=31; $i++) {echo "<option value='$i'>$i</option>";} ?> </select> <select name="birth_year"> <?php {echo "<option value=''>---</option>";} for ($i=2006; $i>=1900; $i=$i-1) {echo "<option value='$i'>$i</option>";} ?> </select> <br> <label for="zip">Zip:</label> <input type="text" name="zip" value="" /> <br> <label for="sex">Sex:</label> <select name="sex"> <option value="male">Male</option> <option value="female">Female</option> </select> <br> <label for="password"><em>*</em>Password:</label> <input type="password" name="password" value="" /> <br> <label for="password_check"><em>*</em>Password:</label> <input type="password" name="password_check" value="" /> <br> <br> <label for="invite_code"><em>*</em>Invitation Code:</label> <input type="text" name="invite_code" value="" /> <input type="submit" name="submit" class="submit_button" value="Sign up" /> </form> </div> <!--/wrapper --> </div> <!-- /PAGE --> Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 4, 2012 Share Posted December 4, 2012 (edited) <?php // a lot of $msg checking stuff // query to insert mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES( '". mysql_escape_string($firstname) ."', '". mysql_escape_string($lastname) ."', '". mysql_escape_string(md5($password)) ."', '". mysql_escape_string($email) ."', '". mysql_escape_string($zip) ."', '". mysql_escape_string($sex) ."', '". mysql_escape_string($birth_month) ."', '". mysql_escape_string($birth_day) ."', '". mysql_escape_string($birth_year) ."', '". mysql_escape_string($join_date) ."', '". mysql_escape_string($hash) ."') ") or die(mysql_error()); // query to update table mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); $to = $email; //Send email to our user $subject = 'Signup | Verification'; //// Give the email a subject $message = ' Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. ------------------------ Name: '.$firstname.' Password: '.$password.' ------------------------ Please click this link to activate your account: %website%/verify.php?email='.$email.'&hash='.$hash.' '; // Our message above including the link //$headers = 'From:%email%' . "\r\n". // Set from headers //'errors-to: webmaster@example.com' . "\r\n" . //'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '-f %email%'); // Send the email } } } } ?> <?php // At the bottom of the page after all the querying is already done display the error. if(isset($msg)){ // Check if $msg is not empty echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg } ?> Look at the placement of your $msg and your queries. Does the logic make sense knowing that php goes line by line and you are doing nothing to stop it from querying? If you can not see what I'm talking about I added a few comments. Edited December 4, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
xkrazykidx Posted December 4, 2012 Author Share Posted December 4, 2012 <?php // a lot of $msg checking stuff // query to insert mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES( '". mysql_escape_string($firstname) ."', '". mysql_escape_string($lastname) ."', '". mysql_escape_string(md5($password)) ."', '". mysql_escape_string($email) ."', '". mysql_escape_string($zip) ."', '". mysql_escape_string($sex) ."', '". mysql_escape_string($birth_month) ."', '". mysql_escape_string($birth_day) ."', '". mysql_escape_string($birth_year) ."', '". mysql_escape_string($join_date) ."', '". mysql_escape_string($hash) ."') ") or die(mysql_error()); // query to update table mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); $to = $email; //Send email to our user $subject = 'Signup | Verification'; //// Give the email a subject $message = ' Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. ------------------------ Name: '.$firstname.' Password: '.$password.' ------------------------ Please click this link to activate your account: %website%/verify.php?email='.$email.'&hash='.$hash.' '; // Our message above including the link //$headers = 'From:%email%' . "\r\n". // Set from headers //'errors-to: webmaster@example.com' . "\r\n" . //'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '-f %email%'); // Send the email } } } } ?> <?php // At the bottom of the page after all the querying is already done display the error. if(isset($msg)){ // Check if $msg is not empty echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg } ?> Look at the placement of your $msg and your queries. Does the logic make sense knowing that php goes line by line and you are doing nothing to stop it from querying? If you can not see what I'm talking about I added a few comments. I tried having all my code after the form but all that happens is the page refreshes. Also the code actually worked properly before I added $code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); elseif(mysql_num_rows($code) < 0) {$msg = '<div class="statusmsg">The invitation code is invalid.</div>';} those lines. So I doubt its the actual order thats messing the process up. The querying would stop if the user failed any other validation. But when I tried to add the invite code section, it just ignores that one. Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 4, 2012 Share Posted December 4, 2012 (edited) The way you have that set up $msg will only show up if the number of rows is less than 0 Edited December 4, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
xkrazykidx Posted December 4, 2012 Author Share Posted December 4, 2012 Even if I change it to this $code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); if(mysql_num_rows($code) > 0) { mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); } else {$msg = '<div class="statusmsg">The invitation code is invalid.</div>';} The code is still bypassed and the user is registered. All other validation works. Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 4, 2012 Share Posted December 4, 2012 (edited) <?php get_header(); ?> <div id="wrapper"> <?php // If the form is submitted // if (isset($_POST['submit'])) { // List of variables $first_name_d = $_POST['first_name']; $last_name_d = $_POST['last_name']; $email_d = $_POST['email']; $sex_d = $_POST['sex']; $password_d = $_POST['password']; $confirm_password_d = $_POST['password_check']; $invite_code_d = $_POST['invite_code']; // If any were left blank if( empty($first_name_d) || empty($last_name_d) || empty($email_d) || empty($sex_d) || empty($password_d) || empty($confirm_password_d) || empty($invite_code_d) ) { $msg = "One or more fields were left blank."; } //BIRTHDATE not required if(!empty($_POST['birth_month']) { $birth_month = mysql_escape_string($_POST['birth_month']); } if(!empty($_POST['birth_day'])) { $birth_day = mysql_escape_string($_POST['birth_day']); } if(!empty($_POST['birth_year'])) { $birth_year = mysql_escape_string($_POST['birth_year']); } //ZIP not required if(!empty($_POST['zip'])) { $zip = mysql_escape_string($_POST['zip']); } //Clean Mandatory Fields $firstname = mysql_escape_string($first_name_d); $lastname = mysql_escape_string($last_name_d); $email = mysql_escape_string($email_d); $password = mysql_escape_string($password_d); $password_check = mysql_escape_string($confirm_password_d); $invite_code = mysql_escape_string($invite_code_d); $join_date = date("F j, Y"); //Check For Duplicates $code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); $dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'") or die(mysql_error()); if(mysql_num_rows($dup) > "0") { $msg = 'You already have an account! Try logging in.'; } elseif($password != $password_check) { $msg = 'Passwords do not match!'; } elseif(mysql_num_rows($code) < 0) { $msg = '<div class="statusmsg">The invitation code is invalid.</div>'; } else { if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.';} else { // Return Success - Valid Email $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.'; $hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable. if(empty($msg) { mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES( '". mysql_escape_string($firstname) ."', '". mysql_escape_string($lastname) ."', '". mysql_escape_string(md5($password)) ."', '". mysql_escape_string($email) ."', '". mysql_escape_string($zip) ."', '". mysql_escape_string($sex) ."', '". mysql_escape_string($birth_month) ."', '". mysql_escape_string($birth_day) ."', '". mysql_escape_string($birth_year) ."', '". mysql_escape_string($join_date) ."', '". mysql_escape_string($hash) ."') ") or die(mysql_error()); mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); $to = $email; //Send email to our user $subject = 'Signup | Verification'; //// Give the email a subject $message = " Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. ------------------------ Name: '.$firstname.' Password: '.$password.' ------------------------ Please click this link to activate your account: %website%/verify.php?email='.$email.'&hash='.$hash.' "; // Our message above including the link //$headers = 'From:%email%' . "\r\n". // Set from headers //'errors-to: webmaster@example.com' . "\r\n" . //'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '-f %email%'); // Send the email } } } } ?> <?php if(isset($msg)){ // Check if $msg is not empty echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg } ?> <form action="" method="post"> <label for="first_name"><em>*</em>First Name:</label> <input type="text" name="first_name" value="" /> <br> <label for="last_name"><em>*</em>Last Name:</label> <input type="text" name="last_name" value="" /> <br> <label for="email"><em>*</em>Email:</label> <input type="text" name="email" value="" /> <br> <label for="signup-birthdate">Birthdate</label> <select name="birth_month"> <option value="">---</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="birth_day"> <?php {echo "<option value=''>---</option>";} for ($i=1; $i<=31; $i++) {echo "<option value='$i'>$i</option>";} ?> </select> <select name="birth_year"> <?php {echo "<option value=''>---</option>";} for ($i=2006; $i>=1900; $i=$i-1) {echo "<option value='$i'>$i</option>";} ?> </select> <br> <label for="zip">Zip:</label> <input type="text" name="zip" value="" /> <br> <label for="sex">Sex:</label> <select name="sex"> <option value="male">Male</option> <option value="female">Female</option> </select> <br> <label for="password"><em>*</em>Password:</label> <input type="password" name="password" value="" /> <br> <label for="password_check"><em>*</em>Password:</label> <input type="password" name="password_check" value="" /> <br> <br> <label for="invite_code"><em>*</em>Invitation Code:</label> <input type="text" name="invite_code" value="" /> <input type="submit" name="submit" class="submit_button" value="Sign up" /> </form> </div> <!--/wrapper --> </div> <!-- /PAGE --> Several lines cleaned up. Still very basic (not tested). See if it works (keep a backup in case ). Edited December 4, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 4, 2012 Share Posted December 4, 2012 (edited) I would love it if a moderator/admin could please delete my previous post so I'm not spamming Stupid edit timeout. Wouldn't let me edit my previous post. Anyways, I found some errors in your code that I missed in my last post and fixed them, as well as double escaping issues you were using. Note that this is not tested and still basic and was created to clean up your code. Use at your own risk (keep a backup) Edit: For whatever reason, I can not remove the background size font, etc. tags inside the code before the }. Remove them before using. <?php get_header(); ?> <div id="wrapper"> <?php // If the form is submitted // if (isset($_POST['submit'])) { // If any were left blank if( empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email']) || empty($_POST['sex']) || empty($_POST['password']) || empty($_POST['password_check']) || empty($_POST['invite_code']) ) { $msg = "One or more fields were left blank."; } else { //Clean Mandatory Fields $firstname = mysql_real_escape_string($_POST['first_name']); $lastname = mysql_real_escape_string($_POST['last_name']); $email = mysql_real_escape_string($_POST['email']); $sex = mysql_real_escape_string($_POST['sex']); $password = mysql_real_escape_string($_POST['password']); $password_check = mysql_real_escape_string($_POST['password_check']); $invite_code = mysql_real_escape_string($_POST['invite_code']); $join_date = date("F j, Y"); } //BIRTHDATE not required if(!empty($_POST['birth_month']) { $birth_month = mysql_real_escape_string($_POST['birth_month']); } else { $birth_month = ""; } if(!empty($_POST['birth_day'])) { $birth_day = mysql_real_escape_string($_POST['birth_day']); } else { $birth_day = ""; } if(!empty($_POST['birth_year'])) { $birth_year = mysql_real_escape_string($_POST['birth_year']); } else { $birth_year = ""; } //ZIP not required if(!empty($_POST['zip'])) { $zip = mysql_real_escape_string($_POST['zip']); } else { $zip = ""; } //Check For Duplicates if(empty($msg) { $code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); $dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'") or die(mysql_error());[/background][/size][/font][/color][/background][/size][/font][/color] if(mysql_num_rows($dup) > "0") { $msg = 'You already have an account! Try logging in.'; } elseif($password != $password_check) { $msg = 'Passwords do not match!'; } elseif(mysql_num_rows($code) < 0) { $msg = '<div class="statusmsg">The invitation code is invalid.</div>'; } else { if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.';} else { // Return Success - Valid Email $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.'; $hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable. if(empty($msg) { mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES( '$firstname')', '$lastname', 'md5($password)', '$email', '$zip', '$sex', '$birth_month', '$birth_day', '$birth_year', '$join_date', '$hash') ") or die(mysql_error()); mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error()); $to = $email; //Send email to our user $subject = 'Signup | Verification'; //// Give the email a subject $message = " Thanks for signing up! Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. ------------------------ Name: '.$firstname.' Password: '.$password.' ------------------------ Please click this link to activate your account: %website%/verify.php?email='.$email.'&hash='.$hash.' "; // Our message above including the link //$headers = 'From:%email%' . "\r\n". // Set from headers //'errors-to: webmaster@example.com' . "\r\n" . //'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers, '-f %email%'); // Send the email } } } }[/background][/size][/font][/color][/background][/size][/font][/color] [color=#222222][font=Helvetica Neue', Arial, Verdana, sans-serif][size=4][background=rgb(255, 255, 255)][color=#222222][font=Helvetica Neue][size=4][background=rgb(255, 255, 255)]} ?> <?php if(isset($msg)){ // Check if $msg is not empty echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg } ?> <form action="" method="post"> <label for="first_name"><em>*</em>First Name:</label> <input type="text" name="first_name" value="" /> <br> <label for="last_name"><em>*</em>Last Name:</label> <input type="text" name="last_name" value="" /> <br> <label for="email"><em>*</em>Email:</label> <input type="text" name="email" value="" /> <br> <label for="signup-birthdate">Birthdate</label> <select name="birth_month"> <option value="">---</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <select name="birth_day"> <?php {echo "<option value=''>---</option>";} for ($i=1; $i<=31; $i++) {echo "<option value='$i'>$i</option>";} ?> </select> <select name="birth_year"> <?php {echo "<option value=''>---</option>";} for ($i=2006; $i>=1900; $i=$i-1) {echo "<option value='$i'>$i</option>";} ?> </select> <br> <label for="zip">Zip:</label> <input type="text" name="zip" value="" /> <br> <label for="sex">Sex:</label> <select name="sex"> <option value="male">Male</option> <option value="female">Female</option> </select> <br> <label for="password"><em>*</em>Password:</label> <input type="password" name="password" value="" /> <br> <label for="password_check"><em>*</em>Password:</label> <input type="password" name="password_check" value="" /> <br> <br> <label for="invite_code"><em>*</em>Invitation Code:</label> <input type="text" name="invite_code" value="" /> <input type="submit" name="submit" class="submit_button" value="Sign up" /> </form> </div> <!--/wrapper --> </div> <!-- /PAGE --> Edited December 4, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
xkrazykidx Posted December 4, 2012 Author Share Posted December 4, 2012 (edited) Thanks for the help, after looking at your edits I noticed what i was missing. I added alot of more validation since writing this post, but I edited the way I was checking for the key and added $msg at the very top. Top: if (isset($_POST['submit'])) { $msg = ""; //Initialize errors //Check For Invalid Keys $sql="SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'"; //$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); $result=mysql_query($sql); $row=mysql_fetch_array($result); if(mysql_num_rows($result)==0) { $msg = '<div class="statusmsg">The invitation code is invalid.</div>'; //die; } Then from what I noticed in your edit Instead of else { // Return Success - Valid Email $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.'; $hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable. if(empty($msg) I removed the first else as it would return the message saying your account is valid even if it did fail. I replaced it with your suggestion elseif(empty($msg)) { and now the page is running successfully checking the database for the codes as well as updating the used column. Thank you so much! I wish you could understand how happy I am now. This was bugging me for the past 3 days. Edited December 4, 2012 by xkrazykidx Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.