[SOLVED] Unable to create an activation page

[Anxious]

I have set the activation code, it's entered into the database, and should also be entered into the welcome mail you get when users signed up. Would be great to check over it first.

Here are the pieces of code I editted.

 

Session.php

<?php ........
	  /* Captcha error chcking */
	  $field = "captcha"; //Use field name for gender
	  if (strcmp(md5($subuser_code),$_SESSION['ckey'])){
	  $form->setError($field, "* Captcha image is incorrect");
	  }

      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return 1;  //Errors with form
      }
  
      /* No errors, add the new account to the database */
      else{
  $activ_code = rand(1000,9999);
         if($database->addNewUser($subuser, md5($subpass), $subemail, $subday, $submonth, $subyear, $sublocation, $subgender, $activ_code)){
	   if($database->addNewProfile($subuser, md5($subpass), $subemail)){
            if(EMAIL_WELCOME){
               $mailer->sendWelcome($subuser,$subemail,$subpass,$sublocation,$subgender);
            }
            return 0;  //New user added succesfully
         }
	 }else{
            return 2;  //Registration attempt failed
         } ?>

I added in "$activ_code = rand(1000,9999);"

 

Database.php

<?php ........
   function addNewUser($username, $password, $email, $day, $month, $year, $location, $gender, $activ_code){
      $time = date("F j, Y, g:i");
  $dob = $_POST['day'] . "/" . $_POST['month'] . "/" . $_POST['year'];
  
      /* If admin sign up, give admin user level */
      if(strcasecmp($username, ADMIN_NAME) == 0){
         $ulevel = ADMIN_LEVEL;
      }else{
         $ulevel = USER_LEVEL;
      }
      $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '$ulevel', '$email', '$time', '$location', '$dob', '$gender', '0', '$activ_code')";
      return mysql_query($q, $this->connection);
   }
      function addNewProfile($username, $password, $email){
      $q = "INSERT INTO ".TBL_PROFILE." VALUES ('$username', '$password', '$email', '$slogan', '$profilelocation', '$schooljob', '$status', '$likes', '$dislikes', '$music')";
  return mysql_query($q, $this->connection);
  } ?>

It adds the activ_code into the the USER database.

 

Mailer.php

<?php .......
   function sendWelcome($user, $email, $pass, $location, $gender, $activ_code){

      $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
      $subject = "Welcome To MyVee!";
      $body = $user.",\n\n"
             ."Welcome! You've just registered at MyVee.\n"
             ."The details you filled in are:\n\n"
             ."Username: ".$user."\n"
             ."Password: ".$pass."\n\n"
		 ."Location: ".$location."\n"
		 ."Gender: ".$gender."\n\n"
		 ."If any of this informaion is incorrect, please change them.\n\n"
		 ."In order to use MyVee, you must validate your email address, please use the link below.\n"
		 ."____________________________________________\n"
		 ."\n"
		 ."Activation Link: http://www.myvee.co.uk/activate.php?usr=$_POST[email]&code=$activ_code \n\n"
		 ."____________________________________________\n\n"
             ."If you ever lose or forget your password, a new "
             ."password will be generated for you and sent to this "
             ."email address, if you would like to change your "
             ."email address you can do so by going to the "
             ."Edit Details page after signing in.\n\n"
			 ."- Admin At MyVee";

      return mail($email,$subject,$body,$from);
   } ?> 

Puts the activ_code into the welcome email you get when users sign up.

 

It should be all correct.

However, what can I do to create an activation page (it has the activation link in the mail)

so that when users click on it, it tells them there account has been activated.

Also then, allows you to login.

Would I need to add anything to the database too.

 

Thanks

 

[Anxious]

The way the activation page works, is that the page, has the activation code inside the URL, and you need to type in your email address.

 

It then checks the database, to see if the activation code, matches with the email address in the database, if true, it activates the account, and sends out an echo 'your account has been activated you can now login'. If false, it says 'error has occured during your activation please try again or contact us'

 

Then also, on the database it'll have "Activated", as the user activates there account, it puts in the value 1, to say its activated. 0 to say its not activated (default value is 0)

 

Then, as the user logs in, it needs to check if the account has been activated, which is the bit I'm most probably unable to do.

[The Little Guy]

Why don't you do this...

 

- User registers

- User gets an email

- User click on a link in the email

- The link contains a minimum of two important pieces of info

    - email address

          - [email protected]

    - authorization code

          - 8d8djml6kdfidnfif5jdidjf7sksuir8

- The PHP uses those two pieces of info to search the database, then if it finds it gets activated

 

This works just like a users "user name" and "password".

[The Little Guy]

oh... also...

 

I would have in the database a column called "activated" and use an "ENUM('1','2')" (1 for unauthorized, 2 for authorized).

[Anxious]

Yeah, thats sort of what I had in mind, but how would I code it, I'm not sure. is the code I have already up there fine?

[Anxious]

the activation link has the email and activation code within it.

I would only be able to do it if there was a form involved, how would I submit the information (email) and (activation link) without a form. which that would go to process.php, then go to session.php, then to database (just getting it to process.php is what im stuck on)