Jump to content

insert activation code into table


yandoo
Go to solution Solved by yandoo,

Recommended Posts

Hiya I was hoping for a little help if possible. 

 

I'm building a basic email activation system. I've got to a point that when i register a new account; userid(auto increment),  username, email, password it INSERTS the data into the user table but also the userid and an activation code into the activations table. 

 

Its all working except it doesn't insert the activation code into the activation table. There's no errors of any kind either so i just don't know why its not working. If you can see why please let me know because I'm stumped. 

 

register.php

<?php include('core/init.inc.php');
error_reporting(E_ALL);

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == false){
		$errors[] = 'The email address you entered is not invalid.';
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if ($_POST['password'] != $_POST['repeat_password']){
		$errors[] = 'Password verification failed';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['email'], $_POST['password']);
							
		header('Location: protected.php');
		die();
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<title></title>
	</head>
	<body>
		<div>
	<?php 
	
	if (empty($errors) == false){	
	?>
	<ul>
	
	<?php 
	foreach ($errors as $error){
	echo "<li>($error)</li>";
	}
	
	?>
	
	</ul>
	
	
	<?php 
	}
	
	?>
</div>

<form action="" method="post">
<p>
	<label for="username">Username:</label>
	<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']);?>"/>
</p>
<p>

<label for="email">Email:</label>
	<input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']);?>"/>

</p>

<p>
	<label for="pasword">Password:</label>
	<input type="password" name="password" id="password" />
</p>
<p>

	<label for="repeat_pasword">Repeat Password:</label>
	<input type="password" name="repeat_password" id="repeat_password" />
</p>
<p>
	<input type="submit" value="Register" />
</p>
</form>
	</body>
	</html>

user.inc.php

<?php error_reporting(E_ALL);
// check if given username exists in table
function user_exists($user){
	$user = mysql_real_escape_string($user);
	$total = mysql_query("SELECT COUNT(UserID) FROM user WHERE `Username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}

// check if given username and password combination is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT(UserID) FROM user WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}


// add users to the database
function add_user($user, $email, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$email = mysql_real_escape_string($email) ;
$pass = sha1($pass);

$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range (0, 9)));
$aid = implode('', array_rand($charset, 10));

$body = <<<EMAIL

Hi, 

Thanks for registering before you login you need to activate your account.

To do that simply click the following link.

http://localhost/simply-inspiration/activte.php?aid={$aid}

EMAIL;

mail($email, 'Your new account at simply-inspiration.com', $body, 'From: admin@simply-inspiration.com');

mysql_query("INSERT INTO `user` (`Username`, `Password`, `Email`) VALUES ('{$user}', '{$pass}', '{$email}')");

$UserID = mysql_insert_id();

mysql_query("INSERT INTO `activations` (`UserID`, `ActivationCode`) VALUES ('{$UserID}', '{$aid}')");

}

?>

Thank you very much :)

Link to comment
Share on other sites

The reason why you weren't getting any error messages, is because you have a complete lack of error handling in your script. Without actually checking, and handling, errors you won't get any information when a third party system fails.

Your code is also quite insecure, especially the manner in which you're storing the password. Which is why I recommend you to read the following articles, and watch the linked video:

General PHP security

secure login systems

How to debug your SQL errors

Video on Password Hashing in PHP

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.