Email account activation help

[PRodgers4284]

I have a registration form on my website that sends an email to the users email address once they have completed the registration form. I have the email sending fine, but im having difficulty getting the activation link to work, the activation link sets a field in the database to 1 which indicates an active account. I am trying to use the user password and timestamp to identifiy them in the database but i not sure if im doing this correctly. Can anyone help?

 

Email Script is:

 

require_once('class.phpgmailer.php');
$mail = new PHPGMailer();
$mail->IsSMTP(); // send via SMTP
$mail->Host = 'ssl://smtp.gmail.com'; // SMTP servers
$mail->FromName = '******.com';
$mail->AddAddress($email);
$mail->Subject = 'Registration';
$mail->Body = "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
$mail->Body = "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>";
$mail->Send();

 

activate.php file is:

 

<?php
UPDATE users
SET active = 1
WHERE (password = "'.md5($_GET['hash']).'") AND (timestamp = '.base64_decode($_GET['stamp'].') 
?> 

[Chris92]

I'm not sure what type of database you are using, but you need to use a query function to run your query.

<?php
mysql_query("UPDATE `users` SET `active` = '1' WHERE `password` = ".md5($_GET['hash'])." AND `timestamp` = ".base64_decode($_GET['stamp']."");
?>

[PRodgers4284]

I'm not sure what type of database you are using, but you need to use a query function to run your query.

<?php
mysql_query("UPDATE `users` SET `active` = '1' WHERE `password` = ".md5($_GET['hash'])." AND `timestamp` = ".base64_decode($_GET['stamp']."");
?>

 

Hi chris, thanks for the reply, im using a mysql database, i tried the query but im getting "Parse error: syntax error, unexpected ';'"

[PRodgers4284]

I have the following email script:

 

require_once('class.phpgmailer.php');
$mail = new PHPGMailer();
$mail->IsSMTP(); // send via SMTP
$mail->Host = 'ssl://smtp.gmail.com'; // SMTP servers
$mail->FromName = 'Jobs4U.com';
$mail->AddAddress($email);
$mail->Subject = 'Jobs4U Registration';
$mail->Body = "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
$mail->Body = "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&stamp=".base64_encode($stamp)."'>Activate Account</a>";  
$mail->Send();

 

The activate.php file is:

 

<?php
include("database.php"); 
$pass = md5($_GET['hash']);
$stamp = base64_decode($_GET['stamp']);
$sql = "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
$result = mysql_query($sql) or die('The error was: ' . mysql_error() . '<br>The query was: ' . $sql);
?>

 

Im getting the following error:

 

"The error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

The query was: UPDATE `users` SET `active` = '1' WHERE `password` = '35f504164d5a963d6a820e71614a4009' AND `timestamp` = "

 

I cant see where the problem is, can anyone please help?