alivec Posted April 2, 2008 Share Posted April 2, 2008 well im useing <? function createRandomPassword() { $chars = "abcdefghijkmnopqrstuvwxyz0123456789"; srand((double)microtime()*100000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } to create a random code.. i am planning on using this on my website for the verification code in the register.. but now that i have made this i cannot figure out how to verify that the code this generates is the code the user enters into the text box. thank you. if i posted this in the wrong forum im sorry i wasn't sure where to post this question. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted April 2, 2008 Share Posted April 2, 2008 In your users table I would add two columns: date_activated activation_code When someone registers, you will want to add all their info into your users table, but leave date_activated null and populate activation_code with the code you send in the email. On your site, when you authenticate someone, make sure you filter out anything where date_activated is NULL. Then, when someone activates, you query for that username & activation_code. If they match, remove the activation code and add NOW() to date_activated. That is my recommended solution. Does it make sense? Quote Link to comment Share on other sites More sharing options...
alivec Posted April 2, 2008 Author Share Posted April 2, 2008 no i am really new to SQL i had help with it before but.. now i'm on my own and would like to continue and learn at the same time. so can you explain it in simpler terms? Quote Link to comment Share on other sites More sharing options...
Guardian-Mage Posted April 2, 2008 Share Posted April 2, 2008 Yes this is the wrong forum. You should have posted in the PHP Help forum. Anyhow, you should use php sessions. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted April 2, 2008 Share Posted April 2, 2008 Verification codes don't have to do with PHP sessions. Those are for after a user has logged in. Do you have anything set up yet? Registration Form, Login Form, MySQL Tables, authentication script, etc? I can help you fill in the gaps, but unfortunately don't have the time to help you from scratch. Quote Link to comment Share on other sites More sharing options...
haku Posted April 2, 2008 Share Posted April 2, 2008 Ya, that session comment was a little random. Quote Link to comment Share on other sites More sharing options...
alivec Posted April 2, 2008 Author Share Posted April 2, 2008 i have a login form, registration form and mySQL tables. Quote Link to comment Share on other sites More sharing options...
haku Posted April 2, 2008 Share Posted April 2, 2008 So create a table in your database that has two columns - one holds the image name, and the other holds the verification code. When someone types in the code, check it against the image name in the database. If they match, the person entered the right code. If they don't match, they didn't. I don't know if this is the way this is usually done, but its a way you can do it. Quote Link to comment Share on other sites More sharing options...
alivec Posted April 3, 2008 Author Share Posted April 3, 2008 thats the thing thought its not an image.. the output is like this.. Your verification code is: cqaoyyj4 is there a way to check it still? Quote Link to comment Share on other sites More sharing options...
haku Posted April 3, 2008 Share Posted April 3, 2008 Sorry, I misunderstood the initial problem. I thought you were using one of those things that requires someone to input the distorted text in an image in order to proceed. If its a code like that, store the info in your database. When the person enters that info, check it against the database. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted April 3, 2008 Share Posted April 3, 2008 Step 1) Add info to USERS table. When the person fills out the registration form, I assume the script it submits to adds the users info to the USERS table, generates the code, and then sends them an email with it. There are some small changes you will need to make. Alter your USERS table so there is a new nullable column called activation_code. The SQL should look something like: ALTER TABLE users ADD activation_code VARCHAR(16) NULL; I made the field 16 characters in case you decide to make the verification longer in the future. Now, move the part where you generate the verification code to before mysql INSERT command. Store it in a variable, then use that variable to add it to the activation_code column in your INSERT. Then, use the same variable when sending the email later on in the script. Still with me? Now the new user should have all their info in our table, including the verification code, and an email should have been sent to them with the same verification code. Step 2) Verification Page. Now create a new page (or add it below the login form if you want) for a user to enter their email (I assume you are using email as your username) and the verification code you provided in the email. When they submit the code, search the table for the username and matching code. If you find it, update that record by setting the activation_code field to NULL with a mysql UPDATE command. The code for that will look something like: <?php //Assuming you are connected to the DB $email = mysql_real_escape_string(trim($_POST['email'])); //Escape invalid characters $code = mysql_real_escape_string(trim($_POST['code'])); //Escape invalid characters if(!strlen($email) || !strlen($code)) die("Email or code not entered"); $result = mysql_query("UPDATE `users` SET `activation_code` = NULL WHERE `email` = '{$email}' AND `activation_code` = '{$code}' LIMIT 1") or die("Query Error: ".mysql_error()); if(!mysql_affected_rows($result)) die("Username not found"); print "Username activated"; ?> Now, your user registration process is complete. One last step though: Step 3) Filter out users. Since users can be in the USERS table, but not be activated, we have to make sure we filter them out. So, in your login script, add a WHERE `activation_code` IS NULL to your query when looking up the user. This will make sure those with codes still won't be part of the results. Does that explain it well for you? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.