Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post

    Email account activation help

    I have a registration form on my website that sends an email to the users email address once they have completed the registration form. I have the email sending fine, but im having difficulty getting the activation link to work, the activation link sets a field in the database to 1 which indicates an active account. I am trying to use the user password and timestamp to identifiy them in the database but i not sure if im doing this correctly. Can anyone help?

    Email Script is:

    PHP Code:
    require_once('class.phpgmailer.php');
        
    $mail = new PHPGMailer();
        
    $mail->IsSMTP(); // send via SMTP
        
    $mail->Host 'ssl://smtp.gmail.com'// SMTP servers
        
    $mail->FromName '********.com';
        
    $mail->AddAddress($email);
        
    $mail->Subject 'Registration';
        
    $mail->Body "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
        
    $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>";
        
    $mail->Send();
    }

    The activate.php code

    PHP Code:
    <?php
    UPDATE users
    SET active 
    1
    WHERE 
    (password "'.md5($_GET['hash']).'") AND (timestamp '.base64_decode($_GET['stamp'].'
    ?>

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,849
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Quote Originally Posted by PRodgers4284 View Post

    PHP Code:
    <?php
    UPDATE users
    SET active 
    1
    WHERE 
    (password "'.md5($_GET['hash']).'") AND (timestamp '.base64_decode($_GET['stamp'].'
    ?>
    Where is your mysql_query() call?
    PHP Code:
    mysql_query("UPDATE users
    SET active = 1
    WHERE password = '"
    .md5($_GET['hash'])."' AND timestamp = '".base64_decode($_GET['stamp']."'" ) or die(mysql_error()); 
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by abduraooft View Post
    Where is your mysql_query() call?
    PHP Code:
    mysql_query("UPDATE users
    SET active = 1
    WHERE password = '"
    .md5($_GET['hash'])."' AND timestamp = '".base64_decode($_GET['stamp']."'" ) or die(mysql_error()); 
    Hi abduraooft, im using the following query:

    PHP Code:
    <?php
    mysql_query
    ("UPDATE `users` SET `active` = '1' WHERE `password` = ".md5($_GET['hash'])." AND `timestamp` = ".base64_decode($_GET['stamp']."");
    ?>
    Im getting the following error though:

    Parse error: syntax error, unexpected ';'

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,849
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    The error is not related to your query (I believe), there might be some mismatches in the double/single quotes somewhere else. PHP parser should have pointed out the line number where the error resides.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You really need to start using error checking on your queries. I suspect your query might be failing. Try this.
    PHP Code:
    <?php
    $pass 
    md5($_GET['hash']);
    $stamp base64_decode($_GET['stamp']);
    $sql "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result mysql_query($sql) or die(mysql_error());
    ?>
    What data type is your active column? Is it an int or a string? I'm guessing its likely an int.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #6
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    You really need to start using error checking on your queries. I suspect your query might be failing. Try this.
    PHP Code:
    <?php
    $pass 
    md5($_GET['hash']);
    $stamp base64_decode($_GET['stamp']);
    $sql "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result mysql_query($sql) or die(mysql_error());
    ?>
    What data type is your active column? Is it an int or a string? I'm guessing its likely an int.
    Aerospace thanks for the reply, the active field is set as a varchar(1) in the database. I tried the query you provided but im getting the following error:

    "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

    My code is now:

    PHP Code:
    <?php
    include("database.php");
    $pass md5($_GET['hash']);
    $stamp base64_decode($_GET['stamp']);
    $sql "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result mysql_query($sql) or die(mysql_error());
    ?>

  • #7
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Change this line
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    to this
    PHP Code:
    $result mysql_query($sql) or die('The error was: ' mysql_error() . '<br>The query was: ' $sql); 
    Copy and paste what you get here.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #8
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Change this line
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    to this
    PHP Code:
    $result mysql_query($sql) or die('The error was: ' mysql_error() . '<br>The query was: ' $sql); 
    Copy and paste what you get here.
    Aerospace I get the following error after making the changes:

    The error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
    The query was: UPDATE `users` SET `active` = '1' WHERE `password` = 'fb469d7ef430b0baf0cab6c436e70375' AND `timestamp` =

  • #9
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,849
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Code:
    echo 'pass: '.$pass = md5($_GET['hash']);
    echo '<br/>stamp: '.$stamp = base64_decode($_GET['stamp']);
    Check whether this values are actually reaching there..
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #10
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Looks like the timestamp isn't set anywhere. I see the problem. You aren't concatenating your functions properly. Change this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>"
    to this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&amp;stamp=".base64_encode($stamp)."'>Activate Account</a>"
    Last edited by _Aerospace_Eng_; 03-02-2008 at 03:19 PM.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #11
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Looks like the timestamp isn't set anywhere. I see the problem. You aren't concatenating your functions properly. Change this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash='.md5($password).'&stamp='.base64_encode($stamp)'>Activate Account</a>"
    to this
    PHP Code:
        $mail->Body "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&amp;stamp=".base64_encode($stamp)."'>Activate Account</a>"

    Aerospace ive made the changes but im stilling getting the error

    "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

    Have you any ideas what could be the problem?

  • #12
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    It seems to be getting the password but not the timestamp.

  • #13
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    I still cant get this to work, my email code is:

    Code:
    require_once('class.phpgmailer.php');
    	$mail = new PHPGMailer();
    	$mail->IsSMTP(); // send via SMTP
    	$mail->Host = 'ssl://smtp.gmail.com'; // SMTP servers
    	$mail->FromName = '*******.com';
    	$mail->AddAddress($email);
    	$mail->Subject = '******* Registration';
    	$mail->Body = "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
    	$mail->Body = "<a href='http://localhost/Jobs4U/activate.php?hash=".md5($password)."&amp;stamp=".base64_encode($stamp)."'>Activate Account</a>";  
    	$mail->Send();
    My activate.php file is:

    Code:
    <?php
    include("database.php"); 
    $pass = md5($_GET['hash']);
    $stamp = base64_decode($_GET['stamp']);
    $sql = "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result = mysql_query($sql) or die('The error was: ' . mysql_error() . '<br>The query was: ' . $sql);
    ?>
    Im getting the following error:

    The error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
    The query was: UPDATE `users` SET `active` = '1' WHERE `password` = '35f504164d5a963d6a820e71614a4009' AND `timestamp` =

    I cant see where the problem is.
    Last edited by PRodgers4284; 03-02-2008 at 04:34 PM.

  • #14
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Where are $password and $stamp coming from? I don't seem them declared in your code. md5 always returns something even if its just a blank string. You can use this generator on your password to check and see if it matches the current md5 value.

    http://www.adamek.biz/md5-generator.php
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #15
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Where are $password and $stamp coming from? I don't seem them declared in your code. md5 always returns something even if its just a blank string. You can use this generator on your password to check and see if it matches the current md5 value.

    http://www.adamek.biz/md5-generator.php
    Aerospace, could i check the username and password instead of the password and timestamp.

    My full code for the register.php is:

    PHP Code:
    <?php 
    $error_stat 
    0
    $username_message '';
    $password_message '';
    $forename_message '';
    $surname_message '';
    $email_message '';
    $mobile_message '';
    $dob_message '';
    $location_message '';
    $checkbox_message '';
     

    if (isset(
    $_POST['submit'])) { 

    $username $_POST['username']; 
    $password1 $_POST['password']; 
    $password2 $_POST['password2']; 
    $md5password md5($_POST['password']); 
    $forename $_POST['forename']; 
    $surname $_POST['surname']; 
    $email $_POST['email']; 
    $mobile $_POST['mobile']; 
    $dob $_POST['dob']; 
    $location $_POST['location']; 
    $ip $_SERVER['REMOTE_ADDR']; 


    //Error checking 




    //Username check) 
    if (empty($username)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
    $username_message '*Please enter a username*';

    if(
    usernameTaken($username,$conn))
    {
        
    $error_stat 1;
        
    $username_message '*User name is taken, choose another one*';
    }

     
    $username $_POST['username']; 
     
    $username trim($username); 

       if (
    strlen($username) > 12){ 
       
    $error_stat 1
       
    $username_message '*The username must be 12 characters or less*'


     
    $username $_POST['username']; 
     
    $username trim($username); 

       if (
    strlen($username) < 4){ 
       
    $error_stat 1
       
    $username_message '*Username must be at least 4 characters*'


    else if ( 
    preg_match'/\W/'$username)){
         
    $error_stat 1
        
    $username_message '*Invalid username, letters only, no spaces*'



    //Password check) 
    if($password1 != $password2)
    {
        
    $error_stat 1;
        
    $password_message '*Passwords don\'t match*';
    }
     
     if (empty(
    $password1)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
        
    $password_message '*Please enter a password*';
    }

    if(!
    $password1 || !$password2)
    {
        
    $error_stat 1;
        
    $password_message '*Please enter both passwords*';
    }

    $password $_POST['password']; 
    $password trim($password); 

       if (
    strlen($password) < 4){ 
       
    $error_stat 1
       
    $password_message '*Password must be at least 4 characters*'


    else if ( 
    preg_match'/\W/'$password)){
         
    $error_stat 1
        
    $password_message '*Invalid password, letters only, no spaces*'






    //Forename check) 
    if (empty($forename)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
    $forename_message '*Please enter your forename*';
    }

    else if (
    ctype_digit($forename)) { 
       
    $error_stat 1
       
    $forename_message .= '*Invalid forename*'


    else if ( 
    preg_match'/\W/'$forename)){
         
    $error_stat 1
        
    $forename_message '*Invalid forename, letters only, no spaces*'




    $forename $_POST['forename']; 
    $forename trim($forename); 

       if (
    strlen($forename) > 12){ 
       
    $error_stat 1
       
    $forename_message '*The forename must be 12 characters or less*'
    }  




    //Surname check) 
    if (empty($surname)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a username
    $surname_message '*Please enter your surname*';
    }

    else if (
    ctype_digit($surname)) { 
       
    $error_stat 1
       
    $surname_message .= '*Invalid surname*'


    else if ( 
    preg_match'/\W/'$surname)){
         
    $error_stat 1
        
    $surname_message '*Invalid surname, letters only, no spaces*'





    $surname $_POST['surname']; 
    $surname trim($surname); 

       if (
    strlen($surname) > 12){ 
       
    $error_stat 1
       
    $surname_message '*The surname must be 12 characters or less*'


     



    //Email check) 
    if (empty($email)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter an email address
    $email_message '*Please enter your email address*';
    }
                 
    //Check format of email address entered
    else if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"$email)){
        
    $error_stat 1;          
    //Set the message to tell the user to enter a valid email address
        
    $email_message '*Invalid Email Address*';
    }

    if(
    emailTaken($email,$conn))
    {
        
    $error_stat 1;
        
    $email_message '*Email is taken please choose another one*';
    }

    $email $_POST['email']; 
    $email trim($email); 

       if (
    strlen($email) > 30){ 
       
    $error_stat 1
       
    $email_message '*The email address must be 30 characters or less*'
    }  




    //Mobile number check) 

    if (empty($mobile)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a dob
    $mobile_message '*Please enter your mobile number*';
    }

    else if (!
    ctype_digit($mobile)) { 
       
    $error_stat 1
       
    $mobile_message .= '*The mobile phone number must be only numbers*'
    }

    if(
    mobileTaken($mobile,$conn))
    {
        
    $error_stat 1;
        
    $mobile_message '*Mobile already in use, choose another one*';
    }



    $mobile $_POST['mobile']; 
    $mobile trim($mobile); 

       if (
    strlen($mobile) > 11){ 
       
    $error_stat 1
       
    $mobile_message '*Invalid mobile number*'
    }

    $mobile $_POST['mobile']; 
    $mobile trim($mobile); 

       if (
    strlen($mobile) < 11){ 
       
    $error_stat 1
       
    $mobile_message '*Invalid mobile number, must be 11 numbers*'
    }  
      

    //DOB check) 

    if (empty($dob)) {
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a dob
    $dob_message '*Please enter your date of birth*';
    }

    //Check the format and explode into $parts
      
    elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$"
              
    $dob$parts)){
     
    $error_stat 1;     

    //Set the message to tell the user the date is invalid
    $dob_message '*Invalid dob, must be DD/MM/YYYY format*';
    }
        
      elseif (!
    checkdate($parts[2],$parts[1],$parts[3]))
      {
      
    $error_stat 1
      
      
    //Set the message to tell the date is invalid for the month entered
        
    $dob_message '*Invalid dob, month must be between 1-12*';
    }

    elseif (
    intval($parts[3]) < 1948 || 
              
    intval($parts[3]) > intval(date("Y")))
      {
        
        
    $error_stat 1

       
    //Set the message to tell the user the date is invalid for the year entered
        
    $dob_message '*Invalid dob, year must 1948 onwards*';
      }

    //Terms and condition check)
    if(!isset($_POST['checkthis'])){
      
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;

    //Set the message to tell the user to enter a dob
        
    $checkbox_message '*You did not accept terms and conditions*';
    }

    if (
    $location == 'Please Select'){
    //Set the error_stat to 1, which means that an error has occurred
        
    $error_stat 1;
        
    $location_message '*Please select a location*';
    }



    //Then, only run the query if there were no errors (if $error_stat still equals 0) 
    if ($error_stat == 0) { 
       
    mysql_query("INSERT INTO users (username, password, forename, surname, email, mobile, dob, location, ipaddress) VALUES ('$username', '$md5password', '$forename', '$surname', '$email', '$mobile', '$dob', '$location', '$ip')"); 
       
    mysql_query("INSERT INTO cv (username) VALUES ('$username')");
       echo 
    "<h3>Registration Successful!</h3>"
       echo 
    "<p>Thankyou, <b>$username</b>,registration was successful</p>"
       echo 
    "<p>login.</p>";
          echo 
    "<a href=\"index.php\">Login</a>";
          
    //Then, only run the query if there were no errors (if $error_stat still equals 0)  
        
    require_once('class.phpgmailer.php');
        
    $mail = new PHPGMailer();
        
    $mail->IsSMTP(); // send via SMTP
        
    $mail->Host 'ssl://smtp.gmail.com'// SMTP servers
        
    $mail->FromName '*******.com';
        
    $mail->AddAddress($email);
        
    $mail->Subject '*******Registration';
        
    $mail->Body "Your account has been successfully created with the following details:\n\nUsername: $username\nPassword: $password\nEmail: $email\nForename: $forename\nSurname: $surname\nLocation: $location\n\nPlease click on the link to activate your account.\n";
        
    $mail->Body "<a href='http://localhost/Jobs4U/activate.php?username=$username'>Activate Account</a>";
        
    $mail->Send();
    }
    }

    //Then, for the form, only show it if 1) the form hasn't been submitted yet OR 2) there is an error 
    if (!isset($_POST['submit']) || $error_stat == 1) { 


    ?>
    activate.php

    Code:
    <?php
    include("database.php");
    $pass = md5($_GET['hash']);
    $stamp = base64_decode($_GET['stamp']);
    $sql = "UPDATE `users` SET `active` = '1' WHERE `password` = '$pass' AND `timestamp` = $stamp";
    $result = mysql_query($sql) or die('The error was: ' . mysql_error() . '<br>The query was: ' . $sql); 
    ?>
    Last edited by PRodgers4284; 03-02-2008 at 06:23 PM.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •