Jump to content

Invitation Codes In Php Registration


xkrazykidx

Recommended Posts

The invitation code part seems to get bypassed. If I fill out the form correctly with any invitation code it will still sign up the user. As in the code I want $msg to echo out 'The Invitation code is invalid' when the user inserts in a code that's not in my database. Later down the code if the user does end up inserting in a correct code I have the database update the table used from 0 to 1 to know that that current code has been used. Not sure if my if statement is wrong or something else is goofing up.

//Clean Mandatory Fields

$firstname = mysql_escape_string($first_name_d);

$lastname = mysql_escape_string($last_name_d);

$email = mysql_escape_string($email_d);

$password = mysql_escape_string($password_d);

$password_check = mysql_escape_string($confirm_password_d);

$invite_code = mysql_escape_string($invite_code_d);

$join_date = date("F j, Y");

 

//Check For Duplicates

$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error());

$dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'");

if(mysql_num_rows($dup) >0)

{$msg = 'You already have an account! Try logging in.';}

elseif($password != $password_check)

{$msg = 'Passwords do not match!';}

 

elseif(mysql_num_rows($code) < 0)

{$msg = '<div class="statusmsg">The invitation code is invalid.</div>';}

 

else {

if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){

 

// Return Error - Invalid Email

$msg = 'The email you have entered is invalid, please try again.';}

 

else {

// Return Success - Valid Email

$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';

 

$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.

 

mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES(

'". mysql_escape_string($firstname) ."',

'". mysql_escape_string($lastname) ."',

'". mysql_escape_string(md5($password)) ."',

'". mysql_escape_string($email) ."',

'". mysql_escape_string($zip) ."',

'". mysql_escape_string($sex) ."',

'". mysql_escape_string($birth_month) ."',

'". mysql_escape_string($birth_day) ."',

'". mysql_escape_string($birth_year) ."',

'". mysql_escape_string($join_date) ."',

'". mysql_escape_string($hash) ."') ") or die(mysql_error());

mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());

 

$to = $email; //Send email to our user

$subject = 'Signup | Verification'; //// Give the email a subject

$message = '

Thanks for signing up!

Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

 

------------------------

Name: '.$firstname.'

Password: '.$password.'

------------------------

 

Please click this link to activate your account:

http://%site%/verify.php?email='.$email.'&hash='.$hash.'

 

'; // Our message above including the link

 

//$headers = 'From:%email%' . "\r\n". // Set from headers

//'errors-to: webmaster@example.com' . "\r\n" .

//'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers, '-f %email%'); // Send the email

 

}

}

}

}

Link to comment
Share on other sites

You are not checking if $msg exists or echoing it anywhere to stop the registration...

 

 

I actually am, I am just not showing all the code as it works, the only issue I am having is that the validation for invite code is failing

 

Full code below:

 

 

<?php
get_header();
?>

<div id="wrapper">
<?php
// If the form is submitted //
if (isset($_POST['submit'])) {

//First Name Validation
$first_name_d = $_POST['first_name'];
if(empty($first_name_d))
{$msg = 'We\'re sorry but the First Name is missing';}

//Last Name Validation
$last_name_d = $_POST['last_name'];
if(empty($last_name_d))
{$msg = 'We\'re sorry but the Last Name is missing';}

//Email Validation
$email_d = $_POST['email'];
if(empty($email_d))
{$msg = 'We\'re sorry but the Email field is missing';}

//Sex Validation
$sex_d = $_POST['sex'];
if(empty($sex_d))
{$msg = 'We\'re sorry but the Sex field is missing';}

//Password Validation
$password_d = $_POST['password'];
if(empty($password_d))
{$msg = 'Please insert a password';}

//Password Check Validation
$confirm_password_d = $_POST['password_check'];
if(empty($confirm_password_d))
{$msg = 'Please confirm your password';}

//Password Check Validation
$invite_code_d = $_POST['invite_code'];
if(empty($invite_code_d))
{$msg = 'Please insert Invite Code';}

//All Empty Validation
if(empty($first_name_d) AND
empty($last_name_d) AND
empty($email_d) AND
empty($sex_d) AND
empty($password_d) AND
empty($confirm_password_d) AND
empty($invite_code_d))
{$msg = 'It seems like all the fields are empty';}

//Check if mandatory fields are set
if(isset($first_name_d) && !empty($first_name_d) AND
isset($last_name_d) && !empty($last_name_d) AND
isset($email_d) && !empty($email_d) AND
isset($password_d) && !empty($password_d) AND
isset($confirm_password_d) && !empty($confirm_password_d) AND
isset($invite_code_d) && !empty($invite_code_d))
{

//BIRTHDATE not required
if(empty($_POST['birth_month']))
{$birth_month = '';}
else
{$birth_month = mysql_escape_string($_POST['birth_month']);}
if(empty($_POST['birth_day']))
{$birth_day = '';}
else
{$birth_day = mysql_escape_string($_POST['birth_day']);}

if(empty($_POST['birth_year']))
{$birth_year = '';}
else
{$birth_year = mysql_escape_string($_POST['birth_year']);}

//ZIP not required
if(empty($_POST['zip']))
{$zip = '';}
else
{$zip = mysql_escape_string($_POST['zip']);}

//Clean Mandatory Fields
$firstname = mysql_escape_string($first_name_d);
$lastname = mysql_escape_string($last_name_d);
$email = mysql_escape_string($email_d);
$password = mysql_escape_string($password_d);
$password_check = mysql_escape_string($confirm_password_d);
$invite_code = mysql_escape_string($invite_code_d);
$join_date = date("F j, Y");




//Check For Duplicates
$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error());
$dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'") or die(mysql_error());
if(mysql_num_rows($dup) >0)
{$msg = 'You already have an account! Try logging in.';}
elseif($password != $password_check)
{$msg = 'Passwords do not match!';}

elseif(mysql_num_rows($code) < 0)
{$msg = '<div class="statusmsg">The invitation code is invalid.</div>';}

else {
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){

// Return Error - Invalid Email
$msg = 'The email you have entered is invalid, please try again.';}

else {
// Return Success - Valid Email
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';

$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.

mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES(
'". mysql_escape_string($firstname) ."',
'". mysql_escape_string($lastname) ."',
'". mysql_escape_string(md5($password)) ."',
'". mysql_escape_string($email) ."',
'". mysql_escape_string($zip) ."',
'". mysql_escape_string($sex) ."',
'". mysql_escape_string($birth_month) ."',
'". mysql_escape_string($birth_day) ."',
'". mysql_escape_string($birth_year) ."',
'". mysql_escape_string($join_date) ."',
'". mysql_escape_string($hash) ."') ") or die(mysql_error());
mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());

$to = $email; //Send email to our user
$subject = 'Signup | Verification'; //// Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

------------------------
Name: '.$firstname.'
Password: '.$password.'
------------------------

Please click this link to activate your account:
%website%/verify.php?email='.$email.'&hash='.$hash.'

'; // Our message above including the link

//$headers = 'From:%email%' . "\r\n". // Set from headers
//'errors-to: webmaster@example.com' . "\r\n" .
//'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-f %email%'); // Send the email

}
}
}
}
?>
<?php
if(isset($msg)){ // Check if $msg is not empty
echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg
} ?>

<form action="" method="post">
<label for="first_name"><em>*</em>First Name:</label>
<input type="text" name="first_name" value="" />
<br>
<label for="last_name"><em>*</em>Last Name:</label>
<input type="text" name="last_name" value="" />
<br>
<label for="email"><em>*</em>Email:</label>
<input type="text" name="email" value="" />
<br>
<label for="signup-birthdate">Birthdate</label>
<select name="birth_month">
<option value="">---</option>
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="birth_day">
<?php
{echo "<option value=''>---</option>";}
for ($i=1; $i<=31; $i++)
{echo "<option value='$i'>$i</option>";}
?>
</select>
<select name="birth_year">
<?php
{echo "<option value=''>---</option>";}
for ($i=2006; $i>=1900; $i=$i-1)
{echo "<option value='$i'>$i</option>";}
?>
</select>
<br>
<label for="zip">Zip:</label>
<input type="text" name="zip" value="" />
<br>
<label for="sex">Sex:</label>
<select name="sex">
<option value="male">Male</option>
<option value="female">Female</option>
</select>
<br>
<label for="password"><em>*</em>Password:</label>
<input type="password" name="password" value="" />
<br>
<label for="password_check"><em>*</em>Password:</label>
<input type="password" name="password_check" value="" />
<br>
<br>
<label for="invite_code"><em>*</em>Invitation Code:</label>
<input type="text" name="invite_code" value="" />
<input type="submit" name="submit" class="submit_button" value="Sign up" />
</form>

</div> <!--/wrapper -->
</div> <!-- /PAGE -->

Link to comment
Share on other sites

<?php

// a lot of $msg checking stuff

// query to insert
mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES(
'". mysql_escape_string($firstname) ."',
'". mysql_escape_string($lastname) ."',
'". mysql_escape_string(md5($password)) ."',
'". mysql_escape_string($email) ."',
'". mysql_escape_string($zip) ."',
'". mysql_escape_string($sex) ."',
'". mysql_escape_string($birth_month) ."',
'". mysql_escape_string($birth_day) ."',
'". mysql_escape_string($birth_year) ."',
'". mysql_escape_string($join_date) ."',
'". mysql_escape_string($hash) ."') ") or die(mysql_error());

// query to update table
mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());

$to = $email; //Send email to our user
$subject = 'Signup | Verification'; //// Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

------------------------
Name: '.$firstname.'
Password: '.$password.'
------------------------

Please click this link to activate your account:
%website%/verify.php?email='.$email.'&hash='.$hash.'

'; // Our message above including the link

//$headers = 'From:%email%' . "\r\n". // Set from headers
//'errors-to: webmaster@example.com' . "\r\n" .
//'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-f %email%'); // Send the email

}
}
}
}
?>
<?php
// At the bottom of the page after all the querying is already done display the error.

if(isset($msg)){ // Check if $msg is not empty
echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg
} ?>

 

Look at the placement of your $msg and your queries. Does the logic make sense knowing that php goes line by line and you are doing nothing to stop it from querying? If you can not see what I'm talking about I added a few comments.

Edited by SocialCloud
Link to comment
Share on other sites

<?php

// a lot of $msg checking stuff

// query to insert
mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES(
'". mysql_escape_string($firstname) ."',
'". mysql_escape_string($lastname) ."',
'". mysql_escape_string(md5($password)) ."',
'". mysql_escape_string($email) ."',
'". mysql_escape_string($zip) ."',
'". mysql_escape_string($sex) ."',
'". mysql_escape_string($birth_month) ."',
'". mysql_escape_string($birth_day) ."',
'". mysql_escape_string($birth_year) ."',
'". mysql_escape_string($join_date) ."',
'". mysql_escape_string($hash) ."') ") or die(mysql_error());

// query to update table
mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());

$to = $email; //Send email to our user
$subject = 'Signup | Verification'; //// Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

------------------------
Name: '.$firstname.'
Password: '.$password.'
------------------------

Please click this link to activate your account:
%website%/verify.php?email='.$email.'&hash='.$hash.'

'; // Our message above including the link

//$headers = 'From:%email%' . "\r\n". // Set from headers
//'errors-to: webmaster@example.com' . "\r\n" .
//'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-f %email%'); // Send the email

}
}
}
}
?>
<?php
// At the bottom of the page after all the querying is already done display the error.

if(isset($msg)){ // Check if $msg is not empty
echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg
} ?>

 

Look at the placement of your $msg and your queries. Does the logic make sense knowing that php goes line by line and you are doing nothing to stop it from querying? If you can not see what I'm talking about I added a few comments.

 

I tried having all my code after the form but all that happens is the page refreshes. Also the code actually worked properly before I added

 

 

$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error());

 

 

elseif(mysql_num_rows($code) < 0)

{$msg = '<div class="statusmsg">The invitation code is invalid.</div>';}

 

those lines. So I doubt its the actual order thats messing the process up. The querying would stop if the user failed any other validation. But when I tried to add the invite code section, it just ignores that one.

Link to comment
Share on other sites

Even if I change it to this

 

 

$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error()); 
if(mysql_num_rows($code) > 0)
{
mysql_query("UPDATE  %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());
}
else
{$msg = '<div class="statusmsg">The invitation code is invalid.</div>';}

 

The code is still bypassed and the user is registered. All other validation works.

Link to comment
Share on other sites

<?php
get_header();
?>

<div id="wrapper">
<?php
// If the form is submitted //
if (isset($_POST['submit'])) {

// List of variables
$first_name_d = $_POST['first_name'];
$last_name_d = $_POST['last_name'];
$email_d = $_POST['email'];
$sex_d = $_POST['sex'];
$password_d = $_POST['password'];
$confirm_password_d = $_POST['password_check'];
$invite_code_d = $_POST['invite_code'];

// If any were left blank
if( empty($first_name_d) || empty($last_name_d) || empty($email_d) || empty($sex_d) || empty($password_d) || empty($confirm_password_d) || empty($invite_code_d) ) {

$msg = "One or more fields were left blank.";

}

//BIRTHDATE not required
if(!empty($_POST['birth_month']) {
$birth_month = mysql_escape_string($_POST['birth_month']);
}

if(!empty($_POST['birth_day'])) {
$birth_day = mysql_escape_string($_POST['birth_day']);
}

if(!empty($_POST['birth_year'])) {
$birth_year = mysql_escape_string($_POST['birth_year']);
}

//ZIP not required
if(!empty($_POST['zip'])) {
$zip = mysql_escape_string($_POST['zip']);
}

//Clean Mandatory Fields
$firstname = mysql_escape_string($first_name_d);
$lastname = mysql_escape_string($last_name_d);
$email = mysql_escape_string($email_d);
$password = mysql_escape_string($password_d);
$password_check = mysql_escape_string($confirm_password_d);
$invite_code = mysql_escape_string($invite_code_d);
$join_date = date("F j, Y");


//Check For Duplicates
$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error());
$dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'") or die(mysql_error());

if(mysql_num_rows($dup) > "0") {
$msg = 'You already have an account! Try logging in.';
}

elseif($password != $password_check) {
$msg = 'Passwords do not match!';
}

elseif(mysql_num_rows($code) < 0) {
$msg = '<div class="statusmsg">The invitation code is invalid.</div>';
}

else {
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){

// Return Error - Invalid Email
$msg = 'The email you have entered is invalid, please try again.';}

else {
// Return Success - Valid Email
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';

$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.

if(empty($msg) {
mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES(
'". mysql_escape_string($firstname) ."',
'". mysql_escape_string($lastname) ."',
'". mysql_escape_string(md5($password)) ."',
'". mysql_escape_string($email) ."',
'". mysql_escape_string($zip) ."',
'". mysql_escape_string($sex) ."',
'". mysql_escape_string($birth_month) ."',
'". mysql_escape_string($birth_day) ."',
'". mysql_escape_string($birth_year) ."',
'". mysql_escape_string($join_date) ."',
'". mysql_escape_string($hash) ."') ") or die(mysql_error());
mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());

$to = $email; //Send email to our user
$subject = 'Signup | Verification'; //// Give the email a subject
$message = "
Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

------------------------
Name: '.$firstname.'
Password: '.$password.'
------------------------

Please click this link to activate your account:
%website%/verify.php?email='.$email.'&hash='.$hash.'

"; // Our message above including the link

//$headers = 'From:%email%' . "\r\n". // Set from headers
//'errors-to: webmaster@example.com' . "\r\n" .
//'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-f %email%'); // Send the email

}
}
}
}
?>
<?php
if(isset($msg)){ // Check if $msg is not empty
echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg
} ?>

<form action="" method="post">
<label for="first_name"><em>*</em>First Name:</label>
<input type="text" name="first_name" value="" />
<br>
<label for="last_name"><em>*</em>Last Name:</label>
<input type="text" name="last_name" value="" />
<br>
<label for="email"><em>*</em>Email:</label>
<input type="text" name="email" value="" />
<br>
<label for="signup-birthdate">Birthdate</label>
<select name="birth_month">
<option value="">---</option>
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="birth_day">
<?php
{echo "<option value=''>---</option>";}
for ($i=1; $i<=31; $i++)
{echo "<option value='$i'>$i</option>";}
?>
</select>
<select name="birth_year">
<?php
{echo "<option value=''>---</option>";}
for ($i=2006; $i>=1900; $i=$i-1)
{echo "<option value='$i'>$i</option>";}
?>
</select>
<br>
<label for="zip">Zip:</label>
<input type="text" name="zip" value="" />
<br>
<label for="sex">Sex:</label>
<select name="sex">
<option value="male">Male</option>
<option value="female">Female</option>
</select>
<br>
<label for="password"><em>*</em>Password:</label>
<input type="password" name="password" value="" />
<br>
<label for="password_check"><em>*</em>Password:</label>
<input type="password" name="password_check" value="" />
<br>
<br>
<label for="invite_code"><em>*</em>Invitation Code:</label>
<input type="text" name="invite_code" value="" />
<input type="submit" name="submit" class="submit_button" value="Sign up" />
</form>

</div> <!--/wrapper -->
</div> <!-- /PAGE -->

 

Several lines cleaned up. Still very basic (not tested). See if it works (keep a backup in case :psychic: ).

Edited by SocialCloud
Link to comment
Share on other sites

I would love it if a moderator/admin could please delete my previous post so I'm not spamming ::) Stupid edit timeout. Wouldn't let me edit my previous post. Anyways, I found some errors in your code that I missed in my last post and fixed them, as well as double escaping issues you were using. Note that this is not tested and still basic and was created to clean up your code. Use at your own risk (keep a backup)

 

Edit: For whatever reason, I can not remove the background size font, etc. tags inside the code before the }. Remove them before using.

 

<?php
get_header();
?>

<div id="wrapper">
<?php
// If the form is submitted //
if (isset($_POST['submit'])) {

// If any were left blank
if( empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email']) || empty($_POST['sex']) || empty($_POST['password']) || empty($_POST['password_check']) || empty($_POST['invite_code']) ) {

$msg = "One or more fields were left blank.";

} else {

//Clean Mandatory Fields
$firstname = mysql_real_escape_string($_POST['first_name']);
$lastname = mysql_real_escape_string($_POST['last_name']);
$email = mysql_real_escape_string($_POST['email']);
$sex = mysql_real_escape_string($_POST['sex']);
$password = mysql_real_escape_string($_POST['password']);
$password_check = mysql_real_escape_string($_POST['password_check']);
$invite_code = mysql_real_escape_string($_POST['invite_code']);
$join_date = date("F j, Y");

}

//BIRTHDATE not required
if(!empty($_POST['birth_month']) {
$birth_month = mysql_real_escape_string($_POST['birth_month']);
} else {
$birth_month = "";
}

if(!empty($_POST['birth_day'])) {
$birth_day = mysql_real_escape_string($_POST['birth_day']);
} else {
$birth_day = "";
}

if(!empty($_POST['birth_year'])) {
$birth_year = mysql_real_escape_string($_POST['birth_year']);
} else {
$birth_year = "";
}

//ZIP not required
if(!empty($_POST['zip'])) {
$zip = mysql_real_escape_string($_POST['zip']);
} else {
$zip = "";
}

//Check For Duplicates
if(empty($msg) {
$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error());
$dup = mysql_query("SELECT email FROM %table% WHERE email='".$email."'") or die(mysql_error());[/background][/size][/font][/color][/background][/size][/font][/color]

if(mysql_num_rows($dup) > "0") {
$msg = 'You already have an account! Try logging in.';
}

elseif($password != $password_check) {
$msg = 'Passwords do not match!';
}

elseif(mysql_num_rows($code) < 0) {
$msg = '<div class="statusmsg">The invitation code is invalid.</div>';
}

else {
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){

// Return Error - Invalid Email
$msg = 'The email you have entered is invalid, please try again.';}

else {
// Return Success - Valid Email
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.';

$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.

if(empty($msg) {
mysql_query("INSERT INTO %table% (first_name, last_name, password, email, zip, sex, birth_month, birth_day, birth_year, join_date, hash) VALUES(
'$firstname')',
'$lastname',
'md5($password)',
'$email',
'$zip',
'$sex',
'$birth_month',
'$birth_day',
'$birth_year',
'$join_date',
'$hash') ") or die(mysql_error());
mysql_query("UPDATE %table% SET used='1' WHERE invite_codes='".$invite_code."'") or die(mysql_error());

$to = $email; //Send email to our user
$subject = 'Signup | Verification'; //// Give the email a subject
$message = "
Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

------------------------
Name: '.$firstname.'
Password: '.$password.'
------------------------

Please click this link to activate your account:
%website%/verify.php?email='.$email.'&hash='.$hash.'

"; // Our message above including the link

//$headers = 'From:%email%' . "\r\n". // Set from headers
//'errors-to: webmaster@example.com' . "\r\n" .
//'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-f %email%'); // Send the email

}
}
}
}[/background][/size][/font][/color][/background][/size][/font][/color]
[color=#222222][font=Helvetica Neue', Arial, Verdana, sans-serif][size=4][background=rgb(255, 255, 255)][color=#222222][font=Helvetica Neue][size=4][background=rgb(255, 255, 255)]}
?>
<?php
if(isset($msg)){ // Check if $msg is not empty
echo '<div class="statusmsg">'.$msg.'</div>'; // Display our message and add a div around it with the class statusmsg
} ?>

<form action="" method="post">
<label for="first_name"><em>*</em>First Name:</label>
<input type="text" name="first_name" value="" />
<br>
<label for="last_name"><em>*</em>Last Name:</label>
<input type="text" name="last_name" value="" />
<br>
<label for="email"><em>*</em>Email:</label>
<input type="text" name="email" value="" />
<br>
<label for="signup-birthdate">Birthdate</label>
<select name="birth_month">
<option value="">---</option>
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="birth_day">
<?php
{echo "<option value=''>---</option>";}
for ($i=1; $i<=31; $i++)
{echo "<option value='$i'>$i</option>";}
?>
</select>
<select name="birth_year">
<?php
{echo "<option value=''>---</option>";}
for ($i=2006; $i>=1900; $i=$i-1)
{echo "<option value='$i'>$i</option>";}
?>
</select>
<br>
<label for="zip">Zip:</label>
<input type="text" name="zip" value="" />
<br>
<label for="sex">Sex:</label>
<select name="sex">
<option value="male">Male</option>
<option value="female">Female</option>
</select>
<br>
<label for="password"><em>*</em>Password:</label>
<input type="password" name="password" value="" />
<br>
<label for="password_check"><em>*</em>Password:</label>
<input type="password" name="password_check" value="" />
<br>
<br>
<label for="invite_code"><em>*</em>Invitation Code:</label>
<input type="text" name="invite_code" value="" />
<input type="submit" name="submit" class="submit_button" value="Sign up" />
</form>

</div> <!--/wrapper -->
</div> <!-- /PAGE -->
Edited by SocialCloud
Link to comment
Share on other sites

Thanks for the help, after looking at your edits I noticed what i was missing.

 

I added alot of more validation since writing this post, but I edited the way I was checking for the key and added $msg at the very top.

 

Top:

 

if (isset($_POST['submit'])) {
$msg = ""; //Initialize errors

 

 

//Check For Invalid Keys
$sql="SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'";
//$code = mysql_query("SELECT invite_codes FROM %table% WHERE invite_codes='".$invite_code."' AND used='0'") or die(mysql_error());
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
if(mysql_num_rows($result)==0)

{
$msg = '<div class="statusmsg">The invitation code is invalid.</div>';
//die;
}

 

 

Then from what I noticed in your edit Instead of

 

 

else {
// Return Success - Valid Email
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.';

$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.

if(empty($msg)

 

I removed the first else as it would return the message saying your account is valid even if it did fail.

 

I replaced it with your suggestion

 elseif(empty($msg)) { 

and now the page is running successfully checking the database for the codes as well as updating the used column.

 

Thank you so much! I wish you could understand how happy I am now. This was bugging me for the past 3 days. :idea:

Edited by xkrazykidx
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.