justlukeyou Posted September 29, 2012 Share Posted September 29, 2012 With a great deal of thanks from the members of this forum I have been able to put together a registration system. (Yet to go through security processes) However I am struggling to get the email authorisation to work. Does anyone have any feedback or suggestions on how I can get the email code to work? <?php session_start(); $_SESSION['userLoggedIn'] = 0; $_SESSION['userEmail'] = ''; $_SESSION['userID'] = ''; // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true') { $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL); $loginPassword = trim($_POST['password']); if ($loginEmail === false) { $errors['loginEmail'] = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) { $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; } if(count($errors) === 0) { $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } if(mysql_num_rows($result) === 1) { $row = mysql_fetch_assoc($result); $_SESSION['userLoggedIn'] = 1; $_SESSION['userEmail'] = $loginEmail; $_SESSION['userID'] = $row['id']; header('Location: index.php'); exit; } else { $errors['login'] = 'No user was found with the details provided.'; } } } /* The rest of your login page code */ // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){ $loginEmail = trim($_POST['email']); $loginPassword = trim($_POST['password']); $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email) { $error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; if(!$errors){ $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1'; $result = mysql_query($query); if(mysql_num_rows($result) == 1){ $user = mysql_fetch_assoc($result); $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; mysql_query($query); header('Location: index.php'); exit; }else{ $errors['login'] = 'No user was found with the details provided.'; } } } // Register attempt if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){ $firstname = mysql_real_escape_string(trim($_POST['firstname'])); $surname = mysql_real_escape_string(trim($_POST['surname'])); $registerEmail = trim($_POST['email']); $registerPassword = trim($_POST['password']); $registerConfirmPassword = trim($_POST['confirmPassword']); if(!isset($firstname) || empty($firstname)) { $error = "Please enter your First Name."; } if(!isset($surname) || empty($surname)) { $error = "Please enter your Surname."; } if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12) $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; if($password != $confirmPassword && !$error) { $error = "The passwords you entered did not match."; } $emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL); if (!$emailAddress) { $error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } if($registerPassword != $registerConfirmPassword) $errors['registerConfirmPassword'] = 'Your passwords did not match.'; // Check to see if we have a user registered with this email address already if(!$errors){ $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW())"; $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error if($result){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } } } $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1"); if(mysql_num_rows($query) > 0 && !$error) { $error = "Sorry, that email is already in use!"; } if(!$error) { $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')"); if($query) { $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with site.com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com"; $headers = "From: ".$website['name']." <".$website['email'].">\r\n"; mail($_POST['email'], "Welcome", $message, $headers); setcookie("user", mysql_insert_id(), $time); setcookie("pass", mysql_real_escape_string(md5($password)), $time); header("Location: users.php"); } else { $error = "There was a problem with the registration. Please try again."; } } ?> <link rel="stylesheet" href="/stylesheet.css" type="text/css" /> <div class="topheader"> <?php if ($_SESSION['userLoggedIn']) { $row = mysql_fetch_array($query); echo '<div class="loggedin"> You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a> </div> '; } else { echo '<div class="headersignin"> <a href="/users/login.php" rel="nofollow" class="blacklink" > Sign in </a> </div> <div class="headerjoin"> <a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a> </div>'; } ?> <div class="headerlinkright"> <a href="/siteinfo/aboutus.php" rel="nofollow" class='bloglink' >About Us</a> </div> <div class="headerlinkright"> <a href="/blog/blog.php" rel="nofollow" class='bloglink' >Blog</a> </div> </div> </div> </div> </div> <h1>Login</h1> <form class="box400" name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if($errors['login']) print '<div class="invalid">' . $errors['login'] . '</div>'; ?> <label for="email">Email Address</label> <input type="text" name="email" value="<?php echo htmlspecialchars($loginEmail); ?>" /> <?php if($errors['loginEmail']) print '<div class="invalid">' . $errors['loginEmail'] . '</div>'; ?> <label for="password">Password <span class="info">6-12 chars</span></label> <input type="password" name="password" value="" /> <?php if($errors['loginPassword']) print '<div class="invalid">' . $errors['loginPassword'] . '</div>'; ?> <label for="loginSubmit"> </label> <input type="hidden" name="loginSubmit" id="loginSubmit" value="true" /> <div class="user-area"> <input type="submit" value="Login" class="submit-button" /> </div> </form> <h2>Register</h2> <form class="box400" name="registerForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if($success['register']) print '<div class="valid">' . $success['register'] . '</div>'; ?> <?php if($errors['register']) print '<div class="invalid">' . $errors['register'] . '</div>'; ?> <div class="registerinputarea"> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="email">Firstname</label> </div> <div class="registerinputright"> <input type="text" name="firstname" value="<?php echo htmlspecialchars($firstname); ?>" /> <?php if($errors['firstname']) print '<div class="invalid">' . $errors['firstname'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="email">Surname</label> </div> <div class="registerinputright"> <input type="text" name="surname" value="<?php echo htmlspecialchars($surname); ?>" /> <?php if($errors['surname']) print '<div class="invalid">' . $errors['surname'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="email">Email Address</label> </div> <div class="registerinputright"> <input type="text" name="email" value="<?php echo htmlspecialchars($registerEmail); ?>" /> <?php if($errors['registerEmail']) print '<div class="invalid">' . $errors['registerEmail'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="password">Password</label> </div> <div class="registerinputright"> <input type="password" name="password" value="" /> <?php if($errors['registerPassword']) print '<div class="invalid">' . $errors['registerPassword'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="confirmPassword">Confirm Password</label> </div> <div class="registerinputright"> <input type="password" name="confirmPassword" value="" /> <?php if($errors['registerConfirmPassword']) print '<div class="invalid">' . $errors['registerConfirmPassword'] . '</div>'; ?> </div> </div> </div> <div class="registerinputcelltop"> <label for="registerSubmit"> </label> <input type="hidden" name="registerSubmit" id="registerSubmit" value="true" /> <div class="user-area"> <input type="submit" value="Register" class="submit-button" /> </div> </form> </div> <div class="registerinputcelltop"> <a href="logout.php">Logout</a> <a href="index.php">Index</a> </div> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.