Jnerocorp Posted September 27, 2009 Share Posted September 27, 2009 hello, Can u please help me out here is the code i have so far: this is the link: http://joeyelectric.com/demos/orderconfirmation.php?token=1518257897&name=John&email=JneroCorp%40Live.com This is the Code: <?php $email = $_GET['email']; $token = $_GET['token']; $name = $_GET['name']; mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); $result = mysql_query("SELECT token FROM data WHERE email='$email'") or die(mysql_error()); $realtoken = "$result"; if (preg_match("$realtoken", "$token")) { echo "<font color='green'>Valid Confirmation</font>: You will recieve your serial number in your email in up to 5 minutes please be sure to check your junk inbox"; } else { echo "<font color='red'>Invalid Confirmation</font>: Code will not be emailed. If this is a mistake please email youremail@domain.com with the email that is used for your paypal account and we will check if you did in fact pay and will manually send your activation code."; } ?> This is the error im getting: Warning: preg_match() [function.preg-match]: Delimiter must not be alphanumeric or backslash in /home/a4428795/public_html/demos/orderconfirmation.php on line 15 [/code] Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 if (preg_match("$realtoken", "$token")) to if (preg_match("/^[0-9]$/", $realtoken)) WARNING NEVER SHOW DATABASE INFORMATION.... can i have your bank card cheers mate see you abroad..... Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 <?php $email = $_GET['email']; $token = $_GET['token']; $name = $_GET['name']; mysql_connect("mysql2.000webhost.com", "username", "password") or die(mysql_error()); mysql_select_db("a4428795_payment") or die(mysql_error()); $result = mysql_query("SELECT token FROM data WHERE email='$email'") or die(mysql_error()); $realtoken = $result; if (preg_match("/^[0-9]$/", $realtoken)) { echo "<font color='green'>Valid Confirmation</font>: You will recieve your serial number in your email in up to 5 minutes please be sure to check your junk inbox"; } else { echo "<font color='red'>Invalid Confirmation</font>: Code will not be emailed. If this is a mistake please email youremail@domain.com with the email that is used for your paypal account and we will check if you did in fact pay and will manually send your activation code."; } ?> Quote Link to comment Share on other sites More sharing options...
Jnerocorp Posted September 27, 2009 Author Share Posted September 27, 2009 Now i get this : Warning: preg_match() expects parameter 2 to be string, resource given in /home/a4428795/public_html/demos/orderconfirmation.php on line 15 Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 //OFF TOPIC..... anyone else want no about tokens...... as you can see from the example below unless the token is valid the user get the info else dose not. many php websites use this php strategy..... it a easy clue for secuity (( the mind blowing session lol........ <?php session_start(); $token=session_id(); echo $token; ?> Quote Link to comment Share on other sites More sharing options...
Jnerocorp Posted September 27, 2009 Author Share Posted September 27, 2009 well this is part of a payment proccess i just used the word token for no real reason i could have used the word php or whatever but I need it to check if the token they have in their link to check if it matches the token with the table thats next to their email and if it matches it does an email script else it does a different script. Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 sorry was me......if (preg_match("/[0-9a-z]/i", $token)) <?php session_start(); $token=session_id(); if (preg_match("/[0-9a-z]/i", $token)) { echo"valid"; }else{ echo "not valid"; } ?> Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 try this bro if (preg_match("/[0-9]/i", $realtoken)) { Quote Link to comment Share on other sites More sharing options...
Jnerocorp Posted September 27, 2009 Author Share Posted September 27, 2009 With that code i get this error Warning: preg_match() expects parameter 2 to be string, resource given in /home/a4428795/public_html/demos/orderconfirmation.php on line 18 Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 got me....... echo $token please want to see it on ur page..... Quote Link to comment Share on other sites More sharing options...
Alex Posted September 27, 2009 Share Posted September 27, 2009 With that code i get this error Warning: preg_match() expects parameter 2 to be string, resource given in /home/a4428795/public_html/demos/orderconfirmation.php on line 18 The reason you're getting that is because you're trying to use a MySQL resource in preg_match, which makes no sense. You should have: $result = mysql_query("SELECT token FROM data WHERE email='$email'") or die(mysql_error()); $row = mysql_fetch_assoc($result); $realtoken = $row['token']; Quote Link to comment Share on other sites More sharing options...
Jnerocorp Posted September 27, 2009 Author Share Posted September 27, 2009 @AlexWD ok now the page always shows as valid no matter what token is there $token needs to match $realtoken for it to be valid Quote Link to comment Share on other sites More sharing options...
Alex Posted September 27, 2009 Share Posted September 27, 2009 @AlexWD ok now the page always shows as valid no matter what token is there $token needs to match $realtoken for it to be valid I'm confused as to why you're using preg_match().. Why don't you just do: if($realtoken == $token) { //Valid } else { //Invalid } Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 27, 2009 Share Posted September 27, 2009 i don't see the need for a regex why not use == $result = mysql_query("SELECT token FROM data WHERE email='$email'") or die(mysql_error()); $row = mysql_fetch_assoc($result); if ($token == $row['token']) { echo "<font color='green'>Valid Confirmation</font>: You will recieve your serial number in your email in up to 5 minutes please be sure to check your junk inbox"; EDIT: i got $token and $realtoken around the wrong way (fixed) Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 the point off token is security but programming preference, i say works my end? going to do it the basic way at least use is_int()........ Quote Link to comment Share on other sites More sharing options...
Jnerocorp Posted September 27, 2009 Author Share Posted September 27, 2009 well now everything works thanks Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 27, 2009 Share Posted September 27, 2009 try to hide the important info in that link... md5 some info and also md5 on the database and it will match try.... or use base64_encode() there also base64_decode() there good for internal work, especially when it the user's info seen in a link about him self..... look at your code and think is there anything that the user can do, to get me in trouble, or can they change things. unfortunately using the url will cause a lard ass try something. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.