Calgaryalberta Posted January 26, 2008 Share Posted January 26, 2008 I have a PHP Validation script that I did not make unfortunately, my programmer is not around anymore and Im trying to edit the script here, my php knowledge isn't huge...My question right now is I want my script to automatically assign the number 1, after the user clicks the activation link they receive in the email we send them. So in PHPMyAdmin in my table in the database I added a row called 'accesslevel' now the reason I added that row is because the table that takes this information from the users is going to be used to retrieve the username/password when user's login, once a user trys to login, the script will check the user's user name then the user's password, then which access level they are allowed acccess too, if it's just level 1, then its the members area, level 2 is the admin area, and so on. So Im looking for help on what excatly I can add to the script below to automatically get the script to assign the number 1 in the access level row. - Thanks This is the handle page, that handles the information from the join form and sends the email and displays the activation link. <?php if( isset($_POST['submit']) ) { $error = array(); $first = mysql_real_escape_string(trim($_POST['first'])); $last = mysql_real_escape_string(trim($_POST['last'])); $email1 = trim($_POST['email']); $email2 = trim($_POST['emailconfirm']); $pass1 = trim($_POST['password']); $pass2 = trim($_POST['passwordconfirm']); $vatsimid = trim($_POST['vatsimid']); $country = mysql_real_escape_string(trim($_POST['country'])); $region = mysql_real_escape_string(trim($_POST['region0'])); if( empty($first) ) $error[] = "Need a first name"; if( empty($last) ) $error[] = "Need a last name"; if( $email1 != $email2 ) $error[] = "Emails do not match"; if( !preg_match('/^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$/', $email1) ) $error[] = "Invalid Email"; if( empty($pass1) ) $error[] = "Need a password"; if( $pass1 != $pass2 ) $error[] = "Passwords do not match"; if( !preg_match('/^[\d]{6}$/', $vatsimid) ) $error[] = "Invalid VATSIM ID"; if( $country == "Select a country from list..." ) $error[] = "Please select a country"; if( $region == "Select a region..." ) $error[] = "Please select a region"; if( count($error) == 0 ) { $res = mysql_query("SELECT 1 FROM users WHERE email='".mysql_real_escape_string($email1)."'"); print mysql_error(); if( $res ) { if( mysql_num_rows($res) == 0 ) { $key = generateKey(); $res = @mysql_query("INSERT INTO users (`email`, `pass`, `key`, `country`, `region`, `vatsimid`, `first`, `last`) ". "VALUES ('".mysql_real_escape_string($email1)."', '".mysql_real_escape_string($pass1)."', '".mysql_real_escape_string($key)."', ". "'$country', '$region', '$vatsimid', '$first', '$last')"); if( $res ) { $uid = mysql_insert_id(); mail($email, "Account Activation", "Thank you for registering with us.\n\n". "After you activate your account, you can login in with the following...\n". " Pilot Id: $uid\n". " Password: $pass1\n". "To activate your account please visit the following URL...\n". " http://www.mydomain.net/join/activate.php?uid=$uid&key=".urlencode($key)." \n\n", "From: postmaster@mydomain.net\r\n". "Reply-To: postmaster@mydomain.net\r\n". "X-Mailer: PHP/".phpversion()); print "Thank you for registering! Please check your email for activation instructions."; } else { print mysql_error(); } } else { print "There is a user already registered with that email."; } } else { print mysql_error(); } } else { foreach($error as $err) print "<b>$err</b><br />"; } } else { ?> Or is there another file somewhere that Im missing that I need to post instead of this? - thanks Quote Link to comment Share on other sites More sharing options...
marcus Posted January 26, 2008 Share Posted January 26, 2008 assign the number 1 to what Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted January 26, 2008 Author Share Posted January 26, 2008 assign the number 1 in the accesslevel under that user and all users who join the site so when they login and the php script checks their username/password and accesslevel and by seeing they're only allowed access to level 1 which is the members area, the login script forwards them to the members area page if they have level 2 access and try to login, the login script forwards them to the administrators area if they have level 3 access and try and login, the login script forwards them to the managers area Quote Link to comment Share on other sites More sharing options...
nethnet Posted January 26, 2008 Share Posted January 26, 2008 You'll need to do this in activate.php. When the activation script is run, have it update the database with this: $id = $_REQUEST['uid']; mysql_query("UPDATE users SET accesslevel = 1 WHERE id = $id"); You'll have to change "id" to whatever you call the user id in your database. Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted January 26, 2008 Author Share Posted January 26, 2008 Ok, let me try it here, I have the file open Ill try it right now Quote Link to comment Share on other sites More sharing options...
marcus Posted January 26, 2008 Share Posted January 26, 2008 on login <?php // supposing their info is correct $sql = "SELECT accesslevel FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."'"; $res = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($res); switch($row['accesslevel']){ case 1: header("Location: /members/index.php"); break; case 2: header("Location: /admin/index.php"); break; case 3: header("Location: /manager/index.php"); break; default: header("Location: /members/index.php"); } ?> and your query for registration/confirmation w/e <?php $reg_sql = "INSERT INTO `users` (`all`,`other`,`values`,`here`,`accesslevel`) VALUES('".$all."','".$other."','".$values."','".$here."','1')"; $reg_res = mysql_query($reg_sql) or die(mysql_error()); // or for confirmation $con_sql = "UPDATE `users` SET `accesslevel`='1' WHERE `username`='".$user."'"; $con_res = mysql_query($con_sql) or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted January 26, 2008 Author Share Posted January 26, 2008 Ok, I haven't got to the login yet, but I made a note of your script, Ill use it when I get to the login. So the script did look like this <?php /** ** Register script **/ include "config.php"; $db = @mysql_connect($db_host, $db_user, $db_pass); if( !$db ) die(mysql_error()); $link = mysql_select_db($db_name, $db); if( !$link ) die(mysql_error()); $uid = (int)$_GET['uid']; $key = mysql_real_escape_string($_GET['key']); //print "SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'"; $res = @mysql_query("SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'"); if( !$res ) die(mysql_error()); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Untitled 5</title> <style type="text/css"> h2 {font:1.48em verdana;color:#0084C9;margin:0px 0px 12px 0px;padding:0;} .bluetop {border-top:2px solid #0084C9;padding:9px 0px 0px 0px;} .box9 {padding:8px 17px 18px 17px;border-top:2px solid #0084C9;border-bottom:1px solid #0084C9;background:#efefea;} .small {font-size:.925em;font-family:verdana;} input {color:#666;} .formwidth {width: 300px;} select {color:#666;} .button {background-color: #339E35; border:0; padding:2px; margin:10px 0 0; font-weight:700; color:#fff; font-size:.8em; font-family: "Tahoma", "Lucida Grande" , san-serif;} .style9 { font-size: large; font-family: "Times New Roman", Times, serif; } .style10 { font-size: small; font-family: "Times New Roman", Times, serif; } .style11 { font-size: small; font-family: Verdana; } </style></head><body> <table style="margin-left: 18px;" border="0" width="690"> <!--WIDTH="590"--><!-- remove add icons TR> <TD align="right"><A href="javascript:GotoAd();"><IMG name="Rotate" src="ENA.gif" width="325" height="52" border="0" align="right" ></a></TD></TR --><!--<TR><TD align="center"><A Href="http://interbiz.cai.com/Education/default.asp" class="minilinks"> <U>interBiz Courses</U></A></TD></TR>--> <tbody><tr> <td align="left"> <h2>Join</h2> <table style="margin-left: 18px;" border="0" width="690"> <tbody><tr> <td> <div class="bluetop"> </div> </td> </tr> </tbody></table> </td> </tr> </tbody></table> <?php if( mysql_num_rows($res) == 1 ) { print "Account activated!\n"; @mysql_query("UPDATE users SET activated=1 WHERE uid = '$uid'"); } else { print "Account not found"; } ?> </body></html> And you're recommending it looks like this: <?php /** ** Register script **/ include "config.php"; $db = @mysql_connect($db_host, $db_user, $db_pass); if( !$db ) die(mysql_error()); $link = mysql_select_db($db_name, $db); if( !$link ) die(mysql_error()); $uid = (int)$_GET['uid']; $key = mysql_real_escape_string($_GET['key']); //print "SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'"; $res = @mysql_query("SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'"); if( !$res ) die(mysql_error()); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Untitled 5</title> <style type="text/css"> h2 {font:1.48em verdana;color:#0084C9;margin:0px 0px 12px 0px;padding:0;} .bluetop {border-top:2px solid #0084C9;padding:9px 0px 0px 0px;} .box9 {padding:8px 17px 18px 17px;border-top:2px solid #0084C9;border-bottom:1px solid #0084C9;background:#efefea;} .small {font-size:.925em;font-family:verdana;} input {color:#666;} .formwidth {width: 300px;} select {color:#666;} .button {background-color: #339E35; border:0; padding:2px; margin:10px 0 0; font-weight:700; color:#fff; font-size:.8em; font-family: "Tahoma", "Lucida Grande" , san-serif;} .style9 { font-size: large; font-family: "Times New Roman", Times, serif; } .style10 { font-size: small; font-family: "Times New Roman", Times, serif; } .style11 { font-size: small; font-family: Verdana; } </style></head><body> <table style="margin-left: 18px;" border="0" width="690"> <!--WIDTH="590"--><!-- remove add icons TR> <TD align="right"><A href="javascript:GotoAd();"><IMG name="Rotate" src="ENA.gif" width="325" height="52" border="0" align="right" ></a></TD></TR --><!--<TR><TD align="center"><A Href="http://interbiz.cai.com/Education/default.asp" class="minilinks"> <U>interBiz Courses</U></A></TD></TR>--> <tbody><tr> <td align="left"> <h2>Join</h2> <table style="margin-left: 18px;" border="0" width="690"> <tbody><tr> <td> <div class="bluetop"> </div> </td> </tr> </tbody></table> </td> </tr> </tbody></table> <?php $id = $_REQUEST['uid']; mysql_query("UPDATE users SET accesslevel = 1 WHERE id = $id"); if( mysql_num_rows($res) == 1 ) { print "Account activated!\n"; @mysql_query("UPDATE users SET activated=1 WHERE uid = '$uid'"); } else { print "Account not found"; } ?> </body></html> Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted January 26, 2008 Author Share Posted January 26, 2008 At the very end is where I added the script you mentioned to add in, the $id = $_REQUEST['uid']; mysql_query("UPDATE users SET accesslevel = 1 WHERE id = $id"); Quote Link to comment Share on other sites More sharing options...
nethnet Posted January 26, 2008 Share Posted January 26, 2008 Combine them into one query. "UPDATE users SET activated=1 AND accesslevel=1 WHERE uid='$uid'" Quote Link to comment Share on other sites More sharing options...
marcus Posted January 26, 2008 Share Posted January 26, 2008 You don't use AND operation when updating. $sql = "UPDATE `users` SET `activated`=1,`accesslevel`=1 WHERE `uid`='".$uid."'"; Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted January 26, 2008 Author Share Posted January 26, 2008 ok lets see if this works, stand by Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted January 26, 2008 Author Share Posted January 26, 2008 Ok, before I upload this script to my server, Im going to post it with you're updates tell me if this is the way it should look . Thanks for all the help! I guess before I know if it for sure works Ill have to develop the login, but Ill use the script posted above, Ill just edit it to the best of my ability Look ok? <?php /** ** Register script **/ include "config.php"; $db = @mysql_connect($db_host, $db_user, $db_pass); if( !$db ) die(mysql_error()); $link = mysql_select_db($db_name, $db); if( !$link ) die(mysql_error()); $uid = (int)$_GET['uid']; $sql = "UPDATE `users` SET `activated`=1,`accesslevel`=1 WHERE `uid`='".$uid."'"; $key = mysql_real_escape_string($_GET['key']); //print "SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'"; $res = @mysql_query("SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'"); if( !$res ) die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.