Have a Look if you don't mind and help me get to the bottom of this?

[Modernvox]

Hi Guyz

 

I have built a script which should allow a user to post an ad without email verification if they are logged in. If the user is not logged in they will need to verify by clicking the verification link sent to there email.

 

I have 2 main concerns with this:

 

1) I don't know if I am using Sessions Properly or not, I am wondering how to initiate this part

2) I notice once a user verifies by email and attempts to create a second Ad they receive a duplicate key error, so I am wondering what i can do to the SQL statement to take care of this problem as well?

 

As always thanks guyz. I will be adding a special shout out to phpfreaks once the site is up and running as this would have took me a couple years by myself, 

 

Here is my code:

<?php
session_start();
$_SESSION[‘username’] = “$username”;
include("classifiedsdb.inc");
if(isset($_POST['submit'])) 

$location= $_POST['location'];
$actual_location= $_POST['actual_location'];
$title= $_POST['title'];
$details= $_POST['details'];
$email= $_POST['email'];
$conn = mysql_connect($host,$user, $password);
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}

    //check if user is logged in
if ($_SESSION == $username) { 

    if ($title == "" || strlen($title >50))
       {
        echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Title must be bewteen 1 and 50 characters in length</font>";
        exit();
       }
              if ($details == ""  || strlen($details >350))
                  {
                  echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Ad must be between 1 and 350 characters</font>";
                  exit();
                  }

                  $query = "INSERT INTO musicians (location, actual_location,  title, details, '', '', '') 
                  VALUES ('$location', '$actual_location', '$title', '$details', '','', '')";

          if (!mysql_query($query))
             {
             die('Error: ' . mysql_error());
             }
             exit();

        } //end logged in user script


//if user is not logged in start email verification

else  if ($_POST['form_submitted'] == '1') { 
       $activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

              if ($title == "" || strlen($title >50))
                {
                 echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Max characters allowed= 50</font>";
                 exit();
                 }
                         if ($details == ""  || strlen($details >350))
                           {
                           echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Ad must be no less than 20 characters and no more than 350</font>";
                           exit();
                           }
                  $pattern = '/^[a-z0-9]{4,}+.?([a-z0-9]+)?@([a-z0-9]+\.)+[a-z]{3,4}$/i';
                  if (!preg_match($pattern, $email))
                    {
                     echo "<font face= \"tahoma\" color= \"red\" size= \"2\">sorry, email is not valid</font>";
                     exit();
                     }
        $pattern = '/^[a-z0-9]{4,}+.?([a-z0-9]+)?@([gmail]+\.)+[a-z]{3,4}$/i';//exclude Gmail here
        if (preg_match($pattern, $email))
          {
           echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Sorry, Gmail accounts not allowed</font>";
           exit();
          }

              $query = "INSERT INTO musicians (location, actual_location,  title, details, email, activationkey, status) 
              VALUES ('$location', '$actual_location', '$title', '$details', '$email','$activationKey', 'verify')";

if (!mysql_query($query))
{
die('Error: ' . mysql_error());
}

echo "An email has been sent to $email . Please click on the verification link to verify your AD";

//No value found, user must be activating their account!
//Send activation Email

$to      = $email;

$subject = " Activate your AD on IWJ!";

$message = "Verify your AD by clicking the following link:\rhttp://www.mysite.php?$activationKey\r\rRegards, mysite.com Team";

$headers = 'From: noreply@ mysite.com' . "\r\n" .

    'Reply-To: noreply@ mysite.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

} else {


$queryString = $_SERVER['QUERY_STRING'];

$query = "SELECT * FROM musicians";

$result = mysql_query($query) or die(mysql_error());

  while($row = mysql_fetch_array($result)){

    if ($queryString == $row["activationkey"]){
echo "Thank You! Your Ad has been verified and is now live! ";
$sql="UPDATE musicians SET activationkey = '', status='activated' WHERE (id = $row[id])";

       if (!mysql_query($sql))

  {

        die('Error: ' . mysql_error());

  }

}
}
}   

?>

[Wolphie]

Are you using a primary key for the records in the database?

[Modernvox]

Are you using a primary key for the records in the database?

 

Yes I am

[Modernvox]

Wondering if at least have sessions set up properly