Jump to content

[SOLVED] user activation via email


runnerjp

Recommended Posts

."$url = 'http://www.runnerselite.com/website/activate.php?hash=".md5($userid)."&key="($key);

 

 

 

 

then on the activate.php

 

UPDATE users
SET status = 1
WHERE (userid= "'.md5($_GET['userid']).'") AND (key = '($_GET['key'].') ?>

 

 

is this correct ??? tried it and does not seme to work

Link to comment
Share on other sites

hmmm, um try and echo out your actual query variables..... see if its working or actually adding the brackets to the string.....

 

 

i think its better practice to use string concatination eg "string"."string" etc, so id recommend you try that.

 

gdlk

 

Link to comment
Share on other sites

You're sending the user id to the page via the variable "hash" not "userid", and it's already md5'd in your URL.

 

hash=".md5($userid)

md5($_GET['userid'])

 

Also is userid stored as an md5 in your table? If so why? It adds in extra overhead using it encrypted when there is no need usually. Passwords yes, usernames not really.

Link to comment
Share on other sites

Parse error: syntax error, unexpected T_STRING

 

<? UPDATE users
SET status = '1'
WHERE userid= '".md5($_GET['hash']."' AND key = '".$_GET['key']."' ?>

 

 

You're sending the user id to the page via the variable "hash" not "userid", and it's already md5'd in your URL.

 

hash=".md5($userid)

md5($_GET['userid'])

 

Also is userid stored as an md5 in your table? If so why? It adds in extra overhead using it encrypted when there is no need usually. Passwords yes, usernames not really.

 

i used id as id no 1..2...3...4...5..6...7...8...9

i hased them as i belive its safer to do this as i have found if people find id numbers they seem to be able to mess around with code :(

 

Link to comment
Share on other sites

Parse error: syntax error, unexpected T_STRING

 

<? UPDATE users
SET status = '1'
WHERE userid= '".md5($_GET['hash']."' AND key = '".$_GET['key']."' ?>

 

 

You're sending the user id to the page via the variable "hash" not "userid", and it's already md5'd in your URL.

 

hash=".md5($userid)

md5($_GET['userid'])

 

Also is userid stored as an md5 in your table? If so why? It adds in extra overhead using it encrypted when there is no need usually. Passwords yes, usernames not really.

 

i used id as id no 1..2...3...4...5..6...7...8...9

i hased them as i belive its safer to do this as i have found if people find id numbers they seem to be able to mess around with code :(

 

 

If your code was secure. then other people wouldn't be able to mess aroudn with the code.

Link to comment
Share on other sites

but by blockin all charateristics but letters and numbers this can be stopped yes  ( nd also even with

"UPDATE users
SET status = '1'
WHERE userid= '".md5($_GET['hash']."' AND key = '".$_GET['key']."'";

i still get the error Parse error: syntax error, unexpected ';' in /home/runnerse/public_html/website/activate.php on line 3

 

Link to comment
Share on other sites

ahh good call :)  didt see ) was missed

 

 

ok after viewing it and stuff iv noticed that when the email is sent its not getting the random key!

 

function randomkeys($length){

$pattern="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";

for($i=0; $i<$length; $i++) $key.=$pattern{rand(0,61)};

return $key;

 

which is inserted into the database $key

 

so ."$url = 'http://www.runnerselite.com/website/activate.php?hash=".md5($userid)."&key=($key)"; should get the username and the key.... but it only gets the user name.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.