Jump to content

[SOLVED] checking if matching variables

Jnerocorp

By Jnerocorp
in PHP Coding Help

 Share

Recommended Posts

Jnerocorp Regular Member

Jnerocorp

Posted
Posted

hello,

 

Can u please help me out here is the code i have so far:

 

this is the link:

http://joeyelectric.com/demos/orderconfirmation.php?token=1518257897&name=John&email=JneroCorp%40Live.com

 

This is the Code:


<?php

$email = $_GET['email'];
$token = $_GET['token'];
$name = $_GET['name'];

mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

$result = mysql_query("SELECT token FROM data
WHERE email='$email'") or die(mysql_error()); 

$realtoken = "$result";

if (preg_match("$realtoken", "$token")) {

echo "<font color='green'>Valid Confirmation</font>: You will recieve your serial number in your email in up to 5 minutes please be sure to check your junk inbox";


} else {

echo "<font color='red'>Invalid Confirmation</font>: Code will not be emailed. If this is a mistake please email youremail@domain.com with the email that is used for your paypal account and we will check if you did in fact pay and will manually send your activation code.";


}

?>

This is the error im getting:

 

Warning: preg_match() [function.preg-match]: Delimiter must not be alphanumeric or backslash in /home/a4428795/public_html/demos/orderconfirmation.php on line 15

[/code]

Link to comment
https://forums.phpfreaks.com/topic/175717-solved-checking-if-matching-variables/
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted 


<?php

$email = $_GET['email'];
$token = $_GET['token'];
$name = $_GET['name'];

mysql_connect("mysql2.000webhost.com", "username", "password") or die(mysql_error());
mysql_select_db("a4428795_payment") or die(mysql_error());

$result = mysql_query("SELECT token FROM data
WHERE email='$email'") or die(mysql_error()); 

$realtoken = $result;

if (preg_match("/^[0-9]$/", $realtoken)) {

echo "<font color='green'>Valid Confirmation</font>: You will recieve your serial number in your email in up to 5 minutes please be sure to check your junk inbox";


} else {

echo "<font color='red'>Invalid Confirmation</font>: Code will not be emailed. If this is a mistake please email youremail@domain.com with the email that is used for your paypal account and we will check if you did in fact pay and will manually send your activation code.";


}

?>

redarrow Advanced Member

redarrow

Posted
Posted

//OFF TOPIC.....

 

anyone else want no about tokens......

 

as you can see from the example below unless the token is valid the user get the info else dose not.

 

many php websites use this php strategy.....

 

it a easy clue for secuity (( the mind blowing session lol........

 

<?php session_start();
$token=session_id();
echo $token;
?>

 

 

 

Jnerocorp Regular Member

Jnerocorp

Posted
  • Author
Posted

well this is part of a payment proccess i just used the word token for no real reason i could have used the word php  or whatever but I need it to check if the token they have in their link to check if it matches the token with the table thats next to their email and if it matches it does an email script else it does a different script.

Alex Advanced Member

Alex

Posted
Posted

With that code i get this error

Warning: preg_match() expects parameter 2 to be string, resource given in /home/a4428795/public_html/demos/orderconfirmation.php on line 18

The reason you're getting that is because you're trying to use a MySQL resource in preg_match, which makes no sense.

 

You should have:

 

$result = mysql_query("SELECT token FROM data
WHERE email='$email'") or die(mysql_error()); 
$row = mysql_fetch_assoc($result);
$realtoken = $row['token'];

Alex Advanced Member

Alex

Posted
Posted

@AlexWD ok now the page always shows as valid no matter what token is there

 

$token needs to match $realtoken for it to be valid

I'm confused as to why you're using preg_match().. Why don't you just do:

 

if($realtoken == $token)
{
     //Valid
}
else
{
     //Invalid
}

MadTechie Regular Member

MadTechie

Posted
Posted

i don't see the need for a regex

why not use ==

$result = mysql_query("SELECT token FROM data WHERE email='$email'") or die(mysql_error()); 
$row = mysql_fetch_assoc($result);

if ($token == $row['token']) {

echo "<font color='green'>Valid Confirmation</font>: You will recieve your serial number in your email in up to 5 minutes please be sure to check your junk inbox";

 

EDIT: i got $token and $realtoken around the wrong way (fixed)

redarrow Advanced Member

redarrow

Posted
Posted

try to hide the important info in that link...

 

md5 some info and also md5 on the database and it will match try....

 

or use base64_encode() there also base64_decode()

 

there good for internal work, especially when it the user's info seen in a link about him self.....

 

look at your code and think is there anything that the user can do, to get me in trouble, or can they change things.

 

unfortunately using the url will cause a lard ass try something.

 

 

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.