Jump to content


Photo

insert activation code into table


Best Answer yandoo, 20 June 2013 - 03:47 PM

Ooops amazing how you can see things more clearly when you stop for a moment! The mysql table was suppose to be a varchar and was an int by accident. 

 

thanks anyways, love you all x

Go to the full post


  • Please log in to reply
2 replies to this topic

#1 yandoo

yandoo

    Advanced Member

  • Members
  • PipPipPip
  • 470 posts

Posted 20 June 2013 - 03:44 PM

Hiya I was hoping for a little help if possible. 

 

I'm building a basic email activation system. I've got to a point that when i register a new account; userid(auto increment),  username, email, password it INSERTS the data into the user table but also the userid and an activation code into the activations table. 

 

Its all working except it doesn't insert the activation code into the activation table. There's no errors of any kind either so i just don't know why its not working. If you can see why please let me know because I'm stumped. 

 

register.php

<?php include('core/init.inc.php');
error_reporting(E_ALL);

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == false){
		$errors[] = 'The email address you entered is not invalid.';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if ($_POST['password'] != $_POST['repeat_password']){
		$errors[] = 'Password verification failed';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['email'], $_POST['password']);
							
		header('Location: protected.php');
		die();
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<title></title>
	</head>
	<body>
		<div>
	<?php 
	
	if (empty($errors) == false){	
	?>
	<ul>
	
	<?php 
	foreach ($errors as $error){
	echo "<li>($error)</li>";
	}
	
	?>
	
	</ul>
	
	
	<?php 
	}
	
	?>
</div>

<form action="" method="post">
<p>
	<label for="username">Username:</label>
	<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']);?>"/>
</p>
<p>

<label for="email">Email:</label>
	<input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']);?>"/>

</p>

<p>
	<label for="pasword">Password:</label>
	<input type="password" name="password" id="password" />
</p>
<p>

	<label for="repeat_pasword">Repeat Password:</label>
	<input type="password" name="repeat_password" id="repeat_password" />
</p>
<p>
	<input type="submit" value="Register" />
</p>
</form>
	</body>
	</html>

user.inc.php

<?php error_reporting(E_ALL);
// check if given username exists in table
function user_exists($user){
	$user = mysql_real_escape_string($user);
	$total = mysql_query("SELECT COUNT(UserID) FROM user WHERE `Username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}

// check if given username and password combination is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT(UserID) FROM user WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}


// add users to the database
function add_user($user, $email, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$email = mysql_real_escape_string($email) ;
$pass = sha1($pass);

$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range (0, 9)));
$aid = implode('', array_rand($charset, 10));

$body = <<<EMAIL

Hi, 

Thanks for registering before you login you need to activate your account.

To do that simply click the following link.

http://localhost/simply-inspiration/activte.php?aid={$aid}

EMAIL;

mail($email, 'Your new account at simply-inspiration.com', $body, 'From: admin@simply-inspiration.com');

mysql_query("INSERT INTO `user` (`Username`, `Password`, `Email`) VALUES ('{$user}', '{$pass}', '{$email}')");

$UserID = mysql_insert_id();

mysql_query("INSERT INTO `activations` (`UserID`, `ActivationCode`) VALUES ('{$UserID}', '{$aid}')");

}

?>

Thank you very much :)



#2 yandoo

yandoo

    Advanced Member

  • Members
  • PipPipPip
  • 470 posts

Posted 20 June 2013 - 03:47 PM   Best Answer

Ooops amazing how you can see things more clearly when you stop for a moment! The mysql table was suppose to be a varchar and was an int by accident. 

 

thanks anyways, love you all x



#3 Christian F.

Christian F.

    Advanced Member

  • Staff Alumni
  • 3,106 posts
  • LocationNorway

Posted 20 June 2013 - 05:26 PM

The reason why you weren't getting any error messages, is because you have a complete lack of error handling in your script. Without actually checking, and handling, errors you won't get any information when a third party system fails.
Your code is also quite insecure, especially the manner in which you're storing the password. Which is why I recommend you to read the following articles, and watch the linked video:
General PHP security
secure login systems
How to debug your SQL errors
Video on Password Hashing in PHP
Keeping it simple.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com