Jump to content

[SOLVED] user activation not working

runnerjp

By runnerjp
in PHP Coding Help

 Share

Recommended Posts

runnerjp Advanced Member

runnerjp

Posted
Posted

ok this is how it goes

 

when a user signes up the status is set to 0

 

then they are sent an email containing 

<?php function sendWelcome($user, $email, $pass){
      $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
      $subject = "runnerselite - Welcome!";
      $body = $user.",\n\n"
             ."Welcome! You've just registered at runnerselite"
             ."with the following information:\n\n"
             ."Username: ".$user."\n"
             ."Password: ".$pass."\n\n"             
             ."$url = 'http://www.runnerselite.com/website/activate.php?hash='.md5".$password.".'&stamp='.base64_encode".$time.";

      return mail($email,$subject,$body,$from); ?>

 

only 'http://www.runnerselite.com/website/activate.php?hash= is highlighted and '.md5".$password.".'&stamp='.base64_encode".$time."; does not even work

 

also when sent to activate.php it shows the text :S

 

<?php 
UPDATE users
SET status = 1
WHERE (password = "'.md5($_GET['hash']).'") AND (timestamp = '.base64_decode($_GET['stamp'].') ?>

 

 

any 1 able to help?

Link to comment
https://forums.phpfreaks.com/topic/51824-solved-user-activation-not-working/
Share on other sites
Lumio Member

Lumio

Posted
Posted

You have an error in you code:

."$url = 'http://www.runnerselite.com/website/activate.php?hash='.md5".$password.".'&stamp='.base64_encode".$time.";

You see the highlighting?

This is right:

."$url = 'http://www.runnerselite.com/website/activate.php?hash=".md5($password)."&stamp=".base64_encode($time);

 

Ahm... why are you sending the password of an user? Thats a security risc!

runnerjp Advanced Member

runnerjp

Posted
  • Author
Posted

ok iv taken out  ."Password: ".$pass."\n\n"  so no password sent...cheers for heads up on that 1

 

ok im now getting

Parse error: syntax error, unexpected T_STRING in /home/runnerse/public_html/website/activate.php on line 2

when i access

 

<?php 
UPDATE users
SET status = 1
WHERE (password = "'.md5($_GET['password']).'") AND (timestamp = '.base64_decode($_GET['time'].') ?>

taith Regular Member

taith

Posted
Posted

agreed... passwords should only be kept in the database... only ever!

instead... use something like this...

 

<?php
function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
$key=randomkeys(rand(20,40));
?>

 

which creates a random key between 20-40 characters long, store that into the database, and send via email with a link, containing a link with that key & userid... which inturn forwards onto the database activating by that key & userid...

runnerjp Advanced Member

runnerjp

Posted
  • Author
Posted

ahh thats a good idea... would it look somethign like this

 

function addNewUser($username, $password, $email, $activation){
      $time = time();
      /* If admin sign up, give admin user level */
      if(strcasecmp($username, ADMIN_NAME) == 0){
         $ulevel = ADMIN_LEVEL;
      }else{
         $ulevel = USER_LEVEL;
      }
function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
$key=randomkeys(rand(20,40));
      $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $activation)";
      return mysql_query($q, $this->connection);
   }

taith Regular Member

taith

Posted
Posted 
function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
function addNewUser($username, $password, $email, $activation){
$time = time();
if(strcasecmp($username, ADMIN_NAME) == 0){
 $ulevel = ADMIN_LEVEL;
}else{
 $ulevel = USER_LEVEL;
}
$key=randomkeys(rand(20,40));
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $activation)";
return mysql_query($q, $this->connection);
}

runnerjp Advanced Member

runnerjp

Posted
  • Author
Posted

but i used this

 

function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
function addNewUser($username, $password, $email, $activation){
$time = time();
if(strcasecmp($username, ADMIN_NAME) == 0){
  $ulevel = ADMIN_LEVEL;
}else{
  $ulevel = USER_LEVEL;
}
$key=randomkeys(rand(20,40));
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $activation)";
return mysql_query($q, $this->connection);
}

 

 

so both functions do exist :s

runnerjp Advanced Member

runnerjp

Posted
  • Author
Posted

chnaged it to 

<?php /**
    * addNewUser - Inserts the given (username, password, email)
    * info into the database. Appropriate user level is set.
    * Returns true on success, false otherwise.
    */

   function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
function addNewUser($username, $password, $email){
$time = time();
if(strcasecmp($username, ADMIN_NAME) == 0){
  $ulevel = ADMIN_LEVEL;
}else{
  $ulevel = USER_LEVEL;
}
$key=randomkeys(rand(20,40));
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $activation)";
return mysql_query($q, $this->connection);
} ?>

 

as the users is not entering the activation...the code it and i still get the error

runnerjp Advanced Member

runnerjp

Posted
  • Author
Posted

the error im getting is

Fatal error: Call to undefined function: randomkeys()

 

 

 

<?php function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
function addNewUser($username, $password, $email){
$time = time();
if(strcasecmp($username, ADMIN_NAME) == 0){
  $ulevel = ADMIN_LEVEL;
}else{
  $ulevel = USER_LEVEL;
}
$key=randomkeys(rand(20,40));
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $key)";
return mysql_query($q, $this->connection);
}?>

Lumio Member

Lumio

Posted
Posted

try to make linebreaks after <?php:

<?php
function randomkeys($length){
$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};
return $key;
}
function addNewUser($username, $password, $email){
$time = time();
if(strcasecmp($username, ADMIN_NAME) == 0){
  $ulevel = ADMIN_LEVEL;
}else{
  $ulevel = USER_LEVEL;
}
$key=randomkeys(rand(20,40));
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time, $key)";
return mysql_query($q, $this->connection);
}
?>

 

Is that really the only error you get? Give us the whole code and the whole error message please.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.