Jump to content

Recommended Posts

Hi,

 

I'm quite new to PHP and I have some problem in my php script.How do we allow the user immediately logged into the system after they enter the correct activation code?

 

Here is my script:

 

<?php
$username = $_POST['username'];
$activation_code = $_POST['activation_code'];
$db_host = "localhost";
$db_name = "databasename";
$db_use = "root";
$db_pass = "password";
$link = mysql_connect($db_host, $db_use, $db_pass);
mysql_select_db($db_name, $link);
$command = "UPDATE email_activation SET check_activation='$activation_code' WHERE username='$username' and activation='$activation_code'";
$result = mysql_query($command);
if ($result) {
$query = "SELECT * FROM email_activation where username LIKE '%$username%' LIMIT 0 , 1 ";
$result = mysql_query($query) OR die(mysql_error());
while($row = mysql_fetch_array($result))
{
$name = $row['username'];
$email = $row['email'];
$password = $row['password];
$activation = $row['activation'];
$query = "INSERT INTO member (username, email, password, activation) VALUES ('$username','$email','$password','$activation')";
$result = mysql_query($query) OR die(mysql_error());
if ($result) {
echo "Congratulations. Your membership has been activated and saved in member table …";
}else{
echo ("Congratulations. Your membership has been activated but it's can't saved in member table …");
}
}
}else{
echo ("You've entered an invalid username / activation code – please retry");
}
?>

Link to comment
https://forums.phpfreaks.com/topic/288415-immediately-logged-into-system/
Share on other sites

 

 

How do we allow the user immediately logged into the system

How does your code identify the user is logged in?

 

Also your code has potential for SQL injection attacks because you are not validating and sanitizing the users input before using it in your queries

 

You should not be using wildcard search here.

$query = "SELECT * FROM email_activation where username LIKE '%$username%' LIMIT 0 , 1 ";

You need to do an absolute match  WHERE username ='$username'

 

Also You should also consider converting your code to PDO or mysqli as the mysql_* functions are deprecated and no longer supported.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.