Generaljoe Posted July 2, 2014 Share Posted July 2, 2014 Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after the $key UPDATES where email is $email and sets it to null, then the fetched variables can be emailed to user's email my code below, doesnt work as expected <?php include ('database_connection.php'); if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])) { $email = $_GET['email']; } if (isset($_GET['key']) && (strlen($_GET['key']) == 32))//The Activation key will always be 32 since it is MD5 Hash { $key = $_GET['key']; } if (isset($email) && isset($key)) { // Update the database to set the "activation" field to null $query_activate_account = "UPDATE members SET Activation=NULL WHERE(email ='$email' AND Activation='$key')LIMIT 1"; $result_activate_account = mysqli_query($dbc, $query_activate_account) ; // Print a customized message: if (mysqli_affected_rows($dbc) == 1)//if update query was successfull { // Send the email: $message = " Your Account has now been verified, Below are your Details.\n\n"; $message .= " __________________________________________ Username: $username Password: $Password Account Number: $randomnumber __________________________________________ Please Ensure you keep safely."; echo '<div class="success">Your account is now active and your Account details sent to you. You may now <a href="login.php">Log in</a></div>'; mail ($email, "Activation Success", $message, 'From:My site<no-reply@xxxx.com>'); Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/ Share on other sites More sharing options...
Solution Psycho Posted July 2, 2014 Solution Share Posted July 2, 2014 (edited) my code below, doesnt work . . . as expected That isn't very helpful. What is it doing or not doing that is incorrect? But, I will comment on your logic: 1. Why are you passing the email address in the request? The activation code is all you need. 2. There is no error logging, so it is impossible to say why the code is not working as expected. The code to update the DB and send the email is wrapped within an if() condition. So, if one of those two values are not set, it will not run. Since we can't see the construction of the URL that is used, it's impossible to know if that may be the source of the problem. Or, the query could be failing for all we know. 3. No need to include the DB connection file if you may not run a query . . . but, don't bother doing a pre-validation of the key since if it isn't 32 characters it won't find a match anyway 4. You need to prevent SQL injection. 5. Why is there a limit on the query? Are you reusing the activation keys? There are more than you can comprehend. 6. I don't see anything in the code to define $username, $password or $randomnumber Here is a different take on the process that may help <?php $activation = isset($_GET['key']) ? $_GET['key'] : false; if (!$activation) { echo "No activation key passed"; } else { // Update the database to set the "activation" field to null include ('database_connection.php'); $activation = mysqli_real_escape_string($dbc, $activation); $query = "UPDATE members SET Activation=NULL WHERE Activation='$key'"; $result = mysqli_query($dbc, $query); if(!$result) { echo "An error occured trying to activate your account"; //Debug line only, log errors in a production environment echo "Query: $query<br>Error: " . mysqli_error($dbc); } elseif(!mysqli_affected_rows($dbc)) { echo "Your activation code does not appear to be valid"; } else { //Activation completed. Send a customized message. ### ADD CODE TO GET USERNAME & ACOUNT NUMBER FROM DB AND TO GENERATE TEMP PASSWORD $message = " Your Account has now been verified, Below are your Details.\n __________________________________________ Username: $username Password: $Password Account Number: $randomnumber __________________________________________ Please Ensure you keep safely."; if(!mail ($email, "Activation Success", $message, 'From:My site<no-reply@xxxx.com>')) { echo "There was a problem sending your activation details"; } else { echo '<div class="success">Your account is now active and your Account details sent to you. You may now <a href="login.php">Log in</a></div>'; } } } ?> Edited July 2, 2014 by Psycho Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/#findComment-1483606 Share on other sites More sharing options...
Generaljoe Posted July 2, 2014 Author Share Posted July 2, 2014 <?php $activation = isset($_GET['key']) ? $_GET['key'] : false; if (!$activation) { echo "No activation key passed"; } else { // Update the database to set the "activation" field to null include ('database_connection.php'); $activation = mysql_real_escape_string($activation); $query = "UPDATE members SET Activation=NULL WHERE Activation='$key'"; $result = mysqli_query($dbc, $query_activate_account); if(!$result) { echo "An error occured trying to activate your account"; //Debug line only, log errors in a production environment echo "Query: $query<br>Error: " . mysql_error(); } elseif(!mysqli_affected_rows($dbc)) { echo "Your activation code does not appear to be valid"; } else { //Activation completed. Send a customized message. //query $query = mysql_query("select username, Password, randomnumber from members where key='$key'") or die ('Query is invalid: ' . mysql_error()); //write the results while ($row = mysql_fetch_array($query)) { $message = " Your Account has now been verified, Below are your Details.\n __________________________________________ Username: $username Password: $Password Account Number: $randomnumber __________________________________________ Please Ensure you keep safely."; if(!mail ($email, "Activation Success", $message, 'From:My site<no-reply@xxxx.com>')) { echo "There was a problem sending your activation details"; } else { echo '<div class="success">Your account is now active and your Account details sent to you. You may now <a href="login.php">Log in</a></div>'; } } } ?> i got error in line 57 Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/#findComment-1483607 Share on other sites More sharing options...
Jacques1 Posted July 2, 2014 Share Posted July 2, 2014 Never store passwords as plaintext or even send them around by e-mail. The passwords are highly sensitive data and could be used on other websites as well, which means it's your duty to protect them with state-of-the-art security. If you're unable or unwilling to do that, you should remove the registration feature. Since you happily drop the URL parameters into your query strings, you actually allow anybody to write their own queries and, for example, fetch all plaintext passwords. You might as well publish the database credentials. I strongly recommend that you learn the basics of web security and database access before you even think about storing user data. I'm not saying this to put you down, but leaking the data of other people is simply unacceptable. Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/#findComment-1483608 Share on other sites More sharing options...
Generaljoe Posted July 2, 2014 Author Share Posted July 2, 2014 here is the full code <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { $error = array();//Declare An Array to store any error message if (empty($_POST['username'])) {//if no name has been supplied $error[] = 'Please Enter Username ';//add to array "error" } else { $username = $_POST['username'];//else assign it a variable } if (empty($_POST['salutation'])) {//if no name has been supplied $error[] = 'Please Enter Salutation ';//add to array "error" } else { $salutation = $_POST['salutation'];//else assign it a variable } if (empty($_POST['gender'])) {//if no name has been supplied $error[] = 'Please Select Gender ';//add to array "error" } else { $gender = $_POST['gender'];//else assign it a variable } if (empty($_POST['firstname'])) {//if no name has been supplied $error[] = 'Please Enter Firstname ';//add to array "error" } else { $firstname = $_POST['firstname'];//else assign it a variable } if (empty($_POST['lastname'])) {//if no name has been supplied $error[] = 'Please Enter Lastname ';//add to array "error" } else { $lastname = $_POST['lastname'];//else assign it a variable } if (empty($_POST['maritialstatus'])) {//if no name has been supplied $error[] = 'Please Enter Marital status ';//add to array "error" } else { $maritialstatus = $_POST['maritialstatus'];//else assign it a variable } if (empty($_POST['dob'])) {//if no name has been supplied $error[] = 'Please Enter Date of Birth ';//add to array "error" } else { $dob = $_POST['dob'];//else assign it a variable } if (empty($_POST['category'])) {//if no name has been supplied $error[] = 'Please Enter Category ';//add to array "error" } else { $category = $_POST['category'];//else assign it a variable } if (empty($_POST['motmaidenname'])) {//if no name has been supplied $error[] = 'Please Enter Mother Maiden name ';//add to array "error" } else { $motmaidenname = $_POST['motmaidenname'];//else assign it a variable } if (empty($_POST['fathername'])) {//if no name has been supplied $error[] = 'Please Enter Father name ';//add to array "error" } else { $fathername = $_POST['fathername'];//else assign it a variable } if (empty($_POST['mobileno'])) {//if no name has been supplied $error[] = 'Please Enter Mobile Number ';//add to array "error" } else { $mobileno = $_POST['mobileno'];//else assign it a variable } if (empty($_POST['occtype'])) {//if no name has been supplied $error[] = 'Please Select Occupation Type ';//add to array "error" } else { $occtype = $_POST['occtype'];//else assign it a variable } if (empty($_POST['income'])) {//if no name has been supplied $error[] = 'Please Seclect Income ';//add to array "error" } else { $income = $_POST['income'];//else assign it a variable } if (empty($_POST['sourceoffunds'])) {//if no name has been supplied $error[] = 'Please Select Source of Fund ';//add to array "error" } else { $sourceoffunds = $_POST['sourceoffunds'];//else assign it a variable } if (empty($_POST['state'])) {//if no name has been supplied $error[] = 'Please Enter State ';//add to array "error" } else { $state = $_POST['state'];//else assign it a variable } if (empty($_POST['Country'])) {//if no name has been supplied $error[] = 'Please Select Country ';//add to array "error" } else { $Country = $_POST['Country'];//else assign it a variable } if (empty($_POST['city'])) {//if no name has been supplied $error[] = 'Please Select City ';//add to array "error" } else { $city = $_POST['city'];//else assign it a variable } if (empty($_POST['randomnumber'])) {//if no name has been supplied $error[] = 'AutoGenerate AccountNumber Failed ';//add to array "error" } else { $randomnumber = $_POST['randomnumber'];//else assign it a variable } if (empty($_POST['Addressproof'])) {//if no name has been supplied $error[] = 'Please Enter Address ';//add to array "error" } else { $Addressproof = $_POST['Addressproof'];//else assign it a variable } if (empty($_POST['email'])) { $error[] = 'Please Enter your Email '; } else { if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['email'])) { //regular expression for email validation $email = $_POST['email']; } else { $error[] = 'Your EMail Address is invalid '; } } if (empty($_POST['Password'])) { $error[] = 'Please Enter Your Password '; } else { $Password = $_POST['Password']; } if (empty($error)) //send to Database if there's no error ' { // If everything's OK... // Make sure the email address is available: $query_verify_email = "SELECT * FROM members WHERE email ='$email'"; $result_verify_email = mysqli_query($dbc, $query_verify_email); if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false) echo ' Database Error Occured '; } if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email . // Create a unique Activation code: $Activation = md5(uniqid(rand(), true)); $query_insert_user = "INSERT INTO `members` ( `salutation`, `gender`, `firstname`, `middlename`, `lastname`, `maritialstatus`, `dob`, `category`, `motmaidenname`, `fathername`, `email`, `mobileno`, `chkpan`, `occtype`, `education`, `income`, `sourceoffunds`, `others`, `PassportID`, `username`, `Addressproof`, `Password`, `state`, `Country`, `city`, `randomnumber`, `Activation`) VALUES ('$salutation', '$gender', '$firstname', '$middlename', '$lastname', '$maritialstatus', '$dob', '$category', '$motmaidenname', '$fathername', '$email', '$mobileno', '$chkpan', '$occtype', '$education', '$income', '$sourceoffunds', '$others', '$PassportID', '$username', '$Addressproof', '$Password', '$state', '$Country', '$city', '$randomnumber', '$Activation')"; $result_insert_user = mysqli_query($dbc, $query_insert_user); if (!$result_insert_user) { echo 'Query Failed '; } if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull. // Send the email: $message = " To activate your account, please click on this link:\n\n"; $message .= " http://www.mysite.com/activate.php?email=$email&key=$Activation"; $message .= " __________________________________________ Username: $username Password: $Password __________________________________________ Please Ensure you keep safely."; mail($email, 'Sign Up|Verification', $message, 'From:My Site<no-reply@xxxxx.com>'); // Flush the buffered output. // Finish the page: echo '<div class="success">Thank you for registering! A confirmation email has been sent to '.$email.' Please click on the Activation Link to Activate your account </div>'; } else { // If it did not run OK. echo '<div class="errormsgbox">You could not be registered due to a system error. We apologize for any inconvenience.</div>'; } } else { // The email address is not available. echo '<div class="errormsgbox" >That email address has already been registered. </div>'; } } else {//If the "error" array contains error msg , display them echo '<div class="errormsgbox"> <ol>'; foreach ($error as $key => $values) { echo ' <li>'.$values.'</li>'; } echo '</ol></div>'; } mysqli_close($dbc);//Close the DB Connection } // End of the main Submit conditional. ?> this is the Activation code after verification link is sent <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Activate Your Account</title> <style type="text/css"> body { font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif; font-size:12px; } .success { border: 1px solid; margin: 0 auto; padding:10px 5px 10px 60px; background-repeat: no-repeat; background-position: 10px center; width:450px; color: #4F8A10; background-color: #DFF2BF; background-image:url('images/success.png'); } .errormsgbox { border: 1px solid; margin: 0 auto; padding:10px 5px 10px 60px; background-repeat: no-repeat; background-position: 10px center; width:450px; color: #D8000C; background-color: #FFBABA; background-image: url('images/error.png'); } </style> </head> <body><?php include ('database_connection.php'); if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])) { $email = $_GET['email']; } if (isset($_GET['key']) && (strlen($_GET['key']) == 32))//The Activation key will always be 32 since it is MD5 Hash { $key = $_GET['key']; } if (isset($email) && isset($key)) { // Update the database to set the "activation" field to null $query_activate_account = "UPDATE members SET Activation=NULL WHERE(email ='$email' AND Activation='$key')LIMIT 1"; $result_activate_account = mysqli_query($dbc, $query_activate_account) ; // Print a customized message: if (mysqli_affected_rows($dbc) == 1)//if update query was successfull { echo '<div class="success">Your account is now active. You may now <a href="login.php">Log in</a></div>'; } else { echo '<div class="errormsgbox">Oops !Your account could not be activated. Please recheck the link or contact the system administrator.</div>'; } mysqli_close($dbc); } else { echo '<div class="errormsgbox">Error Occured .</div>'; } ?> </body> </html> all i want is to have the user account details e.g username,Password and randomnumber fetched from database and an email will be sent to user containing account details after account is confirmed. Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/#findComment-1483610 Share on other sites More sharing options...
Generaljoe Posted July 2, 2014 Author Share Posted July 2, 2014 Never store passwords as plaintext or even send them around by e-mail. The passwords are highly sensitive data and could be used on other websites as well, which means it's your duty to protect them with state-of-the-art security. If you're unable or unwilling to do that, you should remove the registration feature. Since you happily drop the URL parameters into your query strings, you actually allow anybody to write their own queries and, for example, fetch all plaintext passwords. You might as well publish the database credentials. I strongly recommend that you learn the basics of web security and database access before you even think about storing user data. I'm not saying this to put you down, but leaking the data of other people is simply unacceptable. i'll have it secured,its still in the development phase, its part of the plan, come on man,i wouldnt want the database injected by some sql injection or some silly tricks Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/#findComment-1483611 Share on other sites More sharing options...
Jacques1 Posted July 3, 2014 Share Posted July 3, 2014 I know, it's only a school project, you'll add security later etc. Leaving all that aside: You cannot use this code on the Internet. If you want your application to survive more than just a few minutes, you need to fix your queries, hash the passwords properly and not send them around in e-mails. Quote Link to comment https://forums.phpfreaks.com/topic/289384-send-user-account-details-to-user-after-email-verification/#findComment-1483655 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.