Irresistable Posted November 2, 2009 Share Posted November 2, 2009 I have header errors, session errors, managed to fix them up. Though now, it doesn't match the activation codes. The one in the database, is the same as the one as recieved in the email to activate. It might be because it's not recieving the code from the email.. though Im not sure. This is my code below. <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Developers Community - Currently Down</title> <style type="text/css"> <!-- #wrapper h1 { color: #F00; font-style: normal; } --> </style> <style> div#wrapper { margin-left: auto; margin-right: auto; width: 825px; text-align: center; font-weight: bold; font-family: "Comic Sans MS", cursive; color: #000; }.text { text-align: center; font-family: "Comic Sans MS", cursive; color: #F00; } .forever { font-style: italic; } </style> <div id="wrapper"> <h1 class="forever"><u>Developers Community</u></h1> <p>You will be redirected to the homepage within 10 seconds.<br /> If you do not get redirected please click <a href="http://www.developers-community.com" class="text">here<br /> <br /> </a> <?php include ('include/session.php'); include ('include/constants.php'); if (!isset($_GET['email']) && !isset($_GET['activ_code']) ) { $msg = "ERROR: Invalid code..."; exit(); } $rsCode = mysql_query("SELECT activ_code from emails where email='$_GET[email]'") or die(mysql_error()); list($acode) = mysql_fetch_array($rsCode); if ($_GET['activ_code'] == $acode) { mysql_query("update emails set activated=2 where email='$_GET[email]'") or die(mysql_error()); echo "<h3>Thank you </h3>Email confirmed and account activated. You are now subscribed to the Developers Community newsletter!"; } else { echo "ERROR: Incorrect activation code"; } ?> </p></div> Thanks if you can help Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/ Share on other sites More sharing options...
DavidAM Posted November 2, 2009 Share Posted November 2, 2009 It looks like you sent an email with the activation code. Was that a link that they clicked to get to this page, or is this page from a form where the user typed it? If it was a link, did you urlencode() the email and/or activation code in the <A> tag? If you did, you need to urldecode() them here, if you didn't, then you probably should. If it was a form, did you use GET (or POST) as the method? Also, a couple of notes: 1) your if(!isset) is using AND, so the exit there will only occur if BOTH are blank, I would use OR. 2) use mysql_real_escape() before sending any $_GET or $_POST data to the database otherwise you ar leaving yourself open to sql attacks. As it is if I provide an email of ' OR 'a'='a that query will return every row in your database. Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949365 Share on other sites More sharing options...
Irresistable Posted November 2, 2009 Author Share Posted November 2, 2009 This is the mail that users recieve. <? class Mailer { /** * sendWelcome - Sends a welcome message to the newly * registered user, also supplying the username and * password. */ function sendWelcome($email, $activ_code){ $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">"; $subject = "Developers-Community Newsletter Activation"; $body = "You have just applied for the DC newsletter to the email: ".$email."\n\n" ."To activate your subscription, please use the following link below \n" ."http://www.developers-community.com/Newsletter%20Beta/activate.php?email=$email&activationkey=$activ_code \n\n" ."If for some reason you recieved this email and you never applied for a newsletter, " ."then go to http://www.developers-community.com and contact us telling us to remove your email from our server \n" ."Any questions, don't hesitate to contact us.\n\n" ."Admin \n" ."Developers Community"; return mail($email,$subject,$body,$from); } }; /* Initialize mailer object */ $mailer = new Mailer; ?> And for example of how it comes out like when you click it, in the URL bar will show: http://www.developers-community.com/Newsletter%20Beta/[email protected]&activationkey=1494650 I think I understand what you said, but not sure.. what to do? I use a form, and the method is post. You can test it out for yourself on here.. www.developers-community.com It' a newsletter subscription. You'll recieve an activation email etc. For the OR part, would it look like if (!isset($_GET['email']) OR !isset($_GET['activ_code']) ) Or is that wrong.. For the mysql real escape, I use this.. $email = mysql_real_escape_string($email); $activ_code = mysql_real_escape_string($activ_code); Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949367 Share on other sites More sharing options...
Irresistable Posted November 2, 2009 Author Share Posted November 2, 2009 Does anyone know what I have to do? Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949406 Share on other sites More sharing options...
Irresistable Posted November 2, 2009 Author Share Posted November 2, 2009 I had a go trying to fix it, but I failed... still nobody knows? Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949591 Share on other sites More sharing options...
Jnerocorp Posted November 2, 2009 Share Posted November 2, 2009 for this line: if (!isset($_GET['email']) OR !isset($_GET['activ_code']) ) why dont you use this: if (isset($_GET['email'] && $_GET['activ_code'])) { //If it is set process the stuff here } else { echo "Email or Activation Code Not Set"; } so that way it checks both the email and activation code are set Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949602 Share on other sites More sharing options...
Irresistable Posted November 2, 2009 Author Share Posted November 2, 2009 Where would I put the else function. I dont see how that'd check it though, that'd check.. if the email is wrong, and the code is right? Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949611 Share on other sites More sharing options...
gizmola Posted November 2, 2009 Share Posted November 2, 2009 Well it looks kinda simple to me -- nothing that a few print_r()'s or echo statements for debugging wouldn't show you. For some reason you are looking for a get param named 'active_code'. However, your email creates a url, where the activation code in a param named: 'activationkey' ie. email=$email&activationkey=$activ_code So you compare this empty string and of course it does not match. Change if ($_GET['activ_code'] == $acode) ...... to if ($_GET['activationkey'] == $acode) And maybe you will have more luck. Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949618 Share on other sites More sharing options...
Jnerocorp Posted November 2, 2009 Share Posted November 2, 2009 try this: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Developers Community - Currently Down</title> <style type="text/css"> <!-- #wrapper h1 { color: #F00; font-style: normal; } --> </style> <style> div#wrapper { margin-left: auto; margin-right: auto; width: 825px; text-align: center; font-weight: bold; font-family: "Comic Sans MS", cursive; color: #000; }.text { text-align: center; font-family: "Comic Sans MS", cursive; color: #F00; } .forever { font-style: italic; } </style> <div id="wrapper"> <h1 class="forever"><u>Developers Community</u></h1> <p>You will be redirected to the homepage within 10 seconds.<br /> If you do not get redirected please click <a href="http://www.developers-community.com" class="text">here<br /> <br /> </a> <?php include ('include/session.php'); include ('include/constants.php'); if (isset($_GET['email'] && $_GET['activ_code'])) { $rsCode = mysql_query("SELECT activ_code from emails where email='$_GET[email]'") or die(mysql_error()); list($acode) = mysql_fetch_array($rsCode); if($_GET['activ_code'] == $acode) { mysql_query("update emails set activated=2 where email='$_GET[email]'") or die(mysql_error()); echo "<h3>Thank you </h3>Email confirmed and account activated. You are now subscribed to the Developers Community newsletter!"; } else { echo "ERROR: Incorrect activation code"; } } else { echo "ERROR: Activation Code or Email is not set"; ?> </p></div> Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949619 Share on other sites More sharing options...
Irresistable Posted November 2, 2009 Author Share Posted November 2, 2009 Oh my gosh, why didn't I know that! Thanks for your help. Sorry I was a bit impatient! I'll bookmark this for future reference. Quote Link to comment https://forums.phpfreaks.com/topic/179963-solved-incorrect-activation-code-needing-help/#findComment-949623 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.