NickD Posted February 21, 2014 Share Posted February 21, 2014 Hello PHP gurus, complete newbie here (gurus' hearts sink) and I'm working on a slightly customised version of a PHP Tutorial How To Code a Signup Form With Email Confirmation. Basically a new user signs up putting email address and password into a form, the form updates the mysql database user and confirm fields and sends an email to the new user with an activation key, which is then clicked to confirm the sign up. After to and froing I've got the program to accept the user data, update the database, send the email with the activation url which is a confirm.php page with email and confirmation key parameters but when the activation url is clicked the confirm page comes up with: Access denied for user'root'@'IPaddress' (using password:NO) the MySQL set up on the server is that the Database name is the same as the username (not root) The activation key looks like the following: WebsiteURL/signup/confirm.php?email=EmailAddress&signupkey=ac9914a171a0eb2a221fe526621693a4 This is extremely puzzling to me as the DB has been accessed and updated (on the sign-up form)using the same config file as is used in the confirm page Below is the confirm page php code. . Server - localhost via UNIX socket MYSQL Server type Server Version 5.5.35 MySQL community Server (GPUL Server chardet UTF-8 Unicode Web server Apache /2.4.6 (Unix) The DB has two tables: users - fields id, email,password,active; confirm - id, userid, signupkey,email; If further information is required, or the actual URL /IP address, to assist please notify me. Thanking you in anticipation, Nick <?php include_once 'includes/php/config.php'; include_once 'includes/php/functions_new.php'; ?> <?php include 'signup/elements/header.php'; ?> <?php //setup some variables $action = array(); $action['result'] = null; //check if the $_GET variables are present //quick/simple validation if(empty($_GET['email']) || empty($_GET['signupkey'])){ $action['result'] = 'error'; $action['text'] = 'We are missing variables. Please double check your email.'; } if($action['result'] != 'error'){ //cleanup the variables $email = mysql_real_escape_string($_GET['email']); $signupkey = mysql_real_escape_string($_GET['signupkey']); //check if the key is in the database $check_key = mysql_query("SELECT * FROM `confirm` WHERE `email` = '$email' AND `signupkey` = '$signupkey' LIMIT 1") or die(mysql_error()); if(mysql_num_rows($check_key) != 0){ //get the confirm info $confirm_info = mysql_fetch_assoc($check_key); //confirm the email and update the users database $update_users = mysql_query("UPDATE `users` SET `active` = 1 WHERE `id` = '$confirm_info[userid]' LIMIT 1") or die(mysql_error()); //delete the confirm row $delete = mysql_query("DELETE FROM `confirm` WHERE `id` = '$confirm_info[id]' LIMIT 1") or die(mysql_error()); if($update_users){ $action['result'] = 'success'; $action['text'] = 'User has been confirmed. Thank-You!'; }else{ $action['result'] = 'error'; $action['text'] = 'The user could not be updated Reason: '.mysql_error();; } }else{ $action['result'] = 'error'; $action['text'] = 'The key and email is not in our database.'; } } ?> <?= show_errors($action); ?> <?php include 'signup/elements/footer.php'; ?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted February 21, 2014 Share Posted February 21, 2014 it's likely that the complete error message (less any server specific account/path info in it) would provide additional information as to the problem or knowing at what point in your code that error is being produced. best guess, either the path to your included file is different for this particular code and the database connection wasn't attempted or you are mixing using mysql functions in your code but your database connection is actually a mysqli connection, and your mysql_real_escape_string/mysql_query functions are actually trying to create a mysql connection using the default/empty database connection credentials. to help pin down the problem, your generic die(mysql_error()) should actually include a text string identifying what was occurring when the code failed. was the code trying to make a database connection, was it trying to select a database, was it trying to run a query (and which query, i.e. echo the sql query being ran as well.) Quote Link to comment Share on other sites More sharing options...
NickD Posted February 21, 2014 Author Share Posted February 21, 2014 mysql_connect('localhost', 'UserName', 'Password') or die("I couldn't connect to your database, please make sure your info is correct!"); mysql_select_db('DBName') or die("I couldn't find the database table () make sure it's spelt right!"); Hello mac_gyver, thankyou for your prompt response. The config file above has the db access lines / die statements and neither error message shows. In my ignorance I did not put the following piece of information in my original post: Web Server Details PHP extension: mysqli So I think your point about mixing up mysqli connection and the MySQLdetails is spot on. Could you explain where I have gone wrong and how I would go about remedying the situation please? Kind Regards, Nick Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted February 21, 2014 Share Posted February 21, 2014 all the code you have posted is using the same library of functions, mysql (no i), so this problem is not due to mixing one type of connection with a different type of query calls. just because you have the mysqli extension enabled, you must use the mysqli_ functions in your code to make use of it. best guess is your include file isn't being included and you don't have a database connection at the point where the mysql_real_escape_string function is being used and the error is actually coming at that point (php attempts to make a mysql connection at any mysql statement if there isn't already a connection, but this usually fails since the default user/password that php uses for this is usually not set.) start by making sure that php's error_reporting is set to E_ALL and display_errors is set to ON. you should actually have these set in your php.ini, but you can set them in your code, immediately after the first <?php tag. Quote Link to comment Share on other sites More sharing options...
NickD Posted February 24, 2014 Author Share Posted February 24, 2014 Hello mac_gyver, thankyou very much for the reply, you were right about the include file not being included, I put the confirm page in the lower level directory and it picked up the correct file path from there. DOH. I've self learnt quite a few programming languages but this is the first web based one for me so it's all a bit new and I'm aware that at times I can't see the wood for the trees yet! Your insight and patience are greatly appreciated. Kind Regards, Nick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.