I am having trouble with the following

Sub ConfirmRegistration() ''''''''''''''''''''''''
Dim ConfirmQuery
ConfirmQuery = "SELECT userid FROM members WHERE userid = " & confirm
Set rs = Conn.Execute(ConfirmQuery)
If NOT rs.EOF Then
Dim UpdateConfirmedStatus
UpdateConfirmedStatus = "UPDATE members SET confirmed = True WHERE userid = " & confirm
Conn.Execute(UpdateConfirmedStatus)
response.write("<p align=center><b>Thankyou for registering click <a href=default.asp>here</a> to login</b></p>")
Else
emailfound = False ' The email was not found, they still need to register
End If
End Sub ''''''''''''''''''''''''''''''''''''''''''

MessageBody = MessageBody & "<b><a href=http://website/register.asp?confirm=" & userid & ">Please click here to confirm your registration:</a></b>"


what i want to do is change userid to email address because there is no security in the number showing up in the url you could manualy change the number and register someone else in the url

where if its the email well that has to be unique each time as well

but I found out for this to work the data type for the verification in this example userid has to be a number! i was wondering if there was a way of verifying with either hiding the number in the url or allowing the datatype to be text

If you need this question answered, and since it hasn't, you might want to try to reply with a better description of your problem.


*BUMP UP*

(Only trying to help you by getting your post answered!)

I don't see the problem.

But frankly, i don't understand what you're trying to do here.
Can you teel us something more about the pageflow? I think you now have a registration form, that is posted and processed, and you then want to log the newly registerd user in ? By providing a "login here" link that is meant to identify the user? (Why ??)

Something like that

But all the code and your questions don't make sense to me. You you describe what exactly you're trying to do?

So just change it to the email.

:confused:

Sorry for the late reply! I have had big family trouble this past weekend, but lets hope I can explain this better :)

ok the script above posted again with colors and a better discription!

Sub ConfirmRegistration() ''''''''''''''''''''''''
Dim ConfirmQuery
ConfirmQuery = "SELECT userid FROM members WHERE userid = " & confirm
Set rs = Conn.Execute(ConfirmQuery)
If NOT rs.EOF Then
Dim UpdateConfirmedStatus
UpdateConfirmedStatus = "UPDATE members SET confirmed = True WHERE userid = " & confirm
Conn.Execute(UpdateConfirmedStatus)
response.write("<p align=center><b>Thankyou for registering click <a href=default.asp>here</a> to login</b></p>")
Else
emailfound = False ' The email was not found, they still need to register
End If
End Sub ''''''''''''''''''''''''''''''''''''''''''

MessageBody = MessageBody & "<b><a href=http://website/register.asp?confirm=" & userid & ">Please click here to confirm your registration:</a></b>"

Ok if you change the stuff in red from userid to say email it just simply doesnt work it wont do the referal the one thing I noticed is that in the db file the userid is the AutoNumber where email is just plain text!

The error I get is below

Microsoft JET Database Engine error '80040e14'

Syntax error (missing operator) in query expression 'email = Test@lycosidea.com'.

/Login/register.asp, line 167

I have attached the asp file as a txt file

Ok I have updated the following

Set RS = Conn.Execute("SELECT userid FROM members WHERE userid = " & confirm")

where it should be

Set RS = Conn.Execute("select * from members")

as it allows me to put things on the page so it seems that the problem I am having is on the following line

UpdateConfirmedStatus = "UPDATE members SET confirmed = True WHERE userid = " & confirm

where I want to change userid to username or email but it seems that if its not a number field it wont work??

Ok I solved my own problem yeah!

when I thought that I had to change the Set RS part was parshly true but I also had to change the following

MessageBody = MessageBody & "<b><a href=http://www.Alwaysremember.ca/Login/register.asp?confirm='" & email & "' >Please click here to confirm your registration and activate your account:</a></b>"

The part in red cause its text and not a number it needed to be in single '' quotes

Yup... keep in mind though, one thing about the way I had it originally is the person subscribing doesn't necessarily KNOW what the UserID is (even though it's autonumber).

The bad part about using the email to confirm, is someone could sign up with a totally bogus email (once they see what you're using to confirm with!), and then just go to that page with the new bogus email in the querystring and register.

At least with the UserID, you could use some scheme to mask which number it was (like putting it inside another random string in a certain position, for instance), etc... so the user wouldn't know when confirming which number to use...

very good point maybe useing 2 things double the security like the email and a userid? how would I go about doing that?

Hmm, you're already using the email - they have to respond! That's the whole idea behind it... what I'd probably do if you're worried about it is mask the userID inside some random string of numbers/letters... I'll see if I can throw something together tonight when I get home.

Ok I understand what you are saying! I added something to mine that you may find usefull to add to yours whammy!

Sub ConfirmRegistration() ''''''''''''''''''''''''
Dim ConfirmQuery
ConfirmQuery = "SELECT * FROM members WHERE email = " & emc & " and userid = " & uid
Set rs = Conn.Execute(ConfirmQuery)
If RS.fields("confirmed") = True Then
Response.Redirect("Login.asp") ' This sends them to the login page letting it know they came from here
Else
If NOT rs.EOF Then
Dim UpdateConfirmedStatus
UpdateConfirmedStatus = "UPDATE members SET confirmed = True WHERE email = " & emc & " and userid = " & uid
Conn.Execute(UpdateConfirmedStatus)
response.write("<LINK href=style.css' rel='stylesheet' type='text/css'>")
response.write("<script language='JavaScript' src=Header.js'></script>")
response.write("<p align=center><b>Thankyou " & RS.fields("First_Name") & " for registering click <a href=login.asp>here</a> to login</b></p>")
Else
emailfound = False ' The email was not found, they still need to register
End If
End If
End Sub ''''''''''''''''''''''''''''''''''''''''''

That way people cant try and register more then once with that email address ext...

Yeah, not a bad idea, use both.