Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Sep 2008
    Posts
    697
    Thanks
    8
    Thanked 17 Times in 16 Posts

    trouble on account verification script

    Hey guys, I am having a bit of trouble on my new registered account verification script.

    It gets the code from the email sent after you register to activate your account to a 'level1' user. It uses a randomly generated code to do it and a GET function.

    Using the url with the variable: verify.php?id=codingforums

    Here is my code:
    PHP Code:
    <?php
    $queryString 
    $_GET['id'];
    $query  "SELECT * FROM users LIMIT 1";
    $result mysql_query($query) or die(mysql_error());
    while (
    $row mysql_fetch_array($result)) {
        if (
    $queryString == $row["activationkey"]) {
            echo 
    "Congratulations! You have activated your account. You may login your account.";
            
    $sql "UPDATE users SET activationkey = '', level='1' WHERE (user_id = $row[user_id])";
            if (!
    mysql_query($sql)) {
                die(
    'Error: ' mysql_error());
            }
        } else {
            echo 
    "The account containing the verification code you requested has already been activated, or the validation code is invalid";
        }
    }
    ?>
    But I keep using the code with an account thats not verified. and it keeps returning 'The account containing the verification code you requested has already been activated, or the validation code is invalid'

    here is how my DB looks


    Anyone notice the problem at all?
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.

  • #2
    Regular Coder
    Join Date
    Nov 2012
    Posts
    109
    Thanks
    6
    Thanked 12 Times in 12 Posts
    Right, so let me get this clear:

    1. User registers
    2. Unique activationkey is generated and stored in DB on users account
    3. User receives an e-mail with a activation-URL, which doesn't actually include the activationkey?
    4. User then clicks link verify.php?id=codingforums, in which codingforums is
    a) the actual ID of the row (this is usually a number, not a word, unfortunately just out of range in your screenshot); or
    b) the activationkey

    Because if 4a is the case, then why are you generating unique keys, as they're not being used.
    If 4b is happening, then you are searching the DB for an ID which is not being found, as the key is stored in the table.activationkey, not in table.id.

  • #3
    Regular Coder
    Join Date
    Sep 2008
    Posts
    697
    Thanks
    8
    Thanked 17 Times in 16 Posts
    Quote Originally Posted by Thyrosis View Post
    Right, so let me get this clear:

    1. User registers
    2. Unique activationkey is generated and stored in DB on users account
    3. User receives an e-mail with a activation-URL, which doesn't actually include the activationkey?It does, it gets sent in an email with the url http://website.com/verify.php?id=codingforums I just shortened it because the usual code is very long.
    4. User then clicks link verify.php?id=codingforums, in which codingforums is that link is sent to the email, which the variable value is different every time since it is generated randomly.
    a) the actual ID of the row (this is usually a number, not a word, unfortunately just out of range in your screenshot); or
    b) the activationkey it is the row value of activationkey

    Because if 4a is the case, then why are you generating unique keys, as they're not being used.
    If 4b is happening, then you are searching the DB for an ID which is not being found, as the key is stored in the table.activationkey, not in table.id.
    I am searching for a value that is in the database, because if someone types in a random activationcode, it doesnt find it and says that it is either invalid or not found because someone has already activated it and it removed it from the database and set the user as level 1
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.

  • #4
    Regular Coder
    Join Date
    Nov 2012
    Posts
    109
    Thanks
    6
    Thanked 12 Times in 12 Posts
    Hey, sorry I didn't reply sooner, only just found the reply in my spam folder for whatever reason. I'm guessing you solved the issue by now?

    If not, here's your problem:
    PHP Code:
    $queryString $_GET['id'];
    $query  "SELECT * FROM users LIMIT 1";
    $result mysql_query($query) or die(mysql_error()); 
    With this query you'll pull out one record out of your database, which is not necessarily (or to be fair, won't ever be) the row you are looking for. The solution is simple: add the username or userID in your URL and adapt your query:

    PHP Code:
    //URL :  http://website.com/verify.php?user=bucket&id=codingforums
    $queryStringID $_GET['id'];
    $queryStringUser $_GET['user'];
    $query  "SELECT * FROM users WHERE username='{$queryStringUser}' LIMIT 1";
    $result mysql_query($query) or die(mysql_error()); 
    This way you will pull out the correct row out of your table by searching for username, and match the resulting $row['activationcode'] with the code from the URL, which will then return TRUE (if the code is correct obviously).


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •