Jump to content

Account Activation not working

dyr

By dyr
in PHP Coding Help

 Share

Recommended Posts

dyr Member

dyr

Posted
Posted

Hi!  Trying to have it send a link to a user's email upon registration, and set it so they can't login until they click the link from their email.  Here's the register script:

<?php
   
include('config.php');
include('dateindex.php');

if($loggedin == '1')
die("You can't register another account while you're logged in.");

if(isset($_POST['submit']))
{

$callname = mysql_real_escape_string($_POST['callname']);
$uname = mysql_real_escape_string($_POST['username']);  
$password = mysql_real_escape_string($_POST['password']);  
$email = mysql_real_escape_string($_POST['email']);  

if((!isset($_POST['username'])) || (!isset($_POST['callname'])) || (!isset($_POST['email'])) || (!isset($_POST['pass'])) || ($uname == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=register.php>Continue</a>");

$check = @mysql_query("SELECT id FROM users WHERE username = '$uname'");
$check = @mysql_num_rows($check);

if($check > 0)
die("Sorry, that username has already been taken. Please try again.
<br><br>
<a href=register.php>Continue</a>");

function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(validateEmailAddress($email) !=1) {
echo "That email address does not exist.<br /><br /><a href=register.php>Continue</a>";
exit();
}

$pass = md5($_POST['pass']);

$date = date("m/d/y");

$a =md5(uniqid(rand(), true));

$newPlayer = @mysql_query("INSERT INTO users (username, password, callname, email, registered, active) VALUES ('$uname', '$pass', '$callname', '$email', '$date', '$a')") or die("Error: ".mysql_error());

if (mysql_affected_rows() == 1) {
$body = "Thank you for registering.  To activate account click this link";

$body .= "http://localhost/testing/mbactivate.php?x=" . mysql_insert_id() . "$y=$a";

mail($_POST['email'], 'Registration Confirmed', $body, 'From:mirrorcat@airpost.net');


echo '<br />You have been registered! A confirmation email has been sent.';

exit();
}
}
else
{

echo '<form action=register.php method=post>
Callname: <input type=text name=callname><br>
Username: <input type=text name=username><br>
Email: <input type=text name=email><br>
Password: <input type=password name=pass><br>
<input type=submit name=submit value=Submit>
</form>';

}

?>

 

login/index:

<?php

include('config.php');

echo '<center><a href=index.php>Main</a> | <a href=myprofile.php>Profile</a> | <a href=inbox.php>Inbox</a> | <a href=page1.php>To-Do List</a> | <a href=logout.php>Logout</a></center>';

print date('g:i a - l, F jS');

echo '<br /><br />';

?>

<?php

if($loggedin == '0')
{
if(isset($_POST['submit']))
{

// Make sure all forms were filled out.

if((!isset($_POST['username'])) || 
(!isset($_POST['pass'])) 
|| ($_POST['username'] == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=index.php>Continue</a>");

// Get user's record from database
$player = @mysql_query("SELECT id, username, password, callname, email, registered, lastlogin FROM users WHERE username = '".$_POST['username']."'");
$player = @mysql_fetch_assoc($player);
mysql_real_escape_string($username);
mysql_real_escape_string($password);

if($player['id'] == false)
die("Sorry, that user is not in our database.<br><br>
<a href=index.php>Back</a>");
else if($player['password'] != md5($_POST['pass']))
die("Wrong password!<br><br>
<a href=index.php>Back</a>");

$_SESSION['id'] = $player['id'];
$_SESSION['username'] = $player['username'];
$_SESSION['password'] = $player['password'];
$_SESSION['callname'] = $player['callname'];
$_SESSION['email'] = $player['email'];

$date = date("m/d/y");

$update = @mysql_query("UPDATE users SET lastlogin = '$date' WHERE id = '".$_SESSION['id']."'");

echo 'You are now logged in!';

}
else
{
echo 'You are not logged in. <br><br>
<form action=index.php method=post>
Username: <input type=text name=username><br>
Password: <input type=password name=pass><br>
<input type=submit name=submit value=Submit>
</form>
Would you like to <a href=register.php>register?</a>';
}
}

else
{
echo 'You are logged in! 
Welcome, '.$_SESSION['callname'].'!';

}

?>

<br /><br />

<b>Activate Account</b><br />

<?php



// Validate $_GET['x'] and $_GET['y'].



if (isset($_GET['x'])) {



$x = (int) $_GET['x'];



} else {



$x = 0;



}



if (isset($_GET['y'])) {



$y = $_GET['y'];



} else {



$y = 0;



}



// If $x and $y aren't correct, redirect the user.



if ( ($x > 0) && (strlen($y) == 32)) {



$query = "UPDATE users SET active=NULL WHERE (id=$x AND active='" . $y . "') LIMIT 1";



$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());







// Print a customized message.



if (mysql_affected_rows() == 1) {



echo "<br><br><h3>Your account is now active. You may now log in.</h3>";



} else {



echo '<br><br><p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>';



}



// mysql_close();



} else { // Redirect.



// Start defining the URL.



$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);



// Check for a trailing slash.



if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {



$url = substr ($url, 0, -1); // Chop off the slash.

}



// Add the page.

$url .= '/index.php';



ob_end_clean(); // Delete the buffer.



exit(); 


} // End of main IF-ELSE.

?>

 

My problem is it isn't sending the code to the email specified, even though the random letters that should be sent to the email are stored in the database.  And when I test the url anyway, (x=1&y=activationcode) it returns it as false, that the code doesn't exist even though I can clearly see it in my database!  Can anyone spot any errors?

Link to comment
https://forums.phpfreaks.com/topic/259650-account-activation-not-working/
Share on other sites
floridaflatlander Regular Member

floridaflatlander

Posted
Posted

Is this 

id() . "$y=$a";

a typo above in your activation email?

 

 

My problem is it isn't sending the code to the email specified

 

Try an echo somewhere on your register page to see if your assigning the email address to the $email variable like you think you are.

dyr Member

dyr

Posted
  • Author
Posted

Thanks, guys!  Email still isn't being sent but I just tried it again so I'll wait 20 minutes or so before declaring it "doesn't work".  I've emptied all my junk mail folders and made sure it will receive the email.  Also, I've moved the 'activation' script from the login page to mbactivate.php where it belongs, sorry if I didn't make that clear earlier. 

 

Drummin, I updated it with your suggestion, the ID is being grabbed like it should.  dragon_sa and floridaflatlander, thanks, that was indeed a typo!  The activation code is being logged in the database but still won't let me activate the account.

Drummin Member

Drummin

Posted
Posted

So it seems SENDING the email is the problem, correct?  Maybe you need some header information to pacify your host sever.  Something like this.

 

 

$headers = "From: mirrorcat@airpost.net\r\n";
$headers .= "Reply-To: mirrorcat@airpost.net\r\n";
$headers .= "X-Sender: mirrorcat@airpost.net\r\n";
$headers .= "X-Priority: 3 \r\n";

mail($_POST['email'], 'Registration Confirmed', $body, $headers);

Drummin Member

Drummin

Posted
Posted

Instead of fight this, is the program going to be hosted online?  Then assuming you have your send mail scripts setup correctly, you should be fine.

If you are going to be hosting the site on your local machine, then make sure you set it up your SMTP sever to do this.  Just do a search for finding out more about this.

https://www.google.com/search?q=requirements+to+send+email+from+local

 

I would focus on making sure validation codes (URL) received will process as expected, validating user and their email account etc.

dyr Member

dyr

Posted
  • Author
Posted

I'm going to eventually host this online, yes! 

 

I agree Drummin, however the activation code that should've been sent to the email address upon registering (is stored correctly in database, I can see it) doesn't work when I type the url in to the address bar.  Whether the user got the email or not, hypothetically the url I type in to activate the account still should work, right?  Doesn't seem to do anything, and not sure where I went wrong in the code.  If said url was typed in, the activate account screen should... well... verify and activate the account.

Drummin Member

Drummin

Posted
Posted

Just based on what I've seen, this should work.

<?php
// Validate $_GET['x'] and $_GET['y'].
if (isset($_GET['x'])) {
$x = (int) $_GET['x'];
} else {
$x = 0;
}
if (isset($_GET['y'])) {
$y = $_GET['y'];
} else {
$y = 0;
}
// If $x and $y aren't correct, redirect the user.
if ( ($x > 0) && (strlen($y) == 32)) {
$query = "UPDATE users SET active=NULL WHERE id='$x' AND active='$y'"; 
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());	
// Print a customized message. 
if (mysql_affected_rows() == 1) { 
echo "<br><br><h3>Your account is now active. You may now log in.</h3>";
} else {
echo '<br><br><p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>';
}
}
?>

dyr Member

dyr

Posted
  • Author
Posted

Thanks, my current code was the code below the login form on the index.php page, which I then moved to it's separate page mbactivate.php.  I tried your updated code, which seems to make the same sense logically but smaller and more condensed.  Thanks for that, works like a charm! 

 

Now to make it so that if their account isn't activated, they can't login.  For this, I've made some editing to my login code.  Would this make sense?

$player = @mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'");
$player = @mysql_fetch_assoc($player);
mysql_real_escape_string($username);
mysql_real_escape_string($password);

if($player['active'] != null)
die("Your account is not activated.");

 

Now obviously that doesn't work, but is it possible to have a variable check to see if it's null in the mysql database or not like I tried above?  I've tried searching to see if it's possible and couldn't find any straight forward answers.

 

Drummin Member

Drummin

Posted
Posted

Please stop suppressing errors by using @.

 

I think what you would be looking for would be IS NULL because you make the active field NULL when validating their account.  So your log in processing might look like this.

<?php 
if (isset($_POST['login'])){ 
$username = mysql_real_escape_string($_POST['username']); 
$password = mysql_real_escape_string(md5($_POST['pass']));
$sql = "SELECT id FROM users WHERE password='$password' AND username= '$username' AND active IS NULL";
$result = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($result)){
$row = mysql_fetch_row($result);
//Do what you want with valid user.
session_start();
$_SESSION['user_id']=$row[0];
header("location: homepage.php");
exit;
}else{
$error="Your account is not activated.";
}
}//if (isset($_POST['login']))
?>
<html>
<body>
<?php if (isset($error)){ echo "$error";}?>
<!-- Add login form here -->
</body>
</html>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.