steviez Posted February 20, 2007 Share Posted February 20, 2007 Hi, When users signup to my site they get a welcome email, i would like that email to have an activation link and for the site to create a random code for them. How is this done? Thanks Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 20, 2007 Share Posted February 20, 2007 Create the random code, store it in the database, and add it to the link. When they visit the link, check the code... If you write some code, we can help with any errors you run into... Quote Link to comment Share on other sites More sharing options...
skali Posted February 20, 2007 Share Posted February 20, 2007 You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password. Quote Link to comment Share on other sites More sharing options...
steviez Posted February 20, 2007 Author Share Posted February 20, 2007 i have found a code for what i want, problem is i cant for the life in me figure out how to integrate it with my page, here is the code: $valid2=3600*24*$validity; $er=''; if (isset($_POST["email"])) // If the form has been submitted { mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to database"); mysql_select_db($database) or die("Unable to select database"); $page=$serveur.$_SERVER["PHP_SELF"]; $nom=htmlentities(substr($_POST["nom"],0,100), ENT_QUOTES); // we cut the entered values to 100 characters and remove any ' or " $pass=htmlentities(substr($_POST["pass"],0,100), ENT_QUOTES); // this is to avoid SQL insertions (or other injections), and limit the amount of code that could be executed $pass2=htmlentities(substr($_POST["pass2"],0,100), ENT_QUOTES); // in case an insertion should succeed $email=htmlentities(substr($_POST["email"],0,100), ENT_QUOTES); $IP=$_SERVER['REMOTE_ADDR']; $heure=time(); if(!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$', $email))$er.='Please enter a valid e-mail address.<br/>'; // Once again, sth against email insertion if(false!=strpos($nom,chr(92)) || false!=strpos($nom,":") || false!=strpos($nom,",") || false!=strpos($nom,";")) $er.='You used forbidden characters in your user name.<br/>'; do // The code must be unique, but we don't need to tell the user { $session=md5($heure.rand(100000,999999)); $resultat = mysql_query("SELECT * FROM w_members WHERE session ='$session'"); } while(false!=($ligne = mysql_fetch_array ($resultat))); if($nom=="" || $pass=="" || $email==""){$er.='One or more fields are missing.<br/>';} // Fill in all fields, thank you if($pass!=$pass2){$er.='Password and confirmation didn\'t match.<br/>';} // The 2 passwords must be the same $resultat = mysql_query("SELECT * FROM members WHERE nom ='".$nom."'"); if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This username ('.$nom.') is already taken.<br/>';} // If the login is already taken (confirmed) $resultat = mysql_query("SELECT * FROM w_members WHERE nom ='".$nom."'"); if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This username ('.$nom.') is already taken.<br/>';} // If the login is already taken (not yet confirmed) $resultat = mysql_query("SELECT * FROM blackl WHERE email ='".$email."'"); if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This e-mail ('.$email.') is blacklisted. You can\'t use it to sign up here.<br/>';} // If the e-mail is in the blacklist if($er=='') { //**** IF NO ERROR - START //********* Confirmation e-mail /* subject */ $subject = "Account confirmation"; /* message */ $message = ' <html> <head> <title>Account confirmation</title> </head> <body> Hello '.$nom.',<br/><br/> You are receiving this e-mail because you or someone else used your address to sign up on our site.<br/> To complete the sign-up process please follow <a href="'.$page.'?code='.$session.'">this link</a>.<br/><br/> If you didn\'t sign up on our site, just ignore this message and please accept our apologies.<br/> You can also choose to blacklist your e-mail so you won\'t hear from us anymore by following <a href="'.$page.'?code='.$session.'&BL=1">this link</a>.<br/> Your e-mail was submitted from IP '.$IP.' on '.date("r").' (server time).<br/><br/> Best regards,<br/> Site Admin </body> </html> '; /* To send HTML mail, you can set the Content-type header. */ $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; /* additional headers */ $headers .= "To: ".$nom." <".$email.">\r\n"; $headers .= "From: Site <do_not_reply@patheticcockroach.com>\r\n"; /* and now mail it */ if(mail($email, $subject, $message, $headers)) { mysql_query("INSERT INTO w_members SET nom='".$nom."',pass='".md5($pass)."',email='".$email."',heure='".$heure."',session='".$session."',IP='".$IP."';"); // We insert the data into the waiting table echo 'Thank you.<br/>An e-mail was sent to '.$email.'. Please check your e-mail and confirm your membership within '.$validity.' days.'; } else {$er.='We weren't able to send you the confirmation e-mail. Please contact the webmaster.<br/>';} } //**** IF NO ERROR - END mysql_close(); } // If the form has been filled - END else if(isset($_GET["code"])) // If a code is entered { mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to database"); mysql_select_db($database) or die("Unable to select database"); $heure=time(); $heure2=$heure-$valid2; // We delete outdated codes mysql_query("DELETE FROM w_members WHERE heure<".$heure2.";"); $session=htmlentities($_GET["code"], ENT_QUOTES); $sql = "SELECT * FROM w_members WHERE session ='".$session."'"; $resultat = mysql_query($sql); if(false==($ligne = mysql_fetch_assoc ($resultat))){$er.='This code is wrong or has expired, please fill in the form again.<br/>';} if($er=='') { //**** IF NO ERROR - START if(!isset($_GET["BL"])) // If the user comes to confirm, we insert them into the members table and remove them from the waiting table { $nom=$ligne['nom']; mysql_query("INSERT INTO members SET nom='".$nom."',pass='".$ligne['pass']."',email='".$ligne['email']."',IP='".$ligne['IP']."',heure='".$ligne['heure']."';"); mysql_query("DELETE FROM w_members WHERE session='".$session."'"); echo 'Thank you for confirming your inscription '.$nom.'. You are now a member of the site.'; } else if($_GET["BL"]==1) // If the user comes to be blacklisted, we ask for a confirmation { echo 'Click <a href="'.$_SERVER["PHP_SELF"].'?code='.$session.'&BL=2">here</a> to blacklist your e-mail. This CANNOT be undone.'; } else // If the user confirms they want to be blacklisted, we insert them into the blacklist and remove them from the waiting table { $email=$ligne['email']; mysql_query("INSERT INTO blackl SET email='".$email."',IP='".$ligne['IP']."',heure='".$ligne['heure']."';"); mysql_query("DELETE FROM w_members WHERE session='".$session."'"); echo 'Your e-mail, '.$email.', has been blacklisted. You won't receive anymore e-mails from us.'; } } //**** IF NO ERROR - END mysql_close(); } // If a code is entered - END else{show_form();} // If there is no form submitted nor a code, we show the form if($er!='' && isset($_POST["email"])){show_form($nom,$pass,$pass2,$email,$er);} else if($er!='' && !isset($_POST["email"])){show_form('','','','',$er);} //************ Form display function function show_form($nom="",$pass="",$pass2="",$email="",$er='') { echo '<div style="font-weight:bold;">'.$er.'</div> Please fill in the sign up form :<br/> <form action="'.$_SERVER["PHP_SELF"].'" method="post"> <table> <tr> <td><label for="nom">Desired login</label> :</td><td><input type="text" name="nom" id="nom" size="50" maxlength="20" value="'.$nom.'" /></td> </tr> <tr> <td><label for="pass">Password</label> :</td><td><input type="password" name="pass" id="pass" size="50" maxlength="20" value="'.$pass.'" /></td> </tr> <tr> <td><label for="pass2">Confirm password</label> :</td><td><input type="password" name="pass2" id="pass2" size="50" maxlength="20" value="'.$pass2.'" /></td> </tr> <tr> <td><label for="email">E-mail</label> :</td><td><input type="text" name="email" id="email" size="50" maxlength="100" value="'.$email.'" /></td> </tr> <tr><td colspan="2" style="text-align:center;"><input type="submit" value=" Sign Up " /></td></tr> </table> </form>'; } ?> and my page code is: <?php include("connect"); include("header"); if(isset($action_signup)) { if(($email != '') && ($username != '') && ($password != '') && ($country !='') && ($gender != '') && ($birthday_mon != '') && ($birthday_yr != '') && ($birthday_day != '')) { $query = "select * from user where username = '$username' and status = 'ACTIVE'"; $result = mysql_query($query); $num = mysql_num_rows($result); if($num < 1) { $date_of_birth = $birthday_yr."-".$birthday_mon."-".$birthday_day; $signup = date("Y-m-d"); if(isset($newsletter)) $newsletter = "YES"; else $newsletter = 'NO'; $insert_query = "insert into user (email,username,password,country,gender,date_of_birth,signup,newsletter,terms) values('$email','$username','$password','$country','$gender','$date_of_birth','$signup','$newsletter', '$terms')"; $insert_result = mysql_query($insert_query); $newUserInsertId = mysql_insert_id(); if($refUser != '') { $update_friends = "update friends set status = 'CONFIRM',friend_id ='$newUserInsertId' where user_reference_id = '$refUser' and status = 'ACITVE'"; $update_result = mysql_query($update_friends); } if(isset($insert_result)) { $message = 'HTML GOES HERE'; $subject = "Welcome to Music4Play.com!"; $email = "$email"; $headers .= 'From: Music4Play.com <welcome@music4play.com>' . "\r\n"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($email,$subject,$message,$headers); header("Location:login"); } } else { $ERROR = "Username Already Present."; } } else { $ERROR = "Please enter mandatory fields"; } } ?> <script type="text/javascript" src="<?php echo $JAVA_SCRIPT_FILE_PATH ?>"></script> <script language="JavaScript" type="text/javascript"> <!-- function MM_reloadPage(init) { //reloads the window if Nav4 resized if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) { document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload(); } MM_reloadPage(true); // --> /*FUNCTION FOR THE EMAIL VALIDATIONS*/ function emailCheck (emailStr) { /* The following pattern is used to check if the entered e-mail address fits the user@domain format. It also is used to separate the username from the domain. */ var emailPat=/^(.+)@(.+)$/ /* The following string represents the pattern for matching all special characters. We don't want to allow special characters in the address. These characters include ( ) < > @ , ; : \ " . [ ] */ var specialChars="\\(\\)<>@,;:\\\\\\\"\\.\\[\\]" /* The following string represents the range of characters allowed in a username or domainname. It really states which chars aren't allowed. */ var validChars="\[^\\s" + specialChars + "\]" /* The following pattern applies if the "user" is a quoted string (in which case, there are no rules about which characters are allowed and which aren't; anything goes). E.g. "jiminy cricket"@disney.com is a legal e-mail address. */ var quotedUser="(\"[^\"]*\")" /* The following pattern applies for domains that are IP addresses, rather than symbolic names. E.g. joe@[123.124.233.4] is a legal e-mail address. NOTE: The square brackets are required. */ var ipDomainPat=/^\[(\d)\.(\d)\.(\d)\.(\d)\]$/ /* The following string represents an atom (basically a series of non-special characters.) */ var atom=validChars + '+' /* The following string represents one word in the typical username. For example, in john.doe@somewhere.com, john and doe are words. Basically, a word is either an atom or quoted string. */ var word="(" + atom + "|" + quotedUser + ")" // The following pattern describes the structure of the user var userPat=new RegExp("^" + word + "(\\." + word + ")*$") /* The following pattern describes the structure of a normal symbolic domain, as opposed to ipDomainPat, shown above. */ var domainPat=new RegExp("^" + atom + "(\\." + atom +")*$") /* Finally, let's start trying to figure out if the supplied address is valid. */ /* Begin with the coarse pattern to simply break up user@domain into different pieces that are easy to analyze. */ var matchArray=emailStr.match(emailPat) if (matchArray==null) { /* Too many/few @'s or something; basically, this address doesn't even fit the general mould of a valid e-mail address. */ alert("Email address seems incorrect (check @ and .'s)") return false } var user=matchArray[1] var domain=matchArray[2] // See if "user" is valid if (user.match(userPat)==null) { // user is not valid alert("The username doesn't seem to be valid.") return false } /* if the e-mail address is at an IP address (as opposed to a symbolic host name) make sure the IP address is valid. */ var IPArray=domain.match(ipDomainPat) if (IPArray!=null) { // this is an IP address for (var i=1;i<=4;i++) { if (IPArray[i]>255) { alert("Destination IP address is invalid!") return false } } return true } // Domain is symbolic name var domainArray=domain.match(domainPat) if (domainArray==null) { alert("The domain name doesn't seem to be valid.") return false } /* domain name seems valid, but now make sure that it ends in a three-letter word (like com, edu, gov) or a two-letter word, representing country (uk, nl), and that there's a hostname preceding the domain or country. */ /* Now we need to break up the domain to get a count of how many atoms it consists of. */ var atomPat=new RegExp(atom,"g") var domArr=domain.match(atomPat) var len=domArr.length if (domArr[domArr.length-1].length<2 || domArr[domArr.length-1].length>3) { // the address must end in a two letter or three letter word. alert("The address must end in a three-letter domain, or two letter country.") return false } // Make sure there's a host name preceding the domain. if (len<2) { var errStr="This address is missing a hostname!" alert(errStr) return false } // If we've gotten this far, everything's valid! return true; } // End --> /*FUNCTION ENDS HERE*/ function check() { if (emailCheck(document.registration.email.value)==false) { document.registration.email.focus(); return false; } if (document.registration.username.value=='') { alert("Please enter username"); document.registration.username.focus(); return false; } if (document.registration.password.value=='') { alert("Please enter password"); document.registration.password.focus(); return false; } if (document.registration.confirm_password.value=='') { alert("Please enter confirm_password"); document.registration.confirm_password.focus(); return false; } if (document.registration.password.value != document.registration.confirm_password.value) { alert("Password and confirm password should be same"); document.registration.password.value = ''; document.registration.confirm_password.value = ''; document.registration.password.focus(); return false; } if (document.registration.country.value=='') { alert("Please select Country"); document.registration.country.focus(); return false; } if (document.registration.terms.value=='') { alert("You MUST agree to our terms and conditions before you can signup!"); document.registration.terms.focus(); return false; } if (document.registration.gender.value=='') { alert("Please enter gender"); document.registration.gender.focus(); return false; } if (document.registration.birthday_mon.value=='') { alert("Please select birthday month"); document.registration.birthday_mon.focus(); return false; } if (document.registration.birthday_day.value=='') { alert("Please enter birthday day"); document.registration.birthday_day.focus(); return false; } if (document.registration.birthday_yr.value=='') { alert("Please enter birthday year"); document.registration.birthday_yr.focus(); return false; } return true; } </script> <style type="text/css"> <!-- body { background-image:url("../images/body_background.gif"); margin-left:auto; margin-right:auto; } --> </style> <table align="center" width="780" class="frame"> <tr> <td width="525" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><table width="100%" style="height:450px;" class="page_content_frame"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td width="16%" align="left" class="darkblue12"><img src="../images/signup.gif" alt="" width="146" height="15" /></td> </tr> <tr> <td align="left" valign="top"><br /> <? echo('Joining'); echo " ".$SITENAME." "; echo('is free and easy. Just fill out the account information below.'); ?> <div class="littleText" id="suRequiredTopDiv"> ( <? echo('All fields required'); ?> )</div></td> </tr> <?php if(isset($ERROR)) { ?> <tr> <td align="center"><font color="#FF0000"> <?php echo $ERROR; ?> </font></td> </tr> <?php } if(isset($MSG)) { ?> <tr> <td align="center"><font color="#FF0000"> <?php echo $MSG; ?> </font></td> </tr> <?php } ?> <tr> <td align="left"><form action="#" method="post" name="registration" id="registration" onsubmit="return check();"> <? if($inv == 'accept') { ?> <input type="hidden" value="<? echo $ref ?>" name="refUser" /> <? } ?> <table width="100%" border="0" cellspacing="2" cellpadding="3"> <tr> <td width="24%"><? echo('Email Address'); ?> :</td> <td width="76%"><input name="email" type="text" class="txtfield" value="<?php echo $_POST[email] ?>" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('User Name :'); ?> </td> <td><input name="username" type="text" class="txtfield" value="<?php echo $_POST[username] ?>" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Password :'); ?> </td> <td><input name="password" type="password" class="txtfield" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Confirm Password :'); ?> </td> <td><input name="confirm_password" type="password" class="txtfield" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Country :'); ?> </td> <td><select name="country" class="dropmenu"> <option value="" selected="selected">---</option> <?php $query_country_list = "select * from countrylist"; $result_country_list = mysql_query($query_country_list); while($rec_list = mysql_fetch_array($result_country_list)) {?> <option value="<?php echo $rec_list[isocode]?>" <?php if($rec_list[isocode] == $_POST[country]){echo 'selected';}?>><?php echo $rec_list[country]?></option> <?}?> </select> <span class="required"><?php echo('*'); ?></span> </td> </tr> <tr> </tr> <tr> <td><? echo('Gender :'); ?> </td> <td><input type="radio" value="Male" name="gender" <?php if($_POST[gender] == 'Male') { echo checked; } ?> /> <? echo('Male'); ?> <input type="radio" value="Female" name="gender" <?php if($_POST[gender] == 'Female') { echo checked; } ?> /> <? echo('Female'); ?> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Date Of Birth :'); ?> </td> <td><select name="birthday_mon" class="dropmenu"> <option>---</option> <option value="1" <?php if($_POST[birthday_mon] == 1) { echo selected; } ?>><? echo ('Jan') ?></option> <option value="2" <?php if($_POST[birthday_mon] == 2) { echo selected; } ?>><? echo ('Feb') ?></option> <option value="3" <?php if($_POST[birthday_mon] == 3) { echo selected; } ?>><? echo ('Mar') ?></option> <option value="4" <?php if($_POST[birthday_mon] == 4) { echo selected; } ?>><? echo ('Apr') ?></option> <option value="5" <?php if($_POST[birthday_mon] == 5) { echo selected; } ?>><? echo ('May') ?></option> <option value="6" <?php if($_POST[birthday_mon] == 6) { echo selected; } ?>><? echo ('Jun') ?></option> <option value="7" <?php if($_POST[birthday_mon] == 7) { echo selected; } ?>><? echo ('Jul') ?></option> <option value="8" <?php if($_POST[birthday_mon] == { echo selected; } ?>><? echo ('Aug') ?></option> <option value="9" <?php if($_POST[birthday_mon] == 9) { echo selected; } ?>><? echo ('Sep') ?></option> <option value="10" <?php if($_POST[birthday_mon] == 10) { echo selected; } ?>><? echo ('Oct') ?></option> <option value="11" <?php if($_POST[birthday_mon] == 11) { echo selected; } ?>><? echo ('Nov') ?></option> <option value="12" <?php if($_POST[birthday_mon] == 12) { echo selected; } ?>><? echo ('Dec') ?></option> </select> <select name="birthday_day" class="dropmenu"> <option value="---" selected="selected">---</option> <?php for($i=1;$i<32;$i++) { ?> <option value="<?php echo $i; ?>"><?php echo $i; ?></option> <?php } ?> </select> <select name="birthday_yr" class="dropmenu"> <option value="---" selected="selected">---</option> <?php for($i=1950;$i<1988;$i++) { ?> <option value="<?php echo $i; ?>"><?php echo $i; ?></option> <?php } ?> </select> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td> </td> <td><input type="checkbox" checked="checked" value="YES" name="newsletter" /> <? echo('Sign me up for the weekly newsletter'); ?> </td> </tr> <tr> <td> </td> <td><script language="JavaScript" type="text/javascript"> <!-- function MM_openBrWindow(theURL,winName,features) { window.open(theURL,winName,features); } //--> </script> <b><?php echo ('By clicking signup you are agreeing to our'); ?><a href="#" onclick="MM_openBrWindow('<?php echo $SITEURL ?>terms_createacc','','resizable=no,width=560,height=600,status=no,scrollbars=1')"> <? echo ('terms of use'); ?></a></b></td> </tr> <tr> <td> </td> <td align="left"><input name="action_signup" type="submit" class="button" value="Signup" /></td> </tr> </table> </form></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> <td width="414" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><table width="100%" style="height:450px;" class="page_content_frame"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="16%" align="left"><table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td class="darkblue12"><img src="../images/login.gif" alt="" width="146" height="15" /></td> </tr> <tr> <td> </td> </tr> <form action="login" method="post" name="login" id="login"> <tr> <td><table width="100%" border="0" cellspacing="2" cellpadding="2"> <tr> <td><? echo('User Name'); ?> :</td> <td><input name="username" type="text" class="txtfield" /></td> </tr> <tr> <td><? echo('Password'); ?> :</td> <td><input name="password" type="password" class="txtfield" /></td> </tr> <tr> <td> </td> <td><b> <? echo ('Forgot'); ?> :</b> <a href="forgotuser"> <? echo('Username'); ?> </a> | <a href="forgotpass"> <? echo('Password'); ?> </a></td> </tr> <tr> <td> </td> <td><input name="submit" type="submit" class="button" value="GO" /></td> </tr> </table></td> </tr> </form> <tr> <td><h4> <? echo('What is'); ?> <? echo $SITENAME; ?></h4> <? echo $SITENAME; ?> <? echo('is a way to get your music to the people who matter to you'); ?> .<br /> <? echo('With Music4play.com you can'); ?> : <ul> <li> <? echo('Upload, tag and share your music worldwide'); ?> </li> <li> <? echo('Browse thousands of original music uploaded by community members'); ?> </li> <li> <? echo('Find, join and create music groups to connect with people with similar interests'); ?> </li> <li> <? echo('Customize your experience with playlists and subscriptions'); ?> </li> <li> <? echo('Integrate Music4Play.com with your website using audio embeds or APIs'); ?> . </li> </ul></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table> <div class="footer"> <?php include("bottom")?> </div> can someone please help me Quote Link to comment Share on other sites More sharing options...
ted_chou12 Posted February 20, 2007 Share Posted February 20, 2007 It doesnt have to be that complicated , the easy way to get around this is to find some codes that generates a string of characters, you send this to your user by puting this function into your registeration page, and using the mail() function to get it to them. Meanwhile, you also need to create a record of that code in your mysql database, or any other ways you prefer to store it, on the activation page, put some codes that allows the code to be obtained from where you stored it, and then check it with what the user gave, you can do this: $activationno = $_GET['activation']; if ($activationno == $activation) {echo "You have successfully activated your account!"; //Here you might have to put some codes that tells your login page that the user had activated his/her account. Hope that helps Ted Quote Link to comment Share on other sites More sharing options...
steviez Posted February 20, 2007 Author Share Posted February 20, 2007 I am too much of a php nubeeee to do this, the script i posted above works perfect but i need help integrating it in to my signup script. Anyone? Quote Link to comment Share on other sites More sharing options...
Balmung-San Posted February 20, 2007 Share Posted February 20, 2007 You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password. I would honestly never suggest this, as you're then sending the user's encrypted password over the internet. Never assume the internet is safe. If you're going to MD5 anything, make it some trivial bits of the user's registration, like username, any optional fields, etc. however, make sure you use more then one field in a pseudo-random order (at least not a highly predictable order, i.e. the way it's entered on the page). Quote Link to comment Share on other sites More sharing options...
craygo Posted February 20, 2007 Share Posted February 20, 2007 give us your registration script and we can help you get it in there. Also not sure if you have it, but you will need to have a couple fields in your table to show whether the user has activated or not. Ray Quote Link to comment Share on other sites More sharing options...
steviez Posted February 20, 2007 Author Share Posted February 20, 2007 I can easy put fields in to the databse if needed, my code for the script and the signup script are above, Thanks Quote Link to comment Share on other sites More sharing options...
boo_lolly Posted February 20, 2007 Share Posted February 20, 2007 You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password. I would honestly never suggest this, as you're then sending the user's encrypted password over the internet. Never assume the internet is safe. If you're going to MD5 anything, make it some trivial bits of the user's registration, like username, any optional fields, etc. however, make sure you use more then one field in a pseudo-random order (at least not a highly predictable order, i.e. the way it's entered on the page). to add to that, i could be wrong, but doesn't md5($string1) and md5($string1) have the exact same output? if that's the case, then i wouldn't use md5 at all, because the method of retrieving this info after the user has clicked the link in the email, and is taken to a page where this charset will be retrieved via $_GET method... if two people have the same password (which is very likely), then it will register all of them, not that particular one. to generate a random ID i use either $_SESSION, or this bit of code: <?php /*generate unique id*/ $totalChar = 30; $salt = "ABCDEFHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz00112233445566778899"; srand((double)microtime()*1000000); $id = NULL; for($i = 0; $i < $totalChar; $i++){ $id = $id . substr($salt, rand() % strlen($salt), 1); } ?> Quote Link to comment Share on other sites More sharing options...
Balmung-San Posted February 20, 2007 Share Posted February 20, 2007 You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password. I would honestly never suggest this, as you're then sending the user's encrypted password over the internet. Never assume the internet is safe. If you're going to MD5 anything, make it some trivial bits of the user's registration, like username, any optional fields, etc. however, make sure you use more then one field in a pseudo-random order (at least not a highly predictable order, i.e. the way it's entered on the page). to add to that, i could be wrong, but doesn't md5($string1) and md5($string1) have the exact same output? if that's the case, then i wouldn't use md5 at all, because the method of retrieving this info after the user has clicked the link in the email, and is taken to a page where this charset will be retrieved via $_GET method... if two people have the same password (which is very likely), then it will register all of them, not that particular one. to generate a random ID i use either $_SESSION, or this bit of code: Yes, md5("monkey") will always churn out the same output. Even if monkey is stored in $string1, $string2, passed in statically, or in a constant. Also, your second point is why I don't suggest using the password as the md5 hash. Using multiple fields (and actually, make sure at least one is unique per user) will prevent the output from ever being the same, or at the very least make it highly unlikely to ever be the same. Quote Link to comment Share on other sites More sharing options...
craygo Posted February 20, 2007 Share Posted February 20, 2007 try adding this <?php $validation = md5(rand(1, 1000)); $insert_query = "insert into user (email,username,password,country,gender,date_of_birth,signup,newsletter,terms, activated,validation_code) values('$email','$username','$password','$country','$gender','$date_of_birth','$signup','$newsletter', '$terms', '0', '$validation')"; $insert_result = mysql_query($insert_query); Now when you send your email, make the link look something like this <a href="http://Music4Play.com/validate.php?user=$username&code=<? echo $validation; ?>">Activate</a> Then now on validate.php <?php $username = $_GET['user']; $code=$_GET['code']; $sql = "SELECT userid FROM user WHERE username = '$username' AND validation_code = '$code'"; $res = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($res); $rows = mysql_num_rows($res); if($rows > 0){ $update = UPDATE users SET activated = '1' AND validation_code = '' WHERE userid = '".$row['userid']."'"; if(mysql_query($update)){ echo "Your account has been activated"; } else { echo "Your validation code is invalid"; } } else { echo "username and validation code do not match"; } Ray Quote Link to comment Share on other sites More sharing options...
boo_lolly Posted February 20, 2007 Share Posted February 20, 2007 @balmung - exactly @ray - you're missing an open double-quote " in the beginning of your $update query. Quote Link to comment Share on other sites More sharing options...
craygo Posted February 20, 2007 Share Posted February 20, 2007 Thanks, for some reason I can't modify my post?!?!?! Quote Link to comment Share on other sites More sharing options...
boo_lolly Posted February 20, 2007 Share Posted February 20, 2007 Thanks, for some reason I can't modify my post?!?!?! this forum SMF has a feature where you can timeout the user edit posts feature. after a certain amount of time has passed from the time the user submitted the post, the user cannot edit that post. Quote Link to comment Share on other sites More sharing options...
craygo Posted February 20, 2007 Share Posted February 20, 2007 bummer!!! Quote Link to comment Share on other sites More sharing options...
steviez Posted February 20, 2007 Author Share Posted February 20, 2007 Hi, Thanks for the help so far! everything is working fine (so i can see) exept the url sent in the email is refusing to display the code or user id. any ideas? Quote Link to comment Share on other sites More sharing options...
steviez Posted February 20, 2007 Author Share Posted February 20, 2007 A quick update to this: When i try to manualy validate a uer all i get is:Your validation code is invalid Any ideas? Quote Link to comment Share on other sites More sharing options...
boo_lolly Posted February 21, 2007 Share Posted February 21, 2007 Hi, Thanks for the help so far! everything is working fine (so i can see) exept the url sent in the email is refusing to display the code or user id. any ideas? ====================================================== A quick update to this: When i try to manualy validate a uer all i get is:Your validation code is invalid Any ideas? i assume these problems are related. try printing out these variables before you put them into a query or send mail. Quote Link to comment Share on other sites More sharing options...
steviez Posted February 21, 2007 Author Share Posted February 21, 2007 Hi, Thanks for the help so far! everything is working fine (so i can see) exept the url sent in the email is refusing to display the code or user id. any ideas? ====================================================== A quick update to this: When i try to manualy validate a uer all i get is:Your validation code is invalid Any ideas? i assume these problems are related. try printing out these variables before you put them into a query or send mail. I have sorted out the problem of the invalid code (it was reading from the wrong database) but how do i sort the email url. i dont have a clue! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.