Jump to content

Recommended Posts

You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password.

i have found a code for what i want, problem is i cant for the life in me figure out how to integrate it with my page, here is the code:

 

$valid2=3600*24*$validity;
$er='';

if (isset($_POST["email"]))		// If the form has been submitted
{
mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to database");
mysql_select_db($database) or die("Unable to select database");

$page=$serveur.$_SERVER["PHP_SELF"];
$nom=htmlentities(substr($_POST["nom"],0,100), ENT_QUOTES);		// we cut the entered values to 100 characters and remove any ' or "
$pass=htmlentities(substr($_POST["pass"],0,100), ENT_QUOTES);		// this is to avoid SQL insertions (or other injections), and limit the amount of code that could be executed
$pass2=htmlentities(substr($_POST["pass2"],0,100), ENT_QUOTES);		// in case an insertion should succeed
$email=htmlentities(substr($_POST["email"],0,100), ENT_QUOTES);
$IP=$_SERVER['REMOTE_ADDR'];
$heure=time();

if(!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$', $email))$er.='Please enter a valid e-mail address.<br/>';	// Once again, sth against email insertion
if(false!=strpos($nom,chr(92)) || false!=strpos($nom,":") || false!=strpos($nom,",") || false!=strpos($nom,";")) $er.='You used forbidden characters in your user name.<br/>';

do					// The code must be unique, but we don't need to tell the user 
{
$session=md5($heure.rand(100000,999999));
$resultat = mysql_query("SELECT * FROM w_members WHERE session ='$session'");
}
while(false!=($ligne = mysql_fetch_array ($resultat)));

if($nom=="" || $pass=="" || $email==""){$er.='One or more fields are missing.<br/>';}				// Fill in all fields, thank you
if($pass!=$pass2){$er.='Password and confirmation didn\'t match.<br/>';}					// The 2 passwords must be the same
$resultat = mysql_query("SELECT * FROM members WHERE nom ='".$nom."'"); 
if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This username ('.$nom.') is already taken.<br/>';}	// If the login is already taken (confirmed)
$resultat = mysql_query("SELECT * FROM w_members WHERE nom ='".$nom."'"); 
if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This username ('.$nom.') is already taken.<br/>';}	// If the login is already taken (not yet confirmed)
$resultat = mysql_query("SELECT * FROM blackl WHERE email ='".$email."'"); 
if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This e-mail ('.$email.') is blacklisted. You can\'t use it to sign up here.<br/>';}	// If the e-mail is in the blacklist

if($er=='')
{	//**** IF NO ERROR - START

//********* Confirmation e-mail
/* subject */
$subject = "Account confirmation";

/* message */
$message = '
<html>
<head>
<title>Account confirmation</title>
</head>
<body>
Hello '.$nom.',<br/><br/>

You are receiving this e-mail because you or someone else used your address to sign up on our site.<br/>
To complete the sign-up process please follow <a href="'.$page.'?code='.$session.'">this link</a>.<br/><br/>

If you didn\'t sign up on our site, just ignore this message and please accept our apologies.<br/>
You can also choose to blacklist your e-mail so you won\'t hear from us anymore by following <a href="'.$page.'?code='.$session.'&BL=1">this link</a>.<br/>
Your e-mail was submitted from IP '.$IP.' on '.date("r").' (server time).<br/><br/>

Best regards,<br/>
Site Admin
</body>
</html>
';

/* To send HTML mail, you can set the Content-type header. */
$headers  = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";

/* additional headers */
$headers .= "To: ".$nom." <".$email.">\r\n";
$headers .= "From: Site <[email protected]>\r\n";

/* and now mail it */
if(mail($email, $subject, $message, $headers))
{
mysql_query("INSERT INTO w_members SET nom='".$nom."',pass='".md5($pass)."',email='".$email."',heure='".$heure."',session='".$session."',IP='".$IP."';");		// We insert the data into the waiting table

echo 'Thank you.<br/>An e-mail was sent to '.$email.'. Please check your e-mail and confirm your membership within '.$validity.' days.';
}
else {$er.='We weren&#39;t able to send you the confirmation e-mail. Please contact the webmaster.<br/>';}
}	//**** IF NO ERROR - END

mysql_close();
}	// If the form has been filled - END


else if(isset($_GET["code"]))					// If a code is entered
{
mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to database");
mysql_select_db($database) or die("Unable to select database");

$heure=time();
$heure2=$heure-$valid2;						// We delete outdated codes
mysql_query("DELETE FROM w_members WHERE heure<".$heure2.";");

$session=htmlentities($_GET["code"], ENT_QUOTES);
$sql = "SELECT * FROM w_members WHERE session ='".$session."'";
$resultat = mysql_query($sql);

if(false==($ligne = mysql_fetch_assoc ($resultat))){$er.='This code is wrong or has expired, please fill in the form again.<br/>';}

if($er=='')
{	//**** IF NO ERROR - START

if(!isset($_GET["BL"]))						// If the user comes to confirm, we insert them into the members table and remove them from the waiting table
{
$nom=$ligne['nom'];
mysql_query("INSERT INTO members SET nom='".$nom."',pass='".$ligne['pass']."',email='".$ligne['email']."',IP='".$ligne['IP']."',heure='".$ligne['heure']."';");
mysql_query("DELETE FROM w_members WHERE session='".$session."'");

echo 'Thank you for confirming your inscription '.$nom.'. You are now a member of the site.';
}

else if($_GET["BL"]==1)						// If the user comes to be blacklisted, we ask for a confirmation
{
echo 'Click <a href="'.$_SERVER["PHP_SELF"].'?code='.$session.'&BL=2">here</a> to blacklist your e-mail. This CANNOT be undone.';
}

else								// If the user confirms they want to be blacklisted,  we insert them into the blacklist and remove them from the waiting table
{
$email=$ligne['email'];
mysql_query("INSERT INTO blackl SET email='".$email."',IP='".$ligne['IP']."',heure='".$ligne['heure']."';");
mysql_query("DELETE FROM w_members WHERE session='".$session."'");

echo 'Your e-mail, '.$email.', has been blacklisted. You won&#39;t receive anymore e-mails from us.';
}
}	//**** IF NO ERROR - END

mysql_close();
}	// If a code is entered - END



else{show_form();}		// If there is no form submitted nor a code, we show the form

if($er!='' && isset($_POST["email"])){show_form($nom,$pass,$pass2,$email,$er);}
else if($er!='' && !isset($_POST["email"])){show_form('','','','',$er);}

//************ Form display function
function show_form($nom="",$pass="",$pass2="",$email="",$er='')
{
echo '<div style="font-weight:bold;">'.$er.'</div>
Please fill in the sign up form :<br/>
<form action="'.$_SERVER["PHP_SELF"].'" method="post">
<table>
<tr>
<td><label for="nom">Desired login</label> :</td><td><input type="text" name="nom" id="nom" size="50" maxlength="20" value="'.$nom.'" /></td>
</tr>

<tr>
<td><label for="pass">Password</label> :</td><td><input type="password" name="pass" id="pass" size="50" maxlength="20" value="'.$pass.'" /></td>
</tr>

<tr>
<td><label for="pass2">Confirm password</label> :</td><td><input type="password" name="pass2" id="pass2" size="50" maxlength="20" value="'.$pass2.'" /></td>
</tr>

<tr>
<td><label for="email">E-mail</label> :</td><td><input type="text" name="email" id="email" size="50" maxlength="100" value="'.$email.'" /></td>
</tr>
<tr><td colspan="2" style="text-align:center;"><input type="submit" value=" Sign Up " /></td></tr>
</table>
</form>';
}

?>

 

and my page code is:

 

<?php

include("connect");
include("header");
if(isset($action_signup))
{	
if(($email != '') && ($username != '') && ($password != '') && ($country !='') && ($gender != '') && ($birthday_mon != '') && ($birthday_yr != '') && ($birthday_day != ''))
{
	$query = "select * from user where username = '$username' and status = 'ACTIVE'";
	$result = mysql_query($query);
	$num = mysql_num_rows($result);
	if($num < 1)
	{
		$date_of_birth = $birthday_yr."-".$birthday_mon."-".$birthday_day;
		$signup = date("Y-m-d");	
		if(isset($newsletter))
			$newsletter = "YES";
		else
			$newsletter = 'NO';	

		$insert_query = "insert into user (email,username,password,country,gender,date_of_birth,signup,newsletter,terms) 
		values('$email','$username','$password','$country','$gender','$date_of_birth','$signup','$newsletter', '$terms')";
		$insert_result = mysql_query($insert_query);
		$newUserInsertId = mysql_insert_id();
		if($refUser != '')
		{		
			$update_friends = "update friends set status = 'CONFIRM',friend_id ='$newUserInsertId' where user_reference_id = '$refUser' and status = 'ACITVE'";
			$update_result = mysql_query($update_friends);
		}	
		if(isset($insert_result))
		{
		$message = 'HTML GOES HERE';
            $subject = "Welcome to Music4Play.com!";
            $email = "$email";
		$headers .= 'From: Music4Play.com <[email protected]>' . "\r\n";
		$headers  = 'MIME-Version: 1.0' . "\r\n";
            $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
            mail($email,$subject,$message,$headers);
		header("Location:login");

		}	
	}
	else
	{
		$ERROR = "Username Already Present.";
	}	
}
else
{
	$ERROR = "Please enter mandatory fields";
}	
}

?>
<script type="text/javascript" src="<?php echo $JAVA_SCRIPT_FILE_PATH ?>"></script>
<script language="JavaScript" type="text/javascript">
<!--
function MM_reloadPage(init) {  //reloads the window if Nav4 resized
  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
// -->
/*FUNCTION FOR THE EMAIL VALIDATIONS*/
function emailCheck (emailStr) {
/* The following pattern is used to check if the entered e-mail address
   fits the user@domain format.  It also is used to separate the username
   from the domain. */
var emailPat=/^(.+)@(.+)$/
/* The following string represents the pattern for matching all special
   characters.  We don't want to allow special characters in the address.
   These characters include ( ) < > @ , ; : \ " . [ ]    */
var specialChars="\\(\\)<>@,;:\\\\\\\"\\.\\[\\]"
/* The following string represents the range of characters allowed in a
   username or domainname.  It really states which chars aren't allowed. */
var validChars="\[^\\s" + specialChars + "\]"
/* The following pattern applies if the "user" is a quoted string (in
   which case, there are no rules about which characters are allowed
   and which aren't; anything goes).  E.g. "jiminy cricket"@disney.com
   is a legal e-mail address. */
var quotedUser="(\"[^\"]*\")"
/* The following pattern applies for domains that are IP addresses,
   rather than symbolic names.  E.g. joe@[123.124.233.4] is a legal
   e-mail address. NOTE: The square brackets are required. */
var ipDomainPat=/^\[(\d)\.(\d)\.(\d)\.(\d)\]$/
/* The following string represents an atom (basically a series of
   non-special characters.) */
var atom=validChars + '+'
/* The following string represents one word in the typical username.
   For example, in [email protected], john and doe are words.
   Basically, a word is either an atom or quoted string. */
var word="(" + atom + "|" + quotedUser + ")"
// The following pattern describes the structure of the user
var userPat=new RegExp("^" + word + "(\\." + word + ")*$")
/* The following pattern describes the structure of a normal symbolic
   domain, as opposed to ipDomainPat, shown above. */
var domainPat=new RegExp("^" + atom + "(\\." + atom +")*$")


/* Finally, let's start trying to figure out if the supplied address is
   valid. */

/* Begin with the coarse pattern to simply break up user@domain into
   different pieces that are easy to analyze. */
var matchArray=emailStr.match(emailPat)
if (matchArray==null) {
  /* Too many/few @'s or something; basically, this address doesn't
     even fit the general mould of a valid e-mail address. */
        alert("Email address seems incorrect (check @ and .'s)")
        return false
}
var user=matchArray[1]
var domain=matchArray[2]

// See if "user" is valid
if (user.match(userPat)==null) {
    // user is not valid
    alert("The username doesn't seem to be valid.")
    return false
}

/* if the e-mail address is at an IP address (as opposed to a symbolic
   host name) make sure the IP address is valid. */
var IPArray=domain.match(ipDomainPat)
if (IPArray!=null) {
    // this is an IP address
          for (var i=1;i<=4;i++) {
            if (IPArray[i]>255) {
                alert("Destination IP address is invalid!")
                return false
            }
    }
    return true
}

// Domain is symbolic name
var domainArray=domain.match(domainPat)
if (domainArray==null) {
        alert("The domain name doesn't seem to be valid.")
    return false
}

/* domain name seems valid, but now make sure that it ends in a
   three-letter word (like com, edu, gov) or a two-letter word,
   representing country (uk, nl), and that there's a hostname preceding
   the domain or country. */

/* Now we need to break up the domain to get a count of how many atoms
   it consists of. */
var atomPat=new RegExp(atom,"g")
var domArr=domain.match(atomPat)
var len=domArr.length
if (domArr[domArr.length-1].length<2 ||
    domArr[domArr.length-1].length>3) {
   // the address must end in a two letter or three letter word.
   alert("The address must end in a three-letter domain, or two letter country.")
   return false
}

// Make sure there's a host name preceding the domain.
if (len<2) {
   var errStr="This address is missing a hostname!"
   alert(errStr)
   return false
}

// If we've gotten this far, everything's valid!
return true;
}
//  End -->
/*FUNCTION ENDS HERE*/
function check()
{	
if (emailCheck(document.registration.email.value)==false)
          {
          	document.registration.email.focus();
          	return false;
          }
if (document.registration.username.value=='')
          {
	  	alert("Please enter username");
          	document.registration.username.focus();
          	return false;
          }			  
if (document.registration.password.value=='')
          {
	  	alert("Please enter password");
          	document.registration.password.focus();
          	return false;	
          }
if (document.registration.confirm_password.value=='')
          {
	  	alert("Please enter confirm_password");
          	document.registration.confirm_password.focus();
          	return false;
          }			  
if (document.registration.password.value != document.registration.confirm_password.value)
          {
	  	alert("Password and confirm password should be same");          	
		document.registration.password.value = '';
		document.registration.confirm_password.value = '';
		document.registration.password.focus();			
          	return false;
          }	    	  
if (document.registration.country.value=='')
          {
	  	alert("Please select Country");
          	document.registration.country.focus();
          	return false;
          }
if (document.registration.terms.value=='')
          {
	  	alert("You MUST agree to our terms and conditions before you can signup!");
          	document.registration.terms.focus();
          	return false;
          }						  
if (document.registration.gender.value=='')
          {
	  	alert("Please enter gender");
          	document.registration.gender.focus();
          	return false;
          }	
if (document.registration.birthday_mon.value=='')
          {
	  	alert("Please select birthday month");
          	document.registration.birthday_mon.focus();
          	return false;
          }	

if (document.registration.birthday_day.value=='')
          {
	  	alert("Please enter birthday day");
          	document.registration.birthday_day.focus();
          	return false;
          }			  
if (document.registration.birthday_yr.value=='')
          {
	  	alert("Please enter birthday year");
          	document.registration.birthday_yr.focus();
          	return false;	
          } 
return true;	  
}     
</script>
<style type="text/css">
<!--
body {
background-image:url("../images/body_background.gif");
margin-left:auto;
margin-right:auto;
}
-->
</style>
<table align="center" width="780" class="frame">
  <tr>
    <td width="525" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td><table width="100%" style="height:450px;" class="page_content_frame">
              <tr>
                <td align="left" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td align="left" valign="top"><table width="100%"  border="0" cellspacing="2" cellpadding="0">
                          <tr>
                            <td width="16%" align="left" class="darkblue12"><img src="../images/signup.gif" alt="" width="146" height="15" /></td>
                          </tr>
                          <tr>
                            <td align="left" valign="top"><br />
                              <?
													echo('Joining');													  
												    echo " ".$SITENAME." "; 
												    echo('is free and easy. Just fill out the account information below.');
												   ?>
                              <div class="littleText" id="suRequiredTopDiv"> (
                                <?
														echo('All fields required');
													?>
                                )</div></td>
                          </tr>
                          <?php 
											  if(isset($ERROR))
											  {
											  ?>
                          <tr>
                            <td align="center"><font color="#FF0000">
                              <?php
														echo $ERROR;														
													?>
                              </font></td>
                          </tr>
                          <?php
											  }
											  if(isset($MSG))
											  {
											  ?>
                          <tr>
                            <td align="center"><font color="#FF0000">
                              <?php
														echo $MSG;														
													?>
                              </font></td>
                          </tr>
                          <?php
											  }
											  ?>
                          <tr>
                            <td align="left"><form action="#" method="post" name="registration" id="registration" onsubmit="return check();">
                                <?
												if($inv == 'accept')
												{
												?>
                                <input type="hidden" value="<? echo $ref ?>" name="refUser" />
                                <?	
												}
												?>
                                <table width="100%"  border="0" cellspacing="2" cellpadding="3">
                                  <tr>
                                    <td width="24%"><?
															echo('Email Address');
														 ?>
                                      :</td>
                                    <td width="76%"><input name="email" type="text" class="txtfield" value="<?php echo $_POST[email] ?>" />
                                      <span class="required"><?php echo('*'); ?></span></td>
                                  </tr>
                                  <tr>
                                    <td><?
															echo('User Name :');
														 ?>
                                    </td>
                                    <td><input name="username" type="text" class="txtfield" value="<?php echo $_POST[username] ?>" />
                                      <span class="required"><?php echo('*'); ?></span></td>
                                  </tr>
                                  <tr>
                                    <td><?
															echo('Password :');
														 ?>
                                    </td>
                                    <td><input name="password" type="password" class="txtfield" />
                                      <span class="required"><?php echo('*'); ?></span></td>
                                  </tr>
                                  <tr>
                                    <td><?
															echo('Confirm Password :');
														 ?>
                                    </td>
                                    <td><input name="confirm_password" type="password" class="txtfield" />
                                      <span class="required"><?php echo('*'); ?></span></td>
                                  </tr>
                                  <tr>
                                    <td><?
															echo('Country :');
														 ?>
                                    </td>
                                    <td><select name="country" class="dropmenu">
                                        <option value="" selected="selected">---</option>
                                        <?php
													  $query_country_list = "select * from countrylist";
													  $result_country_list = mysql_query($query_country_list);
													  while($rec_list = mysql_fetch_array($result_country_list))
													  {?>
                                        <option value="<?php echo $rec_list[isocode]?>" <?php if($rec_list[isocode] == $_POST[country]){echo 'selected';}?>><?php echo $rec_list[country]?></option>
                                        <?}?>
                                      </select>
                                      <span class="required"><?php echo('*'); ?></span> </td>
                                  </tr>
                                  <tr> </tr>
                                  <tr>
                                    <td><?
															echo('Gender :');
														 ?>
                                    </td>
                                    <td><input type="radio" value="Male" name="gender" <?php if($_POST[gender] == 'Male') { echo checked; } ?> />
                                      <?
															echo('Male');
														?>
                                       
                                      <input type="radio" value="Female" name="gender" <?php if($_POST[gender] == 'Female') { echo checked; } ?> />
                                      <?
															echo('Female');
														?>
                                      <span class="required"><?php echo('*'); ?></span></td>
                                  </tr>
                                  <tr>
                                    <td><?
															echo('Date Of Birth :');
														 ?>
                                    </td>
                                    <td><select name="birthday_mon" class="dropmenu">
                                        <option>---</option>
                                        <option value="1" <?php if($_POST[birthday_mon] == 1) { echo selected; } ?>><? echo ('Jan') ?></option>
                                        <option value="2" <?php if($_POST[birthday_mon] == 2) { echo selected; } ?>><? echo ('Feb') ?></option>
                                        <option value="3" <?php if($_POST[birthday_mon] == 3) { echo selected; } ?>><? echo ('Mar') ?></option>
                                        <option value="4" <?php if($_POST[birthday_mon] == 4) { echo selected; } ?>><? echo ('Apr') ?></option>
                                        <option value="5" <?php if($_POST[birthday_mon] == 5) { echo selected; } ?>><? echo ('May') ?></option>
                                        <option value="6" <?php if($_POST[birthday_mon] == 6) { echo selected; } ?>><? echo ('Jun') ?></option>
                                        <option value="7" <?php if($_POST[birthday_mon] == 7) { echo selected; } ?>><? echo ('Jul') ?></option>
                                        <option value="8" <?php if($_POST[birthday_mon] ==  { echo selected; } ?>><? echo ('Aug') ?></option>
                                        <option value="9" <?php if($_POST[birthday_mon] == 9) { echo selected; } ?>><? echo ('Sep') ?></option>
                                        <option value="10" <?php if($_POST[birthday_mon] == 10) { echo selected; } ?>><? echo ('Oct') ?></option>
                                        <option value="11" <?php if($_POST[birthday_mon] == 11) { echo selected; } ?>><? echo ('Nov') ?></option>
                                        <option value="12" <?php if($_POST[birthday_mon] == 12) { echo selected; } ?>><? echo ('Dec') ?></option>
                                      </select>
                                      <select name="birthday_day" class="dropmenu">
                                        <option value="---" selected="selected">---</option>
                                        <?php 
															for($i=1;$i<32;$i++)
															{ ?>
                                        <option value="<?php echo $i; ?>"><?php echo $i; ?></option>
                                        <?php }															
														  ?>
                                      </select>
                                      <select name="birthday_yr" class="dropmenu">
                                        <option value="---" selected="selected">---</option>
                                        <?php 
															for($i=1950;$i<1988;$i++)
															{ ?>
                                        <option value="<?php echo $i; ?>"><?php echo $i; ?></option>
                                        <?php }															
														  ?>
                                      </select>
                                      <span class="required"><?php echo('*'); ?></span></td>
                                  </tr>
                                  <tr>
                                    <td> </td>
                                    <td><input type="checkbox" checked="checked" value="YES" name="newsletter" />
                                      <?
																echo('Sign me up for the weekly newsletter');
															 ?>
                                    </td>
                                  </tr>
                                  <tr>
                                    <td> </td>
                                    <td><script language="JavaScript" type="text/javascript">
															 <!--																 	
																function MM_openBrWindow(theURL,winName,features) 
																{ 
																  window.open(theURL,winName,features);
																}
																//-->
															 </script>
                                      <b><?php echo ('By clicking signup you are agreeing to our'); ?><a href="#" onclick="MM_openBrWindow('<?php echo $SITEURL ?>terms_createacc','','resizable=no,width=560,height=600,status=no,scrollbars=1')"> <? echo ('terms of use'); ?></a></b></td>
                                  </tr>
                                  <tr>
                                    <td> </td>
                                    <td align="left"><input name="action_signup" type="submit" class="button" value="Signup" /></td>
                                  </tr>
                                </table>
                              </form></td>
                          </tr>
                        </table></td>
                    </tr>
                  </table></td>
              </tr>
            </table></td>
        </tr>
      </table></td>
    <td width="414" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td><table width="100%" style="height:450px;" class="page_content_frame">
              <tr>
                <td align="left" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td align="left" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                          <tr>
                            <td width="16%" align="left"><table width="100%"  border="0" cellspacing="2" cellpadding="0">
                                <tr>
                                  <td class="darkblue12"><img src="../images/login.gif" alt="" width="146" height="15" /></td>
                                </tr>
                                <tr>
                                  <td> </td>
                                </tr>
                                <form action="login" method="post" name="login" id="login">
                                  <tr>
                                    <td><table width="100%"  border="0" cellspacing="2" cellpadding="2">
                                        <tr>
                                          <td><?
															echo('User Name');
														?>
                                            :</td>
                                          <td><input name="username" type="text" class="txtfield" /></td>
                                        </tr>
                                        <tr>
                                          <td><?
															echo('Password');
														?>
                                            :</td>
                                          <td><input name="password" type="password" class="txtfield" /></td>
                                        </tr>
                                        <tr>
                                          <td> </td>
                                          <td><b>
                                            <?
															echo ('Forgot');
														?>
                                            :</b>  <a href="forgotuser">
                                            <?
															echo('Username');
														?>
                                            </a> | <a href="forgotpass">
                                            <?
															echo('Password');
														?>
                                            </a></td>
                                        </tr>
                                        <tr>
                                          <td> </td>
                                          <td><input name="submit" type="submit" class="button" value="GO" /></td>
                                        </tr>
                                      </table></td>
                                  </tr>
                                </form>
                                <tr>
                                  <td><h4>
                                      <?
															echo('What is');
														 ?>
                                      <? echo $SITENAME; ?></h4>
                                    <? echo $SITENAME; ?>
                                    <?
															echo('is a way to get your music to the people who matter to you');
														 ?>
                                    .<br />
                                    <?
															echo('With Music4play.com you can');
														 ?>
                                    :
                                    <ul>
                                      <li>
                                        <?
															echo('Upload, tag and share your music worldwide');
														 ?>
                                      </li>
                                      <li>
                                        <?
															echo('Browse thousands of original music uploaded by community members');
														 ?>
                                      </li>
                                      <li>
                                        <?
															echo('Find, join and create music groups to connect with people with similar interests');
														 ?>
                                      </li>
                                      <li>
                                        <?
															echo('Customize your experience with playlists and subscriptions');
														 ?>
                                      </li>
                                      <li>
                                        <?
																	echo('Integrate Music4Play.com with your website using audio embeds or APIs');
															 ?>
                                        . </li>
                                    </ul></td>
                                </tr>
                              </table></td>
                          </tr>
                        </table></td>
                    </tr>
                  </table></td>
              </tr>
            </table></td>
        </tr>
      </table></td>
  </tr>
</table>
<div class="footer">
  <?php include("bottom")?>
</div>

 

can someone please help me

It doesnt have to be that complicated :D, the easy way to get around this is to find some codes that generates a string of characters, you send this to your user by puting this function into your registeration page, and using the mail() function to get it to them. Meanwhile, you also need to create a record of that code in your mysql database, or any other ways you prefer to store it, on the activation page, put some codes that allows the code to be obtained from where you stored it, and then check it with what the user gave, you can do this:

$activationno = $_GET['activation'];
if ($activationno == $activation) {echo "You have successfully activated your account!";
//Here you might have to put some codes that tells your login page that the user had activated his/her account.

Hope that helps

Ted

 

You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password.

 

I would honestly never suggest this, as you're then sending the user's encrypted password over the internet. Never assume the internet is safe. If you're going to MD5 anything, make it some trivial bits of the user's registration, like username, any optional fields, etc. however, make sure you use more then one field in a pseudo-random order (at least not a highly predictable order, i.e. the way it's entered on the page).

You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password.

 

I would honestly never suggest this, as you're then sending the user's encrypted password over the internet. Never assume the internet is safe. If you're going to MD5 anything, make it some trivial bits of the user's registration, like username, any optional fields, etc. however, make sure you use more then one field in a pseudo-random order (at least not a highly predictable order, i.e. the way it's entered on the page).

 

to add to that, i could be wrong, but doesn't md5($string1) and md5($string1) have the exact same output? if that's the case, then i wouldn't use md5 at all, because the method of retrieving this info after the user has clicked the link in the email, and is taken to a page where this charset will be retrieved via $_GET method... if two people have the same password (which is very likely), then it will register all of them, not that particular one. to generate a random ID i use either $_SESSION, or this bit of code:

<?php
        /*generate unique id*/
        $totalChar = 30;
        $salt = "ABCDEFHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz00112233445566778899";
        srand((double)microtime()*1000000);
        $id = NULL;

        for($i = 0; $i < $totalChar; $i++){
                $id = $id . substr($salt, rand() % strlen($salt), 1);
        }
?>

You can also generate MD5 of users password and send it alongwith the activation URL. After user will come back you can match this MD5 with the MD5 of users password in database if you are storing plain text passwords or directly with password in database if you are using MD5 password.

 

I would honestly never suggest this, as you're then sending the user's encrypted password over the internet. Never assume the internet is safe. If you're going to MD5 anything, make it some trivial bits of the user's registration, like username, any optional fields, etc. however, make sure you use more then one field in a pseudo-random order (at least not a highly predictable order, i.e. the way it's entered on the page).

 

to add to that, i could be wrong, but doesn't md5($string1) and md5($string1) have the exact same output? if that's the case, then i wouldn't use md5 at all, because the method of retrieving this info after the user has clicked the link in the email, and is taken to a page where this charset will be retrieved via $_GET method... if two people have the same password (which is very likely), then it will register all of them, not that particular one. to generate a random ID i use either $_SESSION, or this bit of code:

 

Yes, md5("monkey") will always churn out the same output. Even if monkey is stored in $string1, $string2, passed in statically, or in a constant.

 

Also, your second point is why I don't suggest using the password as the md5 hash. Using multiple fields (and actually, make sure at least one is unique per user) will prevent the output from ever being the same, or at the very least make it highly unlikely to ever be the same.

try adding this

 

<?php
$validation = md5(rand(1, 1000));
		$insert_query = "insert into user (email,username,password,country,gender,date_of_birth,signup,newsletter,terms, activated,validation_code) 
		values('$email','$username','$password','$country','$gender','$date_of_birth','$signup','$newsletter', '$terms', '0',  '$validation')";
		$insert_result = mysql_query($insert_query);

 

Now when you send your email, make the link look something like this

 

<a href="http://Music4Play.com/validate.php?user=$username&code=<? echo $validation; ?>">Activate</a>

 

Then now on validate.php

<?php
$username = $_GET['user'];
$code=$_GET['code'];

$sql = "SELECT userid FROM user WHERE username = '$username' AND validation_code = '$code'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res);
$rows = mysql_num_rows($res);
if($rows > 0){
$update = UPDATE users SET activated = '1' AND validation_code = '' WHERE userid = '".$row['userid']."'";
  if(mysql_query($update)){
  echo "Your account has been activated";
  } else {
  echo "Your validation code is invalid";
  }
} else {
echo "username and validation code do not match";
}

 

Ray

Thanks, for some reason I can't modify my post?!?!?!

 

this forum SMF has a feature where you can timeout the user edit posts feature. after a certain amount of time has passed from the time the user submitted the post, the user cannot edit that post.

Hi,

 

Thanks for the help so far! everything is working fine (so i can see) exept the url sent in the email is refusing to display the code or user id. any ideas?

======================================================

 

A quick update to this:

 

When i try to manualy validate a uer all i get is:Your validation code is invalid

 

 

Any ideas?

 

i assume these problems are related. try printing out these variables before you put them into a query or send mail.

Hi,

 

Thanks for the help so far! everything is working fine (so i can see) exept the url sent in the email is refusing to display the code or user id. any ideas?

======================================================

 

A quick update to this:

 

When i try to manualy validate a uer all i get is:Your validation code is invalid

 

 

Any ideas?

 

i assume these problems are related. try printing out these variables before you put them into a query or send mail.

 

I have sorted out the problem of the invalid code (it was reading from the wrong database) but how do i sort the email url. i dont have a clue!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.