steviez Posted February 22, 2007 Share Posted February 22, 2007 Hi, I recently had some help from members of this froum to create a validation code that was sent to users upon signup of my site. The problem i am having is this: When they sign up they get a welcome email containing their confirmation link to click on, now in my code it is this: <a href="http://www.mysite.com/validate?user=$username&code=$validation" target="_blank"> The problem is that that is exactly how it is sent to the user, it should have the username and code. The next problem is that even if the users do not validate their acounts they can still login, do i need to put some code in to my login page to make them validate before login? Please could someone help? Steve Link to comment https://forums.phpfreaks.com/topic/39688-solved-help/ Share on other sites More sharing options...
trq Posted February 22, 2007 Share Posted February 22, 2007 For your first question were going to need to see your code. For the second, one solution would be to have a flag set (valid) within a field in the database once and only once the users email has been confirmed. Link to comment https://forums.phpfreaks.com/topic/39688-solved-help/#findComment-191612 Share on other sites More sharing options...
steviez Posted February 22, 2007 Author Share Posted February 22, 2007 My code for the signup page is as follows: <?php include("connect"); include("header"); if(isset($action_signup)) { if(($email != '') && ($username != '') && ($password != '') && ($country !='') && ($gender != '') && ($birthday_mon != '') && ($birthday_yr != '') && ($birthday_day != '')) { $query = "select * from user where username = '$username' and status = 'ACTIVE'"; $result = mysql_query($query); $num = mysql_num_rows($result); if($num < 1) { $date_of_birth = $birthday_yr."-".$birthday_mon."-".$birthday_day; $signup = date("Y-m-d"); if(isset($newsletter)) $newsletter = "YES"; else $newsletter = 'NO'; $validation = md5(rand(1, 1000)); $insert_query = "insert into user (email,username,password,country,gender,date_of_birth,signup,newsletter,terms, activated,validation_code) values('$email','$username','$password','$country','$gender','$date_of_birth','$signup','$newsletter', '$terms', '0', '$validation')"; $insert_result = mysql_query($insert_query); if($refUser != '') { $update_friends = "update friends set status = 'CONFIRM',friend_id ='$newUserInsertId' where user_reference_id = '$refUser' and status = 'ACITVE'"; $update_result = mysql_query($update_friends); } if(isset($insert_result)) { $message = '<html> <head> <title>Welcome To Music4Play.com</title> </head> <body> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody> <tr valign="top"> <td><div> <h2>Thank You for Signing Up!</h2> <p>You\'ve taken the next step in becoming part of the Music4Play community. Now that you\'re a member, you can rate music, but to leave comments or upload your own music to the site, you\'ll first need to confirm your email by <a href="http://www.music4play.com/validate?user=$username&code=$validation" target="_blank">Clicking Here</a>, or pasting the following link into your browser:<br /> <br /> <a href="http://www.music4play.com/validate?user=$username&code=$validation" target="_blank">http://www.music4play.com/validate?</a> <br /> <br /> Please take a look at our <a href="http://www.music4play.com/terms" target="_blank">Terms of Use</a> and <a href="http://www.music4play.com/copyright" target="_blank">Copyright Tips</a> before uploading so that you understand what\'s allowed on the site.</p> <p>To get you started, here are some of the things you can do with Music4Play:</p> <ul> <li><a href="http://www.music4play.com/upload" target="_blank">Upload</a> and share your music worldwide</li> <li><a href="http://www.music4play.com/audios/browse" target="_blank">Browse</a> millions of original and unsigned tracks</li> <li>Find, join and create groups to connect with people who have similar interests</li> <li>Customize your experience with playlists and subscriptions</li> <li>Integrate Music4Play with your website using audio embeds or APIs</li> </ul> <p>There\'s a lot more to explore, and more features are always in the works. Thanks for signing up, and we hope you enjoy the site!</p> <p>The <a href="http://www.music4play.com/contact" target="_blank">Music4Play Team</a></p> </div></td> </tr> </tbody> </table> </body> </html> '; $subject = "Welcome to Music4Play.com!"; $email = "$email"; $headers .= 'From: Music4Play.com <[email protected]>' . "\r\n"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($email,$subject,$message,$headers); header("Location:login"); } } else { $ERROR = "Username Already Present."; } } else { $ERROR = "Please enter mandatory fields"; } } ?> <script type="text/javascript" src="<?php echo $JAVA_SCRIPT_FILE_PATH ?>"></script> <script language="JavaScript" type="text/javascript"> <!-- function MM_reloadPage(init) { //reloads the window if Nav4 resized if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) { document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload(); } MM_reloadPage(true); // --> /*FUNCTION FOR THE EMAIL VALIDATIONS*/ function emailCheck (emailStr) { /* The following pattern is used to check if the entered e-mail address fits the user@domain format. It also is used to separate the username from the domain. */ var emailPat=/^(.+)@(.+)$/ /* The following string represents the pattern for matching all special characters. We don't want to allow special characters in the address. These characters include ( ) < > @ , ; : \ " . [ ] */ var specialChars="\\(\\)<>@,;:\\\\\\\"\\.\\[\\]" /* The following string represents the range of characters allowed in a username or domainname. It really states which chars aren't allowed. */ var validChars="\[^\\s" + specialChars + "\]" /* The following pattern applies if the "user" is a quoted string (in which case, there are no rules about which characters are allowed and which aren't; anything goes). E.g. "jiminy cricket"@disney.com is a legal e-mail address. */ var quotedUser="(\"[^\"]*\")" /* The following pattern applies for domains that are IP addresses, rather than symbolic names. E.g. joe@[123.124.233.4] is a legal e-mail address. NOTE: The square brackets are required. */ var ipDomainPat=/^\[(\d)\.(\d)\.(\d)\.(\d)\]$/ /* The following string represents an atom (basically a series of non-special characters.) */ var atom=validChars + '+' /* The following string represents one word in the typical username. For example, in [email protected], john and doe are words. Basically, a word is either an atom or quoted string. */ var word="(" + atom + "|" + quotedUser + ")" // The following pattern describes the structure of the user var userPat=new RegExp("^" + word + "(\\." + word + ")*$") /* The following pattern describes the structure of a normal symbolic domain, as opposed to ipDomainPat, shown above. */ var domainPat=new RegExp("^" + atom + "(\\." + atom +")*$") /* Finally, let's start trying to figure out if the supplied address is valid. */ /* Begin with the coarse pattern to simply break up user@domain into different pieces that are easy to analyze. */ var matchArray=emailStr.match(emailPat) if (matchArray==null) { /* Too many/few @'s or something; basically, this address doesn't even fit the general mould of a valid e-mail address. */ alert("Email address seems incorrect (check @ and .'s)") return false } var user=matchArray[1] var domain=matchArray[2] // See if "user" is valid if (user.match(userPat)==null) { // user is not valid alert("The username doesn't seem to be valid.") return false } /* if the e-mail address is at an IP address (as opposed to a symbolic host name) make sure the IP address is valid. */ var IPArray=domain.match(ipDomainPat) if (IPArray!=null) { // this is an IP address for (var i=1;i<=4;i++) { if (IPArray[i]>255) { alert("Destination IP address is invalid!") return false } } return true } // Domain is symbolic name var domainArray=domain.match(domainPat) if (domainArray==null) { alert("The domain name doesn't seem to be valid.") return false } /* domain name seems valid, but now make sure that it ends in a three-letter word (like com, edu, gov) or a two-letter word, representing country (uk, nl), and that there's a hostname preceding the domain or country. */ /* Now we need to break up the domain to get a count of how many atoms it consists of. */ var atomPat=new RegExp(atom,"g") var domArr=domain.match(atomPat) var len=domArr.length if (domArr[domArr.length-1].length<2 || domArr[domArr.length-1].length>3) { // the address must end in a two letter or three letter word. alert("The address must end in a three-letter domain, or two letter country.") return false } // Make sure there's a host name preceding the domain. if (len<2) { var errStr="This address is missing a hostname!" alert(errStr) return false } // If we've gotten this far, everything's valid! return true; } // End --> /*FUNCTION ENDS HERE*/ function check() { if (emailCheck(document.registration.email.value)==false) { document.registration.email.focus(); return false; } if (document.registration.username.value=='') { alert("Please enter username"); document.registration.username.focus(); return false; } if (document.registration.password.value=='') { alert("Please enter password"); document.registration.password.focus(); return false; } if (document.registration.confirm_password.value=='') { alert("Please enter confirm_password"); document.registration.confirm_password.focus(); return false; } if (document.registration.password.value != document.registration.confirm_password.value) { alert("Password and confirm password should be same"); document.registration.password.value = ''; document.registration.confirm_password.value = ''; document.registration.password.focus(); return false; } if (document.registration.country.value=='') { alert("Please select Country"); document.registration.country.focus(); return false; } if (document.registration.terms.value=='') { alert("You MUST agree to our terms and conditions before you can signup!"); document.registration.terms.focus(); return false; } if (document.registration.gender.value=='') { alert("Please enter gender"); document.registration.gender.focus(); return false; } if (document.registration.birthday_mon.value=='') { alert("Please select birthday month"); document.registration.birthday_mon.focus(); return false; } if (document.registration.birthday_day.value=='') { alert("Please enter birthday day"); document.registration.birthday_day.focus(); return false; } if (document.registration.birthday_yr.value=='') { alert("Please enter birthday year"); document.registration.birthday_yr.focus(); return false; } return true; } </script> <style type="text/css"> <!-- body { background-image:url("../images/body_background.gif"); margin-left:auto; margin-right:auto; } --> </style> <table align="center" width="780" class="frame"> <tr> <td width="525" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><table width="100%" style="height:450px;" class="page_content_frame"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td width="16%" align="left" class="darkblue12"><img src="../images/signup.gif" alt="" width="146" height="15" /></td> </tr> <tr> <td align="left" valign="top"><br /> <? echo('Joining'); echo " ".$SITENAME." "; echo('is free and easy. Just fill out the account information below.'); ?> <div class="littleText" id="suRequiredTopDiv"> ( <? echo('All fields required'); ?> )</div></td> </tr> <?php if(isset($ERROR)) { ?> <tr> <td align="center"><font color="#FF0000"> <?php echo $ERROR; ?> </font></td> </tr> <?php } if(isset($MSG)) { ?> <tr> <td align="center"><font color="#FF0000"> <?php echo $MSG; ?> </font></td> </tr> <?php } ?> <tr> <td align="left"><form action="#" method="post" name="registration" id="registration" onsubmit="return check();"> <? if($inv == 'accept') { ?> <input type="hidden" value="<? echo $ref ?>" name="refUser" /> <? } ?> <table width="100%" border="0" cellspacing="2" cellpadding="3"> <tr> <td width="24%"><? echo('Email Address'); ?> :</td> <td width="76%"><input name="email" type="text" class="txtfield" value="<?php echo $_POST[email] ?>" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('User Name :'); ?> </td> <td><input name="username" type="text" class="txtfield" value="<?php echo $_POST[username] ?>" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Password :'); ?> </td> <td><input name="password" type="password" class="txtfield" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Confirm Password :'); ?> </td> <td><input name="confirm_password" type="password" class="txtfield" /> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Country :'); ?> </td> <td><select name="country" class="dropmenu"> <option value="" selected="selected">---</option> <?php $query_country_list = "select * from countrylist"; $result_country_list = mysql_query($query_country_list); while($rec_list = mysql_fetch_array($result_country_list)) {?> <option value="<?php echo $rec_list[isocode]?>" <?php if($rec_list[isocode] == $_POST[country]){echo 'selected';}?>><?php echo $rec_list[country]?></option> <?}?> </select> <span class="required"><?php echo('*'); ?></span> </td> </tr> <tr> </tr> <tr> <td><? echo('Gender :'); ?> </td> <td><input type="radio" value="Male" name="gender" <?php if($_POST[gender] == 'Male') { echo checked; } ?> /> <? echo('Male'); ?> <input type="radio" value="Female" name="gender" <?php if($_POST[gender] == 'Female') { echo checked; } ?> /> <? echo('Female'); ?> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td><? echo('Date Of Birth :'); ?> </td> <td><select name="birthday_mon" class="dropmenu"> <option>---</option> <option value="1" <?php if($_POST[birthday_mon] == 1) { echo selected; } ?>><? echo ('Jan') ?></option> <option value="2" <?php if($_POST[birthday_mon] == 2) { echo selected; } ?>><? echo ('Feb') ?></option> <option value="3" <?php if($_POST[birthday_mon] == 3) { echo selected; } ?>><? echo ('Mar') ?></option> <option value="4" <?php if($_POST[birthday_mon] == 4) { echo selected; } ?>><? echo ('Apr') ?></option> <option value="5" <?php if($_POST[birthday_mon] == 5) { echo selected; } ?>><? echo ('May') ?></option> <option value="6" <?php if($_POST[birthday_mon] == 6) { echo selected; } ?>><? echo ('Jun') ?></option> <option value="7" <?php if($_POST[birthday_mon] == 7) { echo selected; } ?>><? echo ('Jul') ?></option> <option value="8" <?php if($_POST[birthday_mon] == { echo selected; } ?>><? echo ('Aug') ?></option> <option value="9" <?php if($_POST[birthday_mon] == 9) { echo selected; } ?>><? echo ('Sep') ?></option> <option value="10" <?php if($_POST[birthday_mon] == 10) { echo selected; } ?>><? echo ('Oct') ?></option> <option value="11" <?php if($_POST[birthday_mon] == 11) { echo selected; } ?>><? echo ('Nov') ?></option> <option value="12" <?php if($_POST[birthday_mon] == 12) { echo selected; } ?>><? echo ('Dec') ?></option> </select> <select name="birthday_day" class="dropmenu"> <option value="---" selected="selected">---</option> <?php for($i=1;$i<32;$i++) { ?> <option value="<?php echo $i; ?>"><?php echo $i; ?></option> <?php } ?> </select> <select name="birthday_yr" class="dropmenu"> <option value="---" selected="selected">---</option> <?php for($i=1950;$i<1988;$i++) { ?> <option value="<?php echo $i; ?>"><?php echo $i; ?></option> <?php } ?> </select> <span class="required"><?php echo('*'); ?></span></td> </tr> <tr> <td> </td> <td><input type="checkbox" checked="checked" value="YES" name="newsletter" /> <? echo('Sign me up for the weekly newsletter'); ?> </td> </tr> <tr> <td> </td> <td><script language="JavaScript" type="text/javascript"> <!-- function MM_openBrWindow(theURL,winName,features) { window.open(theURL,winName,features); } //--> </script> <b><?php echo ('By clicking signup you are agreeing to our'); ?><a href="#" onclick="MM_openBrWindow('<?php echo $SITEURL ?>terms_createacc','','resizable=no,width=560,height=600,status=no,scrollbars=1')"> <? echo ('terms of use'); ?></a></b></td> </tr> <tr> <td> </td> <td align="left"><input name="action_signup" type="submit" class="button" value="Signup" /></td> </tr> </table> </form></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> <td width="414" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><table width="100%" style="height:450px;" class="page_content_frame"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="16%" align="left"><table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td class="darkblue12"><img src="../images/login.gif" alt="" width="146" height="15" /></td> </tr> <tr> <td> </td> </tr> <form action="login" method="post" name="login" id="login"> <tr> <td><table width="100%" border="0" cellspacing="2" cellpadding="2"> <tr> <td><? echo('User Name'); ?> :</td> <td><input name="username" type="text" class="txtfield" /></td> </tr> <tr> <td><? echo('Password'); ?> :</td> <td><input name="password" type="password" class="txtfield" /></td> </tr> <tr> <td> </td> <td><b> <? echo ('Forgot'); ?> :</b> <a href="forgotuser"> <? echo('Username'); ?> </a> | <a href="forgotpass"> <? echo('Password'); ?> </a></td> </tr> <tr> <td> </td> <td><input name="submit" type="submit" class="button" value="GO" /></td> </tr> </table></td> </tr> </form> <tr> <td><h4> <? echo('What is'); ?> <? echo $SITENAME; ?></h4> <? echo $SITENAME; ?> <? echo('is a way to get your music to the people who matter to you'); ?> .<br /> <? echo('With Music4play.com you can'); ?> : <ul> <li> <? echo('Upload, tag and share your music worldwide'); ?> </li> <li> <? echo('Browse thousands of original music uploaded by community members'); ?> </li> <li> <? echo('Find, join and create music groups to connect with people with similar interests'); ?> </li> <li> <? echo('Customize your experience with playlists and subscriptions'); ?> </li> <li> <? echo('Integrate Music4Play.com with your website using audio embeds or APIs'); ?> . </li> </ul></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> </table> <div class="footer"> <?php include("bottom")?> </div> Thanks Link to comment https://forums.phpfreaks.com/topic/39688-solved-help/#findComment-191615 Share on other sites More sharing options...
trq Posted February 22, 2007 Share Posted February 22, 2007 Variables are not parsed when within single quotes, you will need to escape out of a string and back. eg; <a href="http://www.music4play.com/validate?user='. $username .'&code='. $validation.'" target="_blank">htt Link to comment https://forums.phpfreaks.com/topic/39688-solved-help/#findComment-191627 Share on other sites More sharing options...
magic2goodil Posted February 22, 2007 Share Posted February 22, 2007 Also if you want to make sure they must validate first, put an extra field in your database. Call it locked or something, then you could use it for more than one thing. The default for it should be set to 1. Treat that as a boolean. 1 if it is locked, 0 if not. Once the user validates their email with your link, set it to 0. Write a validation script along with where you already coded to see if the user exists and is using correct login to also check to see if their account is locked or not. What I said about using that locked for the future, you could use it also if you set a certain amount of login tries for a user. if they try too many times unsuccessfully, boom, locked is set to 1 for a certain amount of time. And your original code that checked to see if their account was locked because of non-validation will also work again for users locked out from too many login attempts. Just some ideas eh Link to comment https://forums.phpfreaks.com/topic/39688-solved-help/#findComment-191632 Share on other sites More sharing options...
steviez Posted February 22, 2007 Author Share Posted February 22, 2007 Thank you guys, once again this forum works! Thanks, Steve Link to comment https://forums.phpfreaks.com/topic/39688-solved-help/#findComment-191633 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.