justlukeyou Posted September 29, 2012 Share Posted September 29, 2012 With a great deal of thanks from the members of this forum I have been able to put together a registration system. (Yet to go through security processes) However I am struggling to get the email authorisation to work. Does anyone have any feedback or suggestions on how I can get the email code to work? <?php session_start(); $_SESSION['userLoggedIn'] = 0; $_SESSION['userEmail'] = ''; $_SESSION['userID'] = ''; // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true') { $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL); $loginPassword = trim($_POST['password']); if ($loginEmail === false) { $errors['loginEmail'] = 'Please enter your email address in a valid format. Example: [email protected]'; } if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) { $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; } if(count($errors) === 0) { $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } if(mysql_num_rows($result) === 1) { $row = mysql_fetch_assoc($result); $_SESSION['userLoggedIn'] = 1; $_SESSION['userEmail'] = $loginEmail; $_SESSION['userID'] = $row['id']; header('Location: index.php'); exit; } else { $errors['login'] = 'No user was found with the details provided.'; } } } /* The rest of your login page code */ // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){ $loginEmail = trim($_POST['email']); $loginPassword = trim($_POST['password']); $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email) { $error = 'Please enter your email address in a valid format. Example: [email protected]'; } if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; if(!$errors){ $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1'; $result = mysql_query($query); if(mysql_num_rows($result) == 1){ $user = mysql_fetch_assoc($result); $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; mysql_query($query); header('Location: index.php'); exit; }else{ $errors['login'] = 'No user was found with the details provided.'; } } } // Register attempt if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){ $firstname = mysql_real_escape_string(trim($_POST['firstname'])); $surname = mysql_real_escape_string(trim($_POST['surname'])); $registerEmail = trim($_POST['email']); $registerPassword = trim($_POST['password']); $registerConfirmPassword = trim($_POST['confirmPassword']); if(!isset($firstname) || empty($firstname)) { $error = "Please enter your First Name."; } if(!isset($surname) || empty($surname)) { $error = "Please enter your Surname."; } if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12) $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; if($password != $confirmPassword && !$error) { $error = "The passwords you entered did not match."; } $emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL); if (!$emailAddress) { $error = 'Please enter your email address in a valid format. Example: [email protected]'; } if($registerPassword != $registerConfirmPassword) $errors['registerConfirmPassword'] = 'Your passwords did not match.'; // Check to see if we have a user registered with this email address already if(!$errors){ $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW())"; $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error if($result){ $success['register'] = 'Thank you for registering. You can now log in on the left.'; }else{ $errors['register'] = 'There was a problem registering you. Please check your details and try again.'; } } } $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1"); if(mysql_num_rows($query) > 0 && !$error) { $error = "Sorry, that email is already in use!"; } if(!$error) { $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')"); if($query) { $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with site.com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com"; $headers = "From: ".$website['name']." <".$website['email'].">\r\n"; mail($_POST['email'], "Welcome", $message, $headers); setcookie("user", mysql_insert_id(), $time); setcookie("pass", mysql_real_escape_string(md5($password)), $time); header("Location: users.php"); } else { $error = "There was a problem with the registration. Please try again."; } } ?> <link rel="stylesheet" href="/stylesheet.css" type="text/css" /> <div class="topheader"> <?php if ($_SESSION['userLoggedIn']) { $row = mysql_fetch_array($query); echo '<div class="loggedin"> You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a> </div> '; } else { echo '<div class="headersignin"> <a href="/users/login.php" rel="nofollow" class="blacklink" > Sign in </a> </div> <div class="headerjoin"> <a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a> </div>'; } ?> <div class="headerlinkright"> <a href="/siteinfo/aboutus.php" rel="nofollow" class='bloglink' >About Us</a> </div> <div class="headerlinkright"> <a href="/blog/blog.php" rel="nofollow" class='bloglink' >Blog</a> </div> </div> </div> </div> </div> <h1>Login</h1> <form class="box400" name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if($errors['login']) print '<div class="invalid">' . $errors['login'] . '</div>'; ?> <label for="email">Email Address</label> <input type="text" name="email" value="<?php echo htmlspecialchars($loginEmail); ?>" /> <?php if($errors['loginEmail']) print '<div class="invalid">' . $errors['loginEmail'] . '</div>'; ?> <label for="password">Password <span class="info">6-12 chars</span></label> <input type="password" name="password" value="" /> <?php if($errors['loginPassword']) print '<div class="invalid">' . $errors['loginPassword'] . '</div>'; ?> <label for="loginSubmit"> </label> <input type="hidden" name="loginSubmit" id="loginSubmit" value="true" /> <div class="user-area"> <input type="submit" value="Login" class="submit-button" /> </div> </form> <h2>Register</h2> <form class="box400" name="registerForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if($success['register']) print '<div class="valid">' . $success['register'] . '</div>'; ?> <?php if($errors['register']) print '<div class="invalid">' . $errors['register'] . '</div>'; ?> <div class="registerinputarea"> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="email">Firstname</label> </div> <div class="registerinputright"> <input type="text" name="firstname" value="<?php echo htmlspecialchars($firstname); ?>" /> <?php if($errors['firstname']) print '<div class="invalid">' . $errors['firstname'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="email">Surname</label> </div> <div class="registerinputright"> <input type="text" name="surname" value="<?php echo htmlspecialchars($surname); ?>" /> <?php if($errors['surname']) print '<div class="invalid">' . $errors['surname'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="email">Email Address</label> </div> <div class="registerinputright"> <input type="text" name="email" value="<?php echo htmlspecialchars($registerEmail); ?>" /> <?php if($errors['registerEmail']) print '<div class="invalid">' . $errors['registerEmail'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="password">Password</label> </div> <div class="registerinputright"> <input type="password" name="password" value="" /> <?php if($errors['registerPassword']) print '<div class="invalid">' . $errors['registerPassword'] . '</div>'; ?> </div> <div class="registerinputcelltop"> <div class="registerinputleft"> <label for="confirmPassword">Confirm Password</label> </div> <div class="registerinputright"> <input type="password" name="confirmPassword" value="" /> <?php if($errors['registerConfirmPassword']) print '<div class="invalid">' . $errors['registerConfirmPassword'] . '</div>'; ?> </div> </div> </div> <div class="registerinputcelltop"> <label for="registerSubmit"> </label> <input type="hidden" name="registerSubmit" id="registerSubmit" value="true" /> <div class="user-area"> <input type="submit" value="Register" class="submit-button" /> </div> </form> </div> <div class="registerinputcelltop"> <a href="logout.php">Logout</a> <a href="index.php">Index</a> </div> Link to comment https://forums.phpfreaks.com/topic/268905-struggling-with-email-code/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.