Jump to content

Help with verification code


freakinerror

Recommended Posts

hello everyone, I am new to this forum and to PHP/MySQL, I love the process of learning new things except when the unexpected happens, I am writing a script for a login/registration form for my site and I would like to be able to check the users email against my DB list of registered members to keep from having duplicates.

 

I used a script written from another programmer and tweaked it to get it to verify before sending out a confirmation link but I am getting a few T_STRING errors and am having a hard time figuring out where it is coming from, the error says on line 21 which is in the

 

//Check to see if members email exists,

 

from the second line of code

 

$query =mysql_query(SELECT * FROM tbl1_name WHERE email='$email');

 

Any help would be greatly appreciated.

 

And just would like to say from what I have been reading here that the people here are great and very helpful, looking forward to learning from you all.

 

:rtfm:

<?php

include_once("config.php");

 

$sql='mysql_query';

 

// table name

$tbl1_name='registered_members';

$tbl2_name='temp_members_db';

 

// Random confirmation code

$confirm_code=md5(uniqid(rand()));

 

// values sent from form

$name =$_POST['name'];

$email =$_POST['email'];

$country=$_POST['country'];

 

//Check to see if members email exists

 

$mysql  =$_POST['email'];

$query =mysql_query(SELECT * FROM tbl1_name WHERE email='$email');

$result =mysql_num_rows($query);

 

if ($result > 0){

 

echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.************\">Click Here!</a>";

}

 

// Insert data into database

else  {

"INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";

}

 

// if suceesfully inserted data into database, send confirmation link to email

if($result){

 

// ---------------- SEND MAIL FORM ----------------

 

// send e-mail to ...

$to=$email;

 

// Your subject

$subject="Your confirmation link here";

 

// From

$header="from: Team Leader <administrator@*******.com>";

 

// Your message

$message="Your Comfirmation link \r\n";

$message.="Click on this link to activate your account \r\n";

$message.="http://www.*************.com/confirmation.php?passkey=$confirm_code";

 

// send email

$sentmail = mail($to,$subject,$message,$header);

 

}

 

// if not found

else {

echo "Did not find your email in our database";

}

 

// if your email successfully sent

if($sentmail){

echo "Your Confirmation link Has Been Sent To Your Email Address.";

}

else {

echo "Cannot send Confirmation link to your e-mail address";

}

 

?>

Link to comment
Share on other sites

you forgot to add quotes to your query:

<?php
include_once("config.php");

$sql='mysql_query';

// table name
$tbl1_name='registered_members';
$tbl2_name='temp_members_db';

// Random confirmation code
$confirm_code=md5(uniqid(rand()));

// values sent from form
$name   =$_POST['name'];
$email   =$_POST['email'];
$country=$_POST['country'];

//Check to see if members email exists

$mysql     =$_POST['email'];
$query      =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'");
$result    =mysql_num_rows($query);

if ($result > 0){

echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.************\">Click Here!</a>";
}

// Insert data into database
else  {
"INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";
}

// if suceesfully inserted data into database, send confirmation link to email
if($result){

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email;

// Your subject
$subject="Your confirmation link here";

// From
$header="from: Team Leader <administrator@*******.com>";

// Your message
$message="Your Comfirmation link \r\n";
$message.="Click on this link to activate your account \r\n";
$message.="http://www.*************.com/confirmation.php?passkey=$confirm_code";

// send email
$sentmail = mail($to,$subject,$message,$header);

}

// if not found
else {
echo "Did not find your email in our database";
}

// if your email successfully sent
if($sentmail){
echo "Your Confirmation link Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send Confirmation link to your e-mail address";
}

?>

Link to comment
Share on other sites

On this line...

 

$query = mysql_query(SELECT * FROM tbl1_name WHERE email='$email');

 

... the bit being passed to the function is a string, as such it need to be surrounded (delimited) by quotes, in this case because you are using a variable and single quotes in the string it needs to be double quotes.

 

$query = mysql_query("SELECT * FROM tbl1_name WHERE email='$email'");

 

Also this line...

 

"INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";

 

...on it's own doesn't mean anything. You are not storing the string in a variable, nor are you passing it to a database or infact doing anything with it. It's probably supposed to be...

 

mysql_query("INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')");

 

 

 

Link to comment
Share on other sites

Remember to use Code tags. [*PHP] [/*PHP] for PHP and [*code] [*/code].  :code_php_tags:

 

btw you can set the email table to Unique index.  This way the mysql wont accept duplicate emails.

 

Next this is wrong. I think you need Double quotes in this.

$query      =mysql_query(SELECT * FROM tbl1_name WHERE email='$email');

 

so:

$query      =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'");

 

 

Also there doesn't appear to be any email validation and just sticking the email right away into the database. Your going to get yourself hacked programming your applications like that. You validated it with a function.

This is one that works pretty well it allows emails like  john+doe@example.com &  john.doe@example.com .

Although not quite to RFC specs. Personally just for sake of simplicity I would allow emails like jonh\"doe@example.com  (Yes that is valid) is just very bad. Becase then you have to add extra abscraction to your script when dealing with the emails. :(

 

// Check if Valid email
function valid_email($input) {

     // This regex works pretty well.
	 if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) {

	          // Were here? Its bad. Set message..
	          return  false;

	 }

    // else return "good"
    return true;

}

 

 

Put that function into your script, and next do this,

// values sent from form
$name    =  myql_real_escape_string(strip_tags($_POST['name']));
$email     =  mysql_real_escape_string(strip_tags($_POST['email']));
$country =  mysql_real_escape_string(strip_tags($_POST['country']));

if(!valid_email($email)){

echo('That email is invalid');

}




Link to comment
Share on other sites

Ok I fixed what was said, but now  it is not finding the email address' in my DB, am testing with an email address I know is in the DB, I have set the email table to unique, so should I be looking for any response from mysql to inject into the code to see if it found an existing address, like I said I'm a newbie here in PHP, it is verifying valid emails coming from the form but not finding whats in my DB.

 

Thank you everyone for responding so quickly also, I appreciate it very much.

 

<?php
include_once("config.php");

$sql='mysql_query';

// table name
$tbl1_name='registered_members';
$tbl2_name='temp_members_db';

// Random confirmation code
$confirm_code=md5(uniqid(rand()));

$name	=$_POST['name'];
$email	=$_POST['email'];
$country=$_POST['country'];

// values sent from form
$name    =  mysql_real_escape_string(strip_tags($_POST['name']));
$email     =  mysql_real_escape_string(strip_tags($_POST['email']));
$country =  mysql_real_escape_string(strip_tags($_POST['country']));

if(!valid_email($email)){

echo('That email is invalid');

}


// Check if Valid email

function valid_email($input) {

     // This regex works pretty well.

if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) {

          // Were here? Its bad. Set message..

          return  false;

}

    // else return "good"

    return true;

}

//Check to see if members email exists

$mysql  	=$_POST['email'];
$query		=mysql_query("SELECT * FROM tbl1_name WHERE email='$email'");
$result 	=mysql_query($query);

if ($result > 0){

echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.*************.com\">Click Here!</a>";
}

// Insert data into database
else  {
$sql = "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";
}

// if suceesfully inserted data into database, send confirmation link to email
if($result){

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email;

// Your subject
$subject="Your confirmation link here";

// From
$header="from: Team Leader <administrator@************.com>";

// Your message
$message="Your Comfirmation link \r\n";
$message.="Click on this link to activate your account \r\n";
$message.="http://www.*************.com/confirmation.php?passkey=$confirm_code";

// send email
$sentmail = mail($to,$subject,$message,$header);

}

// if not found
else {
echo "Did not find your email in our database";
}

// if your email succesfully sent
if($sentmail){
echo "Your Confirmation link Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send Confirmation link to your e-mail address";
}

?>

Link to comment
Share on other sites

$query      =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'");
$result    =mysql_query($query);

 

...should be...

 

$query = mysql_query("SELECT * FROM tbl1_name WHERE email='$email'");
$result = mysql_num_rows($query);

Link to comment
Share on other sites

You get that if the mysql_query failed. Are you connected to an MySQL server and do you have a selected DB? I don't see either of those things being done. I suggest you check out a basic mysql tutorial. Any half decent tutorial will cover connecting, querying and some form of basic debugging.

Link to comment
Share on other sites

This is redundant.

 

/* Delete this
$name   =$_POST['name'];
$email   =$_POST['email'];
$country=$_POST['country'];
//--- End delete */


// values sent from form
$name    =  mysql_real_escape_string(strip_tags($_POST['name']));
$email     =  mysql_real_escape_string(strip_tags($_POST['email']));
$country =  mysql_real_escape_string(strip_tags($_POST['country']));

 

 

 

You get that if the mysql_query failed. Are you connected to an MySQL server and do you have a selected DB? I don't see either of those things being done. I suggest you check out a basic mysql tutorial. Any half decent tutorial will cover connecting, querying and some form of basic debugging.

 

I think that he/she must becuase else mysql_real_escape_string() would give an error if its done before the database connection.

Link to comment
Share on other sites

Cags, You are awesome, thanks for that last post I figured it out for that part, I named the table wrong, but now it is finding the duplicate email and telling to choose another, BUT it is still sending out a confirmation link, is there something wrong with my if else statement?

 

<?php
include("config.php");

$sql='mysql_query';

// table name
$tbl1_name='registered_members';
$tbl2_name='temp_members_db';

// Random confirmation code
$confirm_code=md5(uniqid(rand()));


// values sent from form
$name    =  mysql_real_escape_string(strip_tags($_POST['name']));
$email     =  mysql_real_escape_string(strip_tags($_POST['email']));
$country =  mysql_real_escape_string(strip_tags($_POST['country']));


// Check if Valid email

function valid_email($input) {
if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) {

          // Were here? Its bad. Set message..

          return  false;

}

    // else return "good"

    return true;

}

if(!valid_email($email)){

echo('That email is invalid');

}

//Check to see if members email exists

$mysql  	=$_POST['email'];
$query		=mysql_query("SELECT * FROM registered_members WHERE email='$email'")or trigger_error(mysql_error(), E_USER_ERROR);
$result 	=mysql_num_rows($query);

if ($result > 0){

echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.***************.com\">Click Here!</a>";
}

// Insert data into database
else  {
$sql = "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";
}

// if suceesfully inserted data into database, send confirmation link to email
if($result){

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email;

// Your subject
$subject="Your confirmation link here";

// From
$header="from: Team Leader <administrator@****************.com>";

// Your message
$message="Your Comfirmation link \r\n";
$message.="Click on this link to activate your account \r\n";
$message.="http://www.*****************.com/confirmation.php?passkey=$confirm_code";

// send email
$sentmail = mail($to,$subject,$message,$header);

}

// if not found
else {
echo "Did not find your email in our database";
}

// if your email succesfully sent
if($sentmail){
echo "Your Confirmation link Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send Confirmation link to your e-mail address";
}

?>

Link to comment
Share on other sites

Your code doesn't make a great deal of sense. Look at it from a work flow/ logical perspective.

 

- Check database for entered e-mail

- If found in database tell user already found

- else add it to the database*

- if was found in database already, send

- else display did not find

 

* you don't actually add it to the database as you never pass the query to the database using mysql_query.

Link to comment
Share on other sites

Well at the top you see there are 2 tables, The first is a membership DB, the second is a temporary DB that stores until they click on the confirmation email that is sent to them, if it is clicked then the temp is deleted and sent to the membership DB, that way I can keep track of people who havejoined and those that signed up but never confirmed, so I tried to write it to look for emails already in the member DB while storing it in the temp DB before I submit it to the permanent DB.

Link to comment
Share on other sites

Ok, heres what I want this to do, A person wants to join my site, they put there info into the form which is comprised of Name, email, password, country, I want the script to first verify the email is good, then I want to compare the email from the form with emails already registered, if there is no match then send out a confirmation code with a link to verify the email account.

 

My mysql setup is 2 DB's, a temp to store the account info while the confirmation link is waiting to be clicked, once the user clicks and verifies their account, the temp DB will be dumped and it will be written to a permanent DB, now the script I have trouble with is this one, I have most of it working, it is verifying emails, and it is finding present accounts and redirecting them to a link to go back to the login?register page, but it is not putting the new info into the temp db, please if anyone can help it would be greatly appreciated.

<?php
include("config.php");

$sql="mysql_query";

// table name
$tbl1_name='registered_members';
$tbl2_name='temp_members_db';

// Random confirmation code
$confirm_code=md5(uniqid(rand()));


// values sent from form
$name=mysql_real_escape_string(strip_tags($_POST['name']));
$email=mysql_real_escape_string(strip_tags($_POST['email']));
$country=mysql_real_escape_string(strip_tags($_POST['country']));


// Check if Valid email

function valid_email($input) {
if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) {

// Were here? Its bad. Set message..

return  false;

}

// else return "good"

return true;

}

if(!valid_email($email)){

echo('That email is invalid');

}


//Check to see if members email exists

$mysql  	=$_POST['email'];
$query		=mysql_query("SELECT * FROM registered_members WHERE email='$email'")or trigger_error(mysql_error(), E_USER_ERROR);
$result 	=mysql_num_rows($query);

// Insert data into database

if ($result > 0)  {

$sql = "INSERT INTO temp_members_db(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";

}

else {

echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.themaverickmoneyway.com\">Click Here</a>";

}

// if suceesfully inserted data into database, send confirmation link to email
if($result){

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email;

// Your subject
$subject="Your confirmation link here";

// From
$header="from: Team Leader <administrator@yourteamsavings.com>";

// Your message
$message="Your Comfirmation link \r\n";
$message.="Click on this link to activate your account \r\n";
$message.="http://www.themaverickmoneyway.com/confirmation.php?passkey=$confirm_code";

// send email
$sentmail = mail($to,$subject,$message,$header);

}

// if not found
else {
echo "Did not find your email in our database";
}

// if your email succesfully sent
if($sentmail){
echo "Your Confirmation link Has Been Sent To Your Email Address";
}
else {
echo "Cannot send Confirmation link to your e-mail address";
}

?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.