php email confirmation for activation

[willscarlet]

Hello everyone, I am new here so if this is being done wrong, please correct me. I am working on a script to let users register to my site, it will send them an email with a link to confirm. The email is being sent, but the link come up throwing one of the pre made errors I had made $errors[] = 'We had problems activating your account'; the code for this page is: Any tips or advice would be greatly appreciated.

 

<?php 
ob_start();
include 'core/init.php';
logged_in_redirect();
include 'includes/overall/overallheader.php'; 

if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
?>
<h2>Thanks, we have activated your account...</h2><br>
<p>You are free to log in</p>
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email		= trim($_GET['email']);
$email_code = trim($_GET['email_code']);

if (email_exists($email) === false) {
	$errors[] = 'Oops, something went wrong, and we could not find that email address.';
} else if (activate($email, $email_code) === false) {
	$errors[] = 'We had problems activating your account';
}

if (empty($errors) === false) {
?>
	<h2>Oops...</h2>
<?php
	echo output_errors($errors);
} else {
header ('Location: activate.php?success');
}

} else {
header('Location: index.php');
exit();
}

include 'includes/overall/overallfooter.php';

?>

 

the activate function i wrote to call to do this job is:

 

function activate($email, $email_code) {
$email 		= mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);

if (mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '$email' AND email_code = '$email_code' AND active = 0"), 0) == 1) {
	mysql_query("UPDATE users SET active = 1 WHERE email = '$email'");
	return true;
} else {
	return false;

}

}

[Stooney]

Try changing this:

if (mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '$email' AND email_code = '$email_code' AND active = 0"), 0) == 1) {

 

to this:

if (mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '$email' AND email_code = '$email_code' AND active = '0'"), 0) == 1) {

[Pikachu2000]

It's beyond me why people insist on nesting all of those functions together. As you're now learning, it makes it that much harder to debug when you have a problem. You need to be able to echo the query string so you can check that it contains the values you'd expect it to contain.

 

And simply adding quotes around a number isn't going to fix the problem either.

[willscarlet]

Sorry, as for nesting functions, I was simply following a youtube tutorial from Alex at the php academy. however, there were a few flaws in his programming and they never got around to being fixed and updated on youtube. If you guys know a better tutorial set for a user registration/login system than his I would be more than happy to go through and learn it. and I thank you guys for taking teh time to look at my problem though.

[White_Lily]

Try replacing "===" with "==" i think you may have to many equal signs when your checking to see if one is equal to another.

[Christian F.]

White_Lily: Nah, that won't help. The three equal signs actually check type as well as value, ensuring that the automatic type casting doesn't create any false positives.

Granted, for the two functions where this is used it doesn't matter at all, since they only return boolean values anyway. Meaning this would do just as well:

if (isset($_GET['success']) && empty($_GET['success'])) {

 

Now, I'm not sure about this, but I suspect there's a ! missing in front of empty (). Makes little sense to make sure it's set, and that it's an empty string (only), before showing the success message.