My activation only works after one join. After that my script does not work?

Hi Everyone,

I was testing my script to see if it works. It did for the first registered user (me). I then registered another account using a different email but for some reason my activation page won't activate the account? I'm not sure what's wrong. Below is the syntax for both of the join page and activation. Any help/pointers?

http://whatsmyowncarworth.com/more-practice/join_form.php

Thanks everyone!

activation page

<? 

//Connect to the database through our include 
include_once "connect_to_mysql.php";
// Get the member id from the URL variable
$id = $_REQUEST['id'];
$id = ereg_replace("[^0-9]", "", $id); // filter everything but numbers for security
if (!$id) {
echo "Missing Data to Run";
exit();	
}
// Update the database field named 'email_activated' to 1
$sql = mysql_query("UPDATE members SET emailactivated='1' WHERE id='$id'"); 
// Check the database to see if all is right now 
$sql_doublecheck = mysql_query("SELECT * FROM members WHERE id='$id' AND emailactivated='1'"); 
$doublecheck = mysql_num_rows($sql_doublecheck); 
if($doublecheck == 0){ 
// Print message to the browser saying we could not activate them
print "<br /><br /><div align=\"center\"><h3><strong><font color=red>Your account could not be activated!</font></strong><h3><br /></div>"; 
} elseif ($doublecheck > 0) {
// Print a success message to the browser cuz all is good 
// And supply the user with a link to your log in page, please alter that link line 
print "<br /><br /><h3><font color=\"#0066CC\"><strong>Your account has been activated!<br /><br />
</strong></font><a href=\"http://whatsmyowncarworth.com/more-practice/login.php\">Click Here</a> to log in now.</h3>"; 
} 
?>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

join page

<?php
// Set error message as blank upon arrival to page
$errorMsg = "";
// First we check to see if the form has been submitted 
if (isset($_POST['username'])){
//Connect to the database through our include 
include_once "connect_to_mysql.php";
// Filter the posted variables
$username = ereg_replace("[^A-Za-z0-9]", "", $_POST['username']); // filter everything but numbers and letters
$country = ereg_replace("[^A-Z a-z0-9]", "", $_POST['country']); // filter everything but spaces, numbers, and letters
$state = ereg_replace("[^A-Z a-z0-9]", "", $_POST['state']); // filter everything but spaces, numbers, and letters
$city = ereg_replace("[^A-Z a-z0-9]", "", $_POST['city']); // filter everything but spaces, numbers, and letters
$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
// Check to see if the user filled all fields with
// the "Required"(*) symbol next to them in the join form
// and print out to them what they have forgotten to put in
if((!$username) || (!$country) || (!$state) || (!$city) || (!$email) || (!$password)){

	$errorMsg = "You did not submit the following required information!<br /><br />";
	if(!$username){
		$errorMsg .= "--- User Name";
	} else if(!$country){
		$errorMsg .= "--- Country"; 
	} else if(!$state){ 
	    $errorMsg .= "--- State"; 
   } else if(!$city){ 
       $errorMsg .= "--- City"; 
   } else if(!$email){ 
       $errorMsg .= "--- Email Address"; 
   } else if(!$password){ 
       $errorMsg .= "--- Password"; 
   }
} else {
// Database duplicate Fields Check
$sql_username_check = mysql_query("SELECT id FROM members WHERE username='$username' LIMIT 1");
$sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");
$username_check = mysql_num_rows($sql_username_check);
$email_check = mysql_num_rows($sql_email_check); 
if ($username_check > 0){ 
	$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another.";
} else if ($email_check > 0){ 
	$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another.";
} else {
	// Add MD5 Hash to the password variable
       $hashedPass = md5($password); 
	// Add user info into the database table, claim your fields then values 
	$sql = mysql_query("INSERT INTO members (username, country, state, city, email, password, signupdate) 
	VALUES('$username','$country','$state','$city','$email','$hashedPass', now())") or die (mysql_error());
	// Get the inserted ID here to use in the activation email
	$id = mysql_insert_id();
	// Create directory(folder) to hold each user files(pics, MP3s, etc.) 
	mkdir("memberFiles/$id", 0755); 
	// Start assembly of Email Member the activation link
	$to = "$email";
	// Change this to your site admin email
	$from = "admin@whatsmyowncarworth.com";
	$subject = "Complete your registration";
	//Begin HTML Email Message where you need to change the activation URL inside
	$message = '<html>
	<body bgcolor="#FFFFFF">
	Hi ' . $username . ',
	<br /><br />
	You must complete this step to activate your account with us.
	<br /><br />
	Please click here to activate now >>
	<a href="http://whatsmyowncarworth.com/more-practice/activation.php?id=' . $id . '">
	ACTIVATE NOW</a>
	<br /><br />
	Your Login Data is as follows: 
	<br /><br />
	E-mail Address: ' . $email . ' <br />
	Password: ' . $password . ' 
	<br /><br /> 
	Thanks! 
	</body>
	</html>';
	// end of message
	$headers = "From: $from\r\n";
	$headers .= "Content-type: text/html\r\n";
	$to = "$to";
	// Finally send the activation email to the member
	mail($to, $subject, $message, $headers);
	// Then print a message to the browser for the joiner 
	print "<br /><br /><br /><h4>OK $firstname, one last step to verify your email identity:</h4><br />
	We just sent an Activation link to: $email<br /><br />
	<strong><font color=\"#990000\">Please check your email inbox in a moment</font></strong> to click on the Activation <br />
	Link inside the message. After email activation you can log in.";
	exit(); // Exit so the form and page does not display, just this success message
} // Close else after database duplicate field value checks
  } // Close else after missing vars check
} //Close if $_POST
?>

>>>>>>>>>>>>>>>>>>

What exact symptom or output do you get on the activation page? And if you get a blank page, what does a 'view source' of that page in your browser show?

Edit: Also, does the URL in the email message have the expected id value on the end of it?

ereg_replace is depreciated. You should be using preg_replace instead.

Hi,

Thanks for the reply.

What exact symptom or output do you get on the activation page? And if you get a blank page, what does a 'view source' of that page in your browser show?

This is the error message I'm getting. "ACTIVATION RESULTS Your account could not be activated!"

http://whatsmyowncarworth.com/more-practice/activation.php?id=9

Also, does the URL in the email message have the expected id value on the end of it?

Yes it does. In this case the email value is 9 (please look at the above URL)

In the below URL I have a list of my members (me) and detailed information about each of them and also their activation emails.

http://whatsmyowncarworth.com/more-practice/activation.php?id=7

http://whatsmyowncarworth.com/more-practice/activation.php?id=9

http://whatsmyowncarworth.com/more-practice/member-display.php

ereg_replace is depreciated. You should be using preg_replace() instead.

That's been changed. Thanks.

The syntax for the join and activation page has stayed the same (for accept the minor change regarding the preg_replace and I also included error reporting on activation page. Below)

error_reporting(E_ALL | E_STRICT);
ini_set("display_errors", 1);

How come it works for one account and not the other ? What am I doing wrong?

Thanks!

I'm going to guess that your UPDATE query is failing. You don't have any error checking/error reporting logic in your code to get it (your code) to tell you if and why a query might be failing.

For debugging purposes, use var_dump($sql); right after the line with the UPDATE query and see what value the mysql_query statement returned. If it returned a FALSE value, use mysql_error to find out why the UPDATE query is failing.

Why do you use $_REQUEST?

Are you sure you don't really want to use $_GET instead?

Do this instead:

$query = "UPDATE members SET emailactivated='1' WHERE id='$id'";
echo 'query: '.$query."<br/>\n";
$sql = mysql_query($query) or die(mysql_error());

$query = "SELECT * FROM members WHERE id='$id' AND emailactivated='1'";
echo 'query: '.$query."<br/>\n";
$sql_doublecheck = mysql_query($query) or die(mysql_error())

$_REQUEST holds the $_GET and $_POST array, so changing it to $_GET won't "fix" any problem.

$_REQUEST holds the $_GET and $_POST array, so changing it to $_GET won't "fix" any problem.

I didn't say it would fix any problem. My point was he most likely shouldn't be using $_REQUEST, hence why I'm asking him why he is doing that, and then I tell him he should perhaps use $_GET instead.

The "do this instead" part is actually what might help him figure out the problem.

Hi Everyone,

Thanks for the responses.

For debugging purposes, use var_dump($sql); right after the line with the UPDATE query and see what value the mysql_query statement returned. If it returned a FALSE value, use mysql_error() to find out why the UPDATE query is failing.

I tried this and it returned false. This is now the error I'm getting.

"ACTIVATION RESULTS Duplicate entry '1' for key 'emailactivated'"

http://whatsmyowncarworth.com/more-practice/activation.php?id=9

so I went to my "members" table and looked at the structure of the column of "emailactivated" and this is what I have.

Type = enum('0', '1')

Collation = utf8_unicode_ci

Null = No

Default = 0

Any ideas?

Thanks again everyone, appreciate the help!

Did you make MMDE's suggestion?

$query = "UPDATE members SET emailactivated='1' WHERE id='$id'";

Your emailactivated column apparently has a unique key or similar defined for it, meaning you can only have one row with a '1' in it at any one time. You would need to remove the unique restriction from that column.

To remove an index use this,

DROP INDEX `emailactivated` ON `members`

If the index or unique index does not exist, you should give a sql error message:

Can't DROP 'emailactivated'; check that column/key exists

Hi Everyone,

Thanks for the replies and help. I appreciate it. To fix my problem all I needed to do is delete the emailactivated row in my table then insert the same row again. Thanks again everyone! Much appreciated!

And then don't make it a key :-P