Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post

    Email account activation help

    I have a registration form on my website that sends an email to the users email address once they have completed the registration form. I have the email sending fine, but im having difficulty getting the activation link to work, the activation link sets a field in the database to 1 which indicates an active account. I am trying to use the user password and timestamp to identifiy them in the database but i not sure if im doing this correctly. Can anyone help?

    Email Script is:

    PHP Code:
    require_once('class.phpgmailer.php');
        
    $mail = new PHPGMailer();
        
    $mail->IsSMTP(); // send via SMTP
        
    $mail->Host 'ssl://smtp.gmail.com'// SMTP servers
        
    $mail->FromName '********.com';
        
    $mail->AddAddress($email);
        
    $mail->Subject 'Registration';
        
    $mail->Body "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
        
    $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>";
        
    $mail->Send();
    }

    The activate.php code

    PHP Code:
    <?php
    UPDATE users
    SET active 
    1
    WHERE 
    (password "'.md5($_GET['hash']).'") AND (timestamp '.base64_decode($_GET['stamp'].'
    ?>

  2. #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,964
    Thanks
    164
    Thanked 2,236 Times in 2,223 Posts
    Quote Originally Posted by PRodgers4284 View Post

    PHP Code:
    <?php
    UPDATE users
    SET active 
    1
    WHERE 
    (password "'.md5($_GET['hash']).'") AND (timestamp '.base64_decode($_GET['stamp'].'
    ?>
    Where is your mysql_query() call?
    PHP Code:
    mysql_query("UPDATE users
    SET active = 1
    WHERE password = '"
    .md5($_GET['hash'])."' AND timestamp = '".base64_decode($_GET['stamp']."'" ) or die(mysql_error()); 
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  3. #3
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by abduraooft View Post
    Where is your mysql_query() call?
    PHP Code:
    mysql_query("UPDATE users
    SET active = 1
    WHERE password = '"
    .md5($_GET['hash'])."' AND timestamp = '".base64_decode($_GET['stamp']."'" ) or die(mysql_error()); 
    Hi abduraooft, im using the following query:

    PHP Code:
    <?php
    mysql_query
    ("UPDATE `users` SET `active` = '1' WHERE `password` = ".md5($_GET['hash'])." AND `timestamp` = ".base64_decode($_GET['stamp']."");
    ?>
    Im getting the following error though:

    Parse error: syntax error, unexpected ';'

  4. #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,964
    Thanks
    164
    Thanked 2,236 Times in 2,223 Posts
    The error is not related to your query (I believe), there might be some mismatches in the double/single quotes somewhere else. PHP parser should have pointed out the line number where the error resides.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  5. #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You really need to start using error checking on your queries. I suspect your query might be failing. Try this.
    PHP Code:
    <?php
    $pass 
    md5($_GET['hash']);
    $stamp base64_decode($_GET['stamp']);
    $sql "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result mysql_query($sql) or die(mysql_error());
    ?>
    What data type is your active column? Is it an int or a string? I'm guessing its likely an int.

  6. #6
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    You really need to start using error checking on your queries. I suspect your query might be failing. Try this.
    PHP Code:
    <?php
    $pass 
    md5($_GET['hash']);
    $stamp base64_decode($_GET['stamp']);
    $sql "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result mysql_query($sql) or die(mysql_error());
    ?>
    What data type is your active column? Is it an int or a string? I'm guessing its likely an int.
    Aerospace thanks for the reply, the active field is set as a varchar(1) in the database. I tried the query you provided but im getting the following error:

    "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

    My code is now:

    PHP Code:
    <?php
    include("database.php");
    $pass md5($_GET['hash']);
    $stamp base64_decode($_GET['stamp']);
    $sql "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result mysql_query($sql) or die(mysql_error());
    ?>

  7. #7
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Change this line
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    to this
    PHP Code:
    $result mysql_query($sql) or die('The error was: ' mysql_error() . '<br>The query was: ' $sql); 
    Copy and paste what you get here.

  8. #8
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Change this line
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    to this
    PHP Code:
    $result mysql_query($sql) or die('The error was: ' mysql_error() . '<br>The query was: ' $sql); 
    Copy and paste what you get here.
    Aerospace I get the following error after making the changes:

    The error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
    The query was: UPDATE `users` SET `active` = '1' WHERE `password` = 'fb469d7ef430b0baf0cab6c436e70375' AND `timestamp` =

  9. #9
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,964
    Thanks
    164
    Thanked 2,236 Times in 2,223 Posts
    Code:
    echo 'pass: '.$pass = md5($_GET['hash']);
    echo '<br/>stamp: '.$stamp = base64_decode($_GET['stamp']);
    Check whether this values are actually reaching there..
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  10. #10
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Looks like the timestamp isn't set anywhere. I see the problem. You aren't concatenating your functions properly. Change this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>"
    to this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&amp;stamp=".base64_encode($stamp)."'>Activate Account</a>"
    Last edited by _Aerospace_Eng_; 03-02-2008 at 04:19 PM.

  11. #11
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Looks like the timestamp isn't set anywhere. I see the problem. You aren't concatenating your functions properly. Change this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>"
    to this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&amp;stamp=".base64_encode($stamp)."'>Activate Account</a>"

    Aerospace ive made the changes but im stilling getting the error

    "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

    Have you any ideas what could be the problem?

  12. #12
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    It seems to be getting the password but not the timestamp.

  13. #13
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    I still cant get this to work, my email code is:

    Code:
    require_once('class.phpgmailer.php');
    	$mail = new PHPGMailer();
    	$mail->IsSMTP(); // send via SMTP
    	$mail->Host = 'ssl://smtp.gmail.com'; // SMTP servers
    	$mail->FromName = '*******.com';
    	$mail->AddAddress($email);
    	$mail->Subject = '******* Registration';
    	$mail->Body = "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
    	$mail->Body = "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&amp;stamp=".base64_encode($stamp)."'>Activate Account</a>";  
    	$mail->Send();
    My activate.php file is:

    Code:
    <?php
    include("database.php"); 
    $pass = md5($_GET['hash']);
    $stamp = base64_decode($_GET['stamp']);
    $sql = "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result = mysql_query($sql) or die('The error was: ' . mysql_error() . '<br>The query was: ' . $sql);
    ?>
    Im getting the following error:

    The error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
    The query was: UPDATE `users` SET `active` = '1' WHERE `password` = '35f504164d5a963d6a820e71614a4009' AND `timestamp` =

    I cant see where the problem is.
    Last edited by PRodgers4284; 03-02-2008 at 05:34 PM.

  14. #14
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Where are $password and $stamp coming from? I don't seem them declared in your code. md5 always returns something even if its just a blank string. You can use this generator on your password to check and see if it matches the current md5 value.

    http://www.adamek.biz/md5-generator.php

  15. #15
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Where are $password and $stamp coming from? I don't seem them declared in your code. md5 always returns something even if its just a blank string. You can use this generator on your password to check and see if it matches the current md5 value.

    http://www.adamek.biz/md5-generator.php
    Aerospace, could i check the username and password instead of the password and timestamp.

    My full code for the register.php is:

    PHP Code:
    <?php 
    $error_stat 
    0
    $username_message '';
    $password_message '';
    $forename_message '';
    $surname_message '';
    $email_message '';
    $mobile_message '';
    $dob_message '';
    $location_message '';
    $checkbox_message '';
     

    if (isset(
    $_POST['submit'])) { 

    $username $_POST['username']; 
    $password1 $_POST['password']; 
    $password2 $_POST['password2']; 
    $md5password md5($_POST['password']); 
    $forename $_POST['forename']; 
    $surname $_POST['surname']; 
    $email $_POST['email']; 
    $mobile $_POST['mobile']; 
    $dob $_POST['dob']; 
    $location $_POST['location']; 
    $ip $_SERVER['REMOTE_ADDR']; 


    //Error checking 




    //Username check) 
    if (empty($username)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
    $username_message '*Please enter a username*';

    if(
    usernameTaken($username,$conn))
    {
        
    $error_stat 1;
        
    $username_message '*User name is taken, choose another one*';
    }

     
    $username $_POST['username']; 
     
    $username trim($username); 

       if (
    strlen($username) > 12){ 
       
    $error_stat 1
       
    $username_message '*The username must be 12 characters or less*'


     
    $username $_POST['username']; 
     
    $username trim($username); 

       if (
    strlen($username) < 4){ 
       
    $error_stat 1
       
    $username_message '*Username must be at least 4 characters*'


    else if ( 
    preg_match'/\W/'$username)){
         
    $error_stat 1
        
    $username_message '*Invalid username, letters only, no spaces*'



    //Password check) 
    if($password1 != $password2)
    {
        
    $error_stat 1;
        
    $password_message '*Passwords don\'t match*';
    }
     
     if (empty(
    $password1)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
        
    $password_message '*Please enter a password*';
    }

    if(!
    $password1 || !$password2)
    {
        
    $error_stat 1;
        
    $password_message '*Please enter both passwords*';
    }

    $password $_POST['password']; 
    $password trim($password); 

       if (
    strlen($password) < 4){ 
       
    $error_stat 1
       
    $password_message '*Password must be at least 4 characters*'


    else if ( 
    preg_match'/\W/'$password)){
         
    $error_stat 1
        
    $password_message '*Invalid password, letters only, no spaces*'






    //Forename check) 
    if (empty($forename)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
    $forename_message '*Please enter your forename*';
    }

    else if (
    ctype_digit($forename)) { 
       
    $error_stat 1
       
    $forename_message .= '*Invalid forename*'


    else if ( 
    preg_match'/\W/'$forename)){
         
    $error_stat 1
        
    $forename_message '*Invalid forename, letters only, no spaces*'




    $forename $_POST['forename']; 
    $forename trim($forename); 

       if (
    strlen($forename) > 12){ 
       
    $error_stat 1
       
    $forename_message '*The forename must be 12 characters or less*'
    }  




    //Surname check) 
    if (empty($surname)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
    $surname_message '*Please enter your surname*';
    }

    else if (
    ctype_digit($surname)) { 
       
    $error_stat 1
       
    $surname_message .= '*Invalid surname*'


    else if ( 
    preg_match'/\W/'$surname)){
         
    $error_stat 1
        
    $surname_message '*Invalid surname, letters only, no spaces*'





    $surname $_POST['surname']; 
    $surname trim($surname); 

       if (
    strlen($surname) > 12){ 
       
    $error_stat 1
       
    $surname_message '*The surname must be 12 characters or less*'


     



    //Email check) 
    if (empty($email)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter an email address
    $email_message '*Please enter your email address*';
    }
                 
    //Check format of email address entered
    else if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"$email)){
        
    $error_stat 1;          
    //Set the message to tell the user to enter a valid email address
        
    $email_message '*Invalid Email Address*';
    }

    if(
    emailTaken($email,$conn))
    {
        
    $error_stat 1;
        
    $email_message '*Email is taken please choose another one*';
    }

    $email $_POST['email']; 
    $email trim($email); 

       if (
    strlen($email) > 30){ 
       
    $error_stat 1
       
    $email_message '*The email address must be 30 characters or less*'
    }  




    //Mobile number check) 

    if (empty($mobile)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a dob
    $mobile_message '*Please enter your mobile number*';
    }

    else if (!
    ctype_digit($mobile)) { 
       
    $error_stat 1
       
    $mobile_message .= '*The mobile phone number must be only numbers*'
    }

    if(
    mobileTaken($mobile,$conn))
    {
        
    $error_stat 1;
        
    $mobile_message '*Mobile already in use, choose another one*';
    }



    $mobile $_POST['mobile']; 
    $mobile trim($mobile); 

       if (
    strlen($mobile) > 11){ 
       
    $error_stat 1
       
    $mobile_message '*Invalid mobile number*'
    }

    $mobile $_POST['mobile']; 
    $mobile trim($mobile); 

       if (
    strlen($mobile) < 11){ 
       
    $error_stat 1
       
    $mobile_message '*Invalid mobile number, must be 11 numbers*'
    }  
      

    //DOB check) 

    if (empty($dob)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a dob
    $dob_message '*Please enter your date of birth*';
    }

    //Check the format and explode into $parts
      
    elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$"
              
    $dob$parts)){
     
    $error_stat 1;     

    //Set the message to tell the user the date is invalid
    $dob_message '*Invalid dob, must be DD/MM/YYYY format*';
    }
        
      elseif (!
    checkdate($parts[2],$parts[1],$parts[3]))
      {
      
    $error_stat 1
      
      
    //Set the message to tell the date is invalid for the month entered
        
    $dob_message '*Invalid dob, month must be between 1-12*';
    }

    elseif (
    intval($parts[3]) < 1948 || 
              
    intval($parts[3]) > intval(date("Y")))
      {
        
        
    $error_stat 1

       
    //Set the message to tell the user the date is invalid for the year entered
        
    $dob_message '*Invalid dob, year must 1948 onwards*';
      }

    //Terms and condition check)
    if(!isset($_POST['checkthis'])){
      
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a dob
        
    $checkbox_message '*You did not accept terms and conditions*';
    }

    if (
    $location == 'Please Select'){
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;
        
    $location_message '*Please select a location*';
    }



    //Then, only run the query if there were no errors (if $error_stat still equals 0) 
    if ($error_stat == 0) { 
       
    mysql_query("INSERT INTO users (username, password, forename, surname, email, mobile, dob, location, ipaddress) VALUES ('$username', '$md5password', '$forename', '$surname', '$email', '$mobile', '$dob', '$location', '$ip')"); 
       
    mysql_query("INSERT INTO cv (username) VALUES ('$username')");
       echo 
    "<h3>Registration Successful!</h3>"
       echo 
    "<p>Thankyou, <b>$username</b>,registration was successful</p>"
       echo 
    "<p>login.</p>";
          echo 
    "<a href=\"index.php\">Login</a>";
          
    //Then, only run the query if there were no errors (if $error_stat still equals 0)  
        
    require_once('class.phpgmailer.php');
        
    $mail = new PHPGMailer();
        
    $mail->IsSMTP(); // send via SMTP
        
    $mail->Host 'ssl://smtp.gmail.com'// SMTP servers
        
    $mail->FromName '*******.com';
        
    $mail->AddAddress($email);
        
    $mail->Subject '*******Registration';
        
    $mail->Body "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
        
    $mail->Body "<a href='http://localhost/Jobs4U/activate.php?username=$username'>Activate Account</a>";
        
    $mail->Send();
    }
    }

    //Then, for the form, only show it if 1) the form hasn't been submitted yet OR 2) there is an error 
    if (!isset($_POST['submit']) || $error_stat == 1) { 


    ?>
    activate.php

    Code:
    <?php
    include("database.php");
    $pass = md5($_GET['hash']);
    $stamp = base64_decode($_GET['stamp']);
    $sql = "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result = mysql_query($sql) or die('The error was: ' . mysql_error() . '<br>The query was: ' . $sql); 
    ?>
    Last edited by PRodgers4284; 03-02-2008 at 07:23 PM.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •