Generaljoe

i'll have it secured,its still in the development phase, its part of the plan, come on man,i wouldnt want the database injected by some sql injection or some silly tricks

here is the full code <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { $error = array();//Declare An Array to store any error message if (empty($_POST['username'])) {//if no name has been supplied $error[] = 'Please Enter Username ';//add to array "error" } else { $username = $_POST['username'];//else assign it a variable } if (empty($_POST['salutation'])) {//if no name has been supplied $error[] = 'Please Enter Salutation ';//add to array "error" } else { $salutation = $_POST['salutation'];//else assign it a variable } if (empty($_POST['gender'])) {//if no name has been supplied $error[] = 'Please Select Gender ';//add to array "error" } else { $gender = $_POST['gender'];//else assign it a variable } if (empty($_POST['firstname'])) {//if no name has been supplied $error[] = 'Please Enter Firstname ';//add to array "error" } else { $firstname = $_POST['firstname'];//else assign it a variable } if (empty($_POST['lastname'])) {//if no name has been supplied $error[] = 'Please Enter Lastname ';//add to array "error" } else { $lastname = $_POST['lastname'];//else assign it a variable } if (empty($_POST['maritialstatus'])) {//if no name has been supplied $error[] = 'Please Enter Marital status ';//add to array "error" } else { $maritialstatus = $_POST['maritialstatus'];//else assign it a variable } if (empty($_POST['dob'])) {//if no name has been supplied $error[] = 'Please Enter Date of Birth ';//add to array "error" } else { $dob = $_POST['dob'];//else assign it a variable } if (empty($_POST['category'])) {//if no name has been supplied $error[] = 'Please Enter Category ';//add to array "error" } else { $category = $_POST['category'];//else assign it a variable } if (empty($_POST['motmaidenname'])) {//if no name has been supplied $error[] = 'Please Enter Mother Maiden name ';//add to array "error" } else { $motmaidenname = $_POST['motmaidenname'];//else assign it a variable } if (empty($_POST['fathername'])) {//if no name has been supplied $error[] = 'Please Enter Father name ';//add to array "error" } else { $fathername = $_POST['fathername'];//else assign it a variable } if (empty($_POST['mobileno'])) {//if no name has been supplied $error[] = 'Please Enter Mobile Number ';//add to array "error" } else { $mobileno = $_POST['mobileno'];//else assign it a variable } if (empty($_POST['occtype'])) {//if no name has been supplied $error[] = 'Please Select Occupation Type ';//add to array "error" } else { $occtype = $_POST['occtype'];//else assign it a variable } if (empty($_POST['income'])) {//if no name has been supplied $error[] = 'Please Seclect Income ';//add to array "error" } else { $income = $_POST['income'];//else assign it a variable } if (empty($_POST['sourceoffunds'])) {//if no name has been supplied $error[] = 'Please Select Source of Fund ';//add to array "error" } else { $sourceoffunds = $_POST['sourceoffunds'];//else assign it a variable } if (empty($_POST['state'])) {//if no name has been supplied $error[] = 'Please Enter State ';//add to array "error" } else { $state = $_POST['state'];//else assign it a variable } if (empty($_POST['Country'])) {//if no name has been supplied $error[] = 'Please Select Country ';//add to array "error" } else { $Country = $_POST['Country'];//else assign it a variable } if (empty($_POST['city'])) {//if no name has been supplied $error[] = 'Please Select City ';//add to array "error" } else { $city = $_POST['city'];//else assign it a variable } if (empty($_POST['randomnumber'])) {//if no name has been supplied $error[] = 'AutoGenerate AccountNumber Failed ';//add to array "error" } else { $randomnumber = $_POST['randomnumber'];//else assign it a variable } if (empty($_POST['Addressproof'])) {//if no name has been supplied $error[] = 'Please Enter Address ';//add to array "error" } else { $Addressproof = $_POST['Addressproof'];//else assign it a variable } if (empty($_POST['email'])) { $error[] = 'Please Enter your Email '; } else { if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['email'])) { //regular expression for email validation $email = $_POST['email']; } else { $error[] = 'Your EMail Address is invalid '; } } if (empty($_POST['Password'])) { $error[] = 'Please Enter Your Password '; } else { $Password = $_POST['Password']; } if (empty($error)) //send to Database if there's no error ' { // If everything's OK... // Make sure the email address is available: $query_verify_email = "SELECT * FROM members WHERE email ='$email'"; $result_verify_email = mysqli_query($dbc, $query_verify_email); if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false) echo ' Database Error Occured '; } if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email . // Create a unique Activation code: $Activation = md5(uniqid(rand(), true)); $query_insert_user = "INSERT INTO `members` ( `salutation`, `gender`, `firstname`, `middlename`, `lastname`, `maritialstatus`, `dob`, `category`, `motmaidenname`, `fathername`, `email`, `mobileno`, `chkpan`, `occtype`, `education`, `income`, `sourceoffunds`, `others`, `PassportID`, `username`, `Addressproof`, `Password`, `state`, `Country`, `city`, `randomnumber`, `Activation`) VALUES ('$salutation', '$gender', '$firstname', '$middlename', '$lastname', '$maritialstatus', '$dob', '$category', '$motmaidenname', '$fathername', '$email', '$mobileno', '$chkpan', '$occtype', '$education', '$income', '$sourceoffunds', '$others', '$PassportID', '$username', '$Addressproof', '$Password', '$state', '$Country', '$city', '$randomnumber', '$Activation')"; $result_insert_user = mysqli_query($dbc, $query_insert_user); if (!$result_insert_user) { echo 'Query Failed '; } if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull. // Send the email: $message = " To activate your account, please click on this link:\n\n"; $message .= " http://www.mysite.com/activate.php?email=$email&key=$Activation"; $message .= " __________________________________________ Username: $username Password: $Password __________________________________________ Please Ensure you keep safely."; mail($email, 'Sign Up|Verification', $message, 'From:My Site<no-reply@xxxxx.com>'); // Flush the buffered output. // Finish the page: echo '<div class="success">Thank you for registering! A confirmation email has been sent to '.$email.' Please click on the Activation Link to Activate your account </div>'; } else { // If it did not run OK. echo '<div class="errormsgbox">You could not be registered due to a system error. We apologize for any inconvenience.</div>'; } } else { // The email address is not available. echo '<div class="errormsgbox" >That email address has already been registered. </div>'; } } else {//If the "error" array contains error msg , display them echo '<div class="errormsgbox"> <ol>'; foreach ($error as $key => $values) { echo ' <li>'.$values.'</li>'; } echo '</ol></div>'; } mysqli_close($dbc);//Close the DB Connection } // End of the main Submit conditional. ?> this is the Activation code after verification link is sent <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Activate Your Account</title> <style type="text/css"> body { font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif; font-size:12px; } .success { border: 1px solid; margin: 0 auto; padding:10px 5px 10px 60px; background-repeat: no-repeat; background-position: 10px center; width:450px; color: #4F8A10; background-color: #DFF2BF; background-image:url('images/success.png'); } .errormsgbox { border: 1px solid; margin: 0 auto; padding:10px 5px 10px 60px; background-repeat: no-repeat; background-position: 10px center; width:450px; color: #D8000C; background-color: #FFBABA; background-image: url('images/error.png'); } </style> </head> <body><?php include ('database_connection.php'); if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])) { $email = $_GET['email']; } if (isset($_GET['key']) && (strlen($_GET['key']) == 32))//The Activation key will always be 32 since it is MD5 Hash { $key = $_GET['key']; } if (isset($email) && isset($key)) { // Update the database to set the "activation" field to null $query_activate_account = "UPDATE members SET Activation=NULL WHERE(email ='$email' AND Activation='$key')LIMIT 1"; $result_activate_account = mysqli_query($dbc, $query_activate_account) ; // Print a customized message: if (mysqli_affected_rows($dbc) == 1)//if update query was successfull { echo '<div class="success">Your account is now active. You may now <a href="login.php">Log in</a></div>'; } else { echo '<div class="errormsgbox">Oops !Your account could not be activated. Please recheck the link or contact the system administrator.</div>'; } mysqli_close($dbc); } else { echo '<div class="errormsgbox">Error Occured .</div>'; } ?> </body> </html> all i want is to have the user account details e.g username,Password and randomnumber fetched from database and an email will be sent to user containing account details after account is confirmed.

<?php $activation = isset($_GET['key']) ? $_GET['key'] : false; if (!$activation) { echo "No activation key passed"; } else { // Update the database to set the "activation" field to null include ('database_connection.php'); $activation = mysql_real_escape_string($activation); $query = "UPDATE members SET Activation=NULL WHERE Activation='$key'"; $result = mysqli_query($dbc, $query_activate_account); if(!$result) { echo "An error occured trying to activate your account"; //Debug line only, log errors in a production environment echo "Query: $query<br>Error: " . mysql_error(); } elseif(!mysqli_affected_rows($dbc)) { echo "Your activation code does not appear to be valid"; } else { //Activation completed. Send a customized message. //query $query = mysql_query("select username, Password, randomnumber from members where key='$key'") or die ('Query is invalid: ' . mysql_error()); //write the results while ($row = mysql_fetch_array($query)) { $message = " Your Account has now been verified, Below are your Details.\n __________________________________________ Username: $username Password: $Password Account Number: $randomnumber __________________________________________ Please Ensure you keep safely."; if(!mail ($email, "Activation Success", $message, 'From:My site<no-reply@xxxx.com>')) { echo "There was a problem sending your activation details"; } else { echo '<div class="success">Your account is now active and your Account details sent to you. You may now <a href="login.php">Log in</a></div>'; } } } ?> i got error in line 57

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after the $key UPDATES where email is $email and sets it to null, then the fetched variables can be emailed to user's email my code below, doesnt work as expected <?php include ('database_connection.php'); if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])) { $email = $_GET['email']; } if (isset($_GET['key']) && (strlen($_GET['key']) == 32))//The Activation key will always be 32 since it is MD5 Hash { $key = $_GET['key']; } if (isset($email) && isset($key)) { // Update the database to set the "activation" field to null $query_activate_account = "UPDATE members SET Activation=NULL WHERE(email ='$email' AND Activation='$key')LIMIT 1"; $result_activate_account = mysqli_query($dbc, $query_activate_account) ; // Print a customized message: if (mysqli_affected_rows($dbc) == 1)//if update query was successfull { // Send the email: $message = " Your Account has now been verified, Below are your Details.\n\n"; $message .= " __________________________________________ Username: $username Password: $Password Account Number: $randomnumber __________________________________________ Please Ensure you keep safely."; echo '<div class="success">Your account is now active and your Account details sent to you. You may now <a href="login.php">Log in</a></div>'; mail ($email, "Activation Success", $message, 'From:My site<no-reply@xxxx.com>');