DaniWeb Forum Index > Web Development > PHP

User activation help

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

•

Join Date: Apr 2009

Posts: 64

Reputation: Tekkno is an unknown quantity at this point

Solved Threads: 1

Tekkno

Offline

Junior Poster in Training

User activation help

Aug 27th, 2009

In order for my users to log in they have to activate their account through email. The activation works fine. The trouble I am having is displaying a message at login if the user has not activated. Here is the activation script:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?php
require "connect.php";
 
if(isset($_GET['u'])){
//make sure that 'u' is numeric
if(is_numeric($_GET['u'])){
$u=$_GET['u'];
}else{
$u=0;
}
}
 
if(isset($_GET['a_code'])){
$code=$_GET['a_code'];
}else{
$code=0;
}
 
//Check to see if the received values are correct
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5(0)."'";
if(($u > 0) && (strlen($code)) == 32){
 
//now activate the user
$sql="UPDATE members SET actcode ='".md5(1)."' WHERE uid = '".$u."'";
 
$res = mysql_query($sql) or die(mysql_error());
 
if(mysql_affected_rows() == 1){
 
//update successful
echo ('Your account is now activated. You may proceed and log in.<br/><br /><a href="http://www.eternalhour.com/login.php">Login Page</a>');
}else{
echo ('Your account could not be activated. Please try again or contact the site admin.<br/><br/><a href="http://www.eternalhour.com/registration_form.php">Registration Page</a>');
}
}
?>
<?php
require "connect.php";

if(isset($_GET['u'])){
//make sure that 'u' is numeric
if(is_numeric($_GET['u'])){
$u=$_GET['u'];
}else{
$u=0;
}
}

if(isset($_GET['a_code'])){
$code=$_GET['a_code'];
}else{
$code=0;
}

//Check to see if the received values are correct
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5(0)."'";
if(($u > 0) && (strlen($code)) == 32){

//now activate the user
$sql="UPDATE members SET actcode ='".md5(1)."' WHERE uid = '".$u."'";

$res = mysql_query($sql) or die(mysql_error());

if(mysql_affected_rows() == 1){

//update successful
echo ('Your account is now activated. You may proceed and log in.<br/><br /><a href="http://www.eternalhour.com/login.php">Login Page</a>');
}else{
echo ('Your account could not be activated. Please try again or contact the site admin.<br/><br/><a href="http://www.eternalhour.com/registration_form.php">Registration Page</a>');
}
}
?>

I have tried setting up a query then using a $_GET to compare the codes.
But I am imagining the code for the login script will look something like:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
if(isset($_GET['u'])){
$u=$_GET['u'];
}
 
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5."'";
if($row['actcode']) == (md5(1)){
 
}else{
$msg = "You need to activate your account before logging in.";
}
if(isset($_GET['u'])){
$u=$_GET['u'];
}

$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5."'";
if($row['actcode']) == (md5(1)){

}else{
$msg = "You need to activate your account before logging in.";
}

But what I don't understand, is how to verify that the string == md5(1). Could someone help me please?

Last edited by Tekkno; Aug 27th, 2009 at 3:56 pm.

•

Join Date: Apr 2009

Posts: 340

Reputation: Josh Connerty is an unknown quantity at this point

Solved Threads: 26

Josh Connerty Josh Connerty is offline

Offline

Posting Whiz

Re: User activation help

Aug 27th, 2009

When a user registers you must provide a link to the verification page with two get variables U & AID (activation ID), you must also store these details in the table.

When it verifies a user then remove all values from the AID field thus leaving it blank.

Then when it comes to logging them in then you only need to check if the field value is true, if it is then they haven't vrified there account if it isn't then they have and you can create the cookie.

Posts should be like mini-skirts, long enough to cover enough, but not too long that you cover too much.

My Liveperson: http://liveperson.com/josh-connerty/

•

Join Date: Apr 2009

Posts: 64

Reputation: Tekkno is an unknown quantity at this point

Solved Threads: 1

Tekkno

Offline

Junior Poster in Training

Re: User activation help

Aug 28th, 2009

I have an activation script in place, which works just fine. I'd rather not change the script I have, because everything works perfectly as it is. The users can log in, if they have activated. I am just looking for a way to find out if they have activated from my login script, so I can notify them that they need to activate in order to log in.

Last edited by Tekkno; Aug 28th, 2009 at 3:13 am.

•

Join Date: Jun 2007

Posts: 1,227

Reputation: kkeith29 has a spectacular aura about

Solved Threads: 167

kkeith29

Offline

Nearly a Posting Virtuoso

Re: User activation help

Aug 28th, 2009

You aren't understanding how an activation script works. As of right now yours makes no sense. The values you are passing via get are not even being used in your queries.

The point of an activation script is to send a unique random number that is hard to guess (md5 of 1 will be the same every time, thats pointless). This helps make sure that the link was sent to their email address only and no one elses. The activation script needs to get the values from the url and use them in the database to identify the user that registered and mark them as 'active'.

Google is your friend.

Use [code] tags.

If you have found a solution to your problem, please mark the thread as SOLVED.

•

Join Date: Apr 2009

Posts: 64

Reputation: Tekkno is an unknown quantity at this point

Solved Threads: 1

Tekkno

Offline

Junior Poster in Training

Re: User activation help

Aug 28th, 2009

Well forgive me for not being an expert, but why do you think I am here asking? You may know PHP better than I do, but your people skills really need some work. My script is obviously incorrect, thanks for the criticism.

•

Join Date: Jun 2007

Posts: 1,227

Reputation: kkeith29 has a spectacular aura about

Solved Threads: 167

kkeith29

Offline

Nearly a Posting Virtuoso

Re: User activation help

Aug 28th, 2009

On forums I tend to say things without the other persons feelings in mind (probably this is is because its not a face to face conversation). I didn't realize how rude that sounded until after I read again. For that, I apologize.

To make up for it, I will tell you exactly what to do.

On your registration page you need to create the link, email it, and save the random string in the database. I usually use a column named 'active' for this.

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
//this is after form validates and you are about to insert the data into the database
function randString( $length ) {
	$array = array("b","c","d","f","g","h","j","k","l","m","n","p","q","r","s","t","v","w","x","y","z","B","C","D","F","G","H","J","K","L","M","N","P","Q","R","S","T","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9");
	$i = 0;
	$code = '';
	while ( $i < $length ) {
		$rand = rand( 0,( count( $array ) - 1 ) );
		$code .= $array[$rand];
	$i++;
	}
	return $code;
}
$code = randString(50);
mysql_query("INSERT INTO `members` (....column names....,'active') VALUES (....values here....,'{$code}')") or die(mysql_error()); //shows how you insert the code
$message = "Welcome to something.com,\n\nTo activate your account click the link below:\n\nhttp://www.something.com/activate.php?id=" . mysql_insert_id() . "&code={$code}\n\nBest regards,\n\nAdmin\nSomething.com (info@something.com)";
mail('email of user from form','Email Confirmation',$message,"From: Something.net<no-reply@something.net>"); //sends the activation email with the id of the user and activation code.
//this is after form validates and you are about to insert the data into the database
function randString( $length ) {
	$array = array("b","c","d","f","g","h","j","k","l","m","n","p","q","r","s","t","v","w","x","y","z","B","C","D","F","G","H","J","K","L","M","N","P","Q","R","S","T","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9");
	$i = 0;
	$code = '';
	while ( $i < $length ) {
		$rand = rand( 0,( count( $array ) - 1 ) );
		$code .= $array[$rand];
	$i++;
	}
	return $code;
}
$code = randString(50);
mysql_query("INSERT INTO `members` (....column names....,'active') VALUES (....values here....,'{$code}')") or die(mysql_error()); //shows how you insert the code
$message = "Welcome to something.com,\n\nTo activate your account click the link below:\n\nhttp://www.something.com/activate.php?id=" . mysql_insert_id() . "&code={$code}\n\nBest regards,\n\nAdmin\nSomething.com (info@something.com)";
mail('email of user from form','Email Confirmation',$message,"From: Something.net<no-reply@something.net>"); //sends the activation email with the id of the user and activation code.

On activate.php, we use the id and the code the id the user and set them to active.

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");
  if ( mysql_num_rows( $query ) == 1 ) {
    list( $active ) = mysql_fetch_rows( $query );
    if ( $active == 1 ) {
       die('User account has already been activated');
    }
    elseif ( $active == $code ) {
      mysql_query("UPDATE `members` SET `active` = 1 WHERE `id` = {$id}"); //sets the member to active.
    }
    else {
      die('Invalid activation code');
    }
  }
  else {
    die('User not found!');
  }
}
else {
  die('Malformed URL');
}
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");
  if ( mysql_num_rows( $query ) == 1 ) {
    list( $active ) = mysql_fetch_rows( $query );
    if ( $active == 1 ) {
       die('User account has already been activated');
    }
    elseif ( $active == $code ) {
      mysql_query("UPDATE `members` SET `active` = 1 WHERE `id` = {$id}"); //sets the member to active.
    }
    else {
      die('Invalid activation code');
    }
  }
  else {
    die('User not found!');
  }
}
else {
  die('Malformed URL');
}

In your login script all you need to do is add ' AND `active` = 1' in your query.

Last edited by kkeith29; Aug 28th, 2009 at 5:26 am.

Google is your friend.

Use [code] tags.

If you have found a solution to your problem, please mark the thread as SOLVED.

•

Join Date: Apr 2009

Posts: 64

Reputation: Tekkno is an unknown quantity at this point

Solved Threads: 1

Tekkno

Offline

Junior Poster in Training

Re: User activation help

Aug 28th, 2009

Apology accepted, it was obviously not intentional. Thanks for this code keith, but this brings me back to my original question. With your script, how do I notify the user at login that they need to activate their account in order to log in?

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");
 
if($row['active']) == 1){
 
}else{
 
$msg = "You need to activate your account before logging in.";
 
}
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");

if($row['active']) == 1){
 
}else{

$msg = "You need to activate your account before logging in.";

}

Maybe?

Last edited by Tekkno; Aug 28th, 2009 at 4:52 pm.

•

Join Date: Jun 2007

Posts: 1,227

Reputation: kkeith29 has a spectacular aura about

Solved Threads: 167

kkeith29

Offline

Nearly a Posting Virtuoso

Re: User activation help

Aug 28th, 2009

My script goes on its own page called activate.php.

In your login script you should get the user via a username/email which you have probably already done.
ex.

 Help with Code Tags 
 PHP Syntax (Toggle Plain Text) 
$username = mysql_real_escape_string( $_POST['user'] ); //username from form
$query = mysql_query("SELECT `password`,`active` FROM `table_name` WHERE `username` = '{$user}' LIMIT 1");
if ( mysql_num_rows( $query ) == 0 ) {
  $msg = 'Username and/or Password incorrect'; //never be specific
}
else {
  list( $password,$active ) = mysql_fetch_row( $query );
  if ( $active !== 1 ) {
    $msg = 'You need to activate your account before logging in.';
  }
  else {
    //check the password and set login session here. Your passwords should be hashed.
  }
}
$username = mysql_real_escape_string( $_POST['user'] ); //username from form
$query = mysql_query("SELECT `password`,`active` FROM `table_name` WHERE `username` = '{$user}' LIMIT 1");
if ( mysql_num_rows( $query ) == 0 ) {
  $msg = 'Username and/or Password incorrect'; //never be specific
}
else {
  list( $password,$active ) = mysql_fetch_row( $query );
  if ( $active !== 1 ) {
    $msg = 'You need to activate your account before logging in.';
  }
  else {
    //check the password and set login session here. Your passwords should be hashed.
  }
}

Make sure your passwords are hashed as well.

Google is your friend.

Use [code] tags.

If you have found a solution to your problem, please mark the thread as SOLVED.

•

Join Date: Apr 2009

Posts: 64

Reputation: Tekkno is an unknown quantity at this point

Solved Threads: 1

Tekkno

Offline

Junior Poster in Training

Re: User activation help

Aug 29th, 2009

Unfortunately Keith, I could not get my activation working with the script you posted. However, after changing the way my activation works and adjusting the login script, I was able to get everything working properly. Thanks for your time and effort.