yandoo Posted June 20, 2013 Share Posted June 20, 2013 Hiya I was hoping for a little help if possible. I'm building a basic email activation system. I've got to a point that when i register a new account; userid(auto increment), username, email, password it INSERTS the data into the user table but also the userid and an activation code into the activations table. Its all working except it doesn't insert the activation code into the activation table. There's no errors of any kind either so i just don't know why its not working. If you can see why please let me know because I'm stumped. register.php <?php include('core/init.inc.php'); error_reporting(E_ALL); $errors = array(); if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){ if (empty($_POST['username'])){ $errors[] = 'The username cannot be empty.'; } if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == false){ $errors[] = 'The email address you entered is not invalid.'; } if (empty($_POST['password']) || empty($_POST['repeat_password'])){ $errors[] = 'The password cannot be empty.'; } if ($_POST['password'] != $_POST['repeat_password']){ $errors[] = 'Password verification failed'; } if (user_exists($_POST['username'])){ $errors[] = 'The username you entered is already taken.'; } if (empty($errors)){ add_user($_POST['username'], $_POST['email'], $_POST['password']); header('Location: protected.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title></title> </head> <body> <div> <?php if (empty($errors) == false){ ?> <ul> <?php foreach ($errors as $error){ echo "<li>($error)</li>"; } ?> </ul> <?php } ?> </div> <form action="" method="post"> <p> <label for="username">Username:</label> <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']);?>"/> </p> <p> <label for="email">Email:</label> <input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']);?>"/> </p> <p> <label for="pasword">Password:</label> <input type="password" name="password" id="password" /> </p> <p> <label for="repeat_pasword">Repeat Password:</label> <input type="password" name="repeat_password" id="repeat_password" /> </p> <p> <input type="submit" value="Register" /> </p> </form> </body> </html> user.inc.php <?php error_reporting(E_ALL); // check if given username exists in table function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT(UserID) FROM user WHERE `Username` = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } // check if given username and password combination is valid function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $total = mysql_query("SELECT COUNT(UserID) FROM user WHERE `Username` = '{$user}' AND `Password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } // add users to the database function add_user($user, $email, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $email = mysql_real_escape_string($email) ; $pass = sha1($pass); $charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range (0, 9))); $aid = implode('', array_rand($charset, 10)); $body = <<<EMAIL Hi, Thanks for registering before you login you need to activate your account. To do that simply click the following link. http://localhost/simply-inspiration/activte.php?aid={$aid} EMAIL; mail($email, 'Your new account at simply-inspiration.com', $body, 'From: [email protected]'); mysql_query("INSERT INTO `user` (`Username`, `Password`, `Email`) VALUES ('{$user}', '{$pass}', '{$email}')"); $UserID = mysql_insert_id(); mysql_query("INSERT INTO `activations` (`UserID`, `ActivationCode`) VALUES ('{$UserID}', '{$aid}')"); } ?> Thank you very much Link to comment https://forums.phpfreaks.com/topic/279398-insert-activation-code-into-table/ Share on other sites More sharing options...
yandoo Posted June 20, 2013 Author Share Posted June 20, 2013 Ooops amazing how you can see things more clearly when you stop for a moment! The mysql table was suppose to be a varchar and was an int by accident. thanks anyways, love you all x Link to comment https://forums.phpfreaks.com/topic/279398-insert-activation-code-into-table/#findComment-1437122 Share on other sites More sharing options...
Christian F. Posted June 20, 2013 Share Posted June 20, 2013 The reason why you weren't getting any error messages, is because you have a complete lack of error handling in your script. Without actually checking, and handling, errors you won't get any information when a third party system fails. Your code is also quite insecure, especially the manner in which you're storing the password. Which is why I recommend you to read the following articles, and watch the linked video: General PHP security secure login systems How to debug your SQL errors Video on Password Hashing in PHP Link to comment https://forums.phpfreaks.com/topic/279398-insert-activation-code-into-table/#findComment-1437139 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.