Ad:

PHP Discussion Thread
Unsolved
Views: 658

Aug 27th, 2009

User activation help

Expand Post »

In order for my users to log in they have to activate their account through email. The activation works fine. The trouble I am having is displaying a message at login if the user has not activated. Here is the activation script:

php Syntax (Toggle Plain Text)
<?php
require "connect.php";
 
if(isset($_GET['u'])){
//make sure that 'u' is numeric
if(is_numeric($_GET['u'])){
$u=$_GET['u'];
}else{
$u=0;
}
}
 
if(isset($_GET['a_code'])){
$code=$_GET['a_code'];
}else{
$code=0;
}
 
//Check to see if the received values are correct
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5(0)."'";
if(($u > 0) && (strlen($code)) == 32){
 
//now activate the user
$sql="UPDATE members SET actcode ='".md5(1)."' WHERE uid = '".$u."'";
 
$res = mysql_query($sql) or die(mysql_error());
 
if(mysql_affected_rows() == 1){
 
//update successful
echo ('Your account is now activated. You may proceed and log in.<br/><br /><a href="http://www.eternalhour.com/login.php">Login Page</a>');
}else{
echo ('Your account could not be activated. Please try again or contact the site admin.<br/><br/><a href="http://www.eternalhour.com/registration_form.php">Registration Page</a>');
}
}
?>
<?php
require "connect.php";

if(isset($_GET['u'])){
//make sure that 'u' is numeric
if(is_numeric($_GET['u'])){
$u=$_GET['u'];
}else{
$u=0;
}
}

if(isset($_GET['a_code'])){
$code=$_GET['a_code'];
}else{
$code=0;
}

//Check to see if the received values are correct
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5(0)."'";
if(($u > 0) && (strlen($code)) == 32){

//now activate the user
$sql="UPDATE members SET actcode ='".md5(1)."' WHERE uid = '".$u."'";

$res = mysql_query($sql) or die(mysql_error());

if(mysql_affected_rows() == 1){

//update successful
echo ('Your account is now activated. You may proceed and log in.<br/><br /><a href="http://www.eternalhour.com/login.php">Login Page</a>');
}else{
echo ('Your account could not be activated. Please try again or contact the site admin.<br/><br/><a href="http://www.eternalhour.com/registration_form.php">Registration Page</a>');
}
}
?>

I have tried setting up a query then using a $_GET to compare the codes.
But I am imagining the code for the login script will look something like:

php Syntax (Toggle Plain Text)
if(isset($_GET['u'])){
$u=$_GET['u'];
}
 
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5."'";
if($row['actcode']) == (md5(1)){
 
}else{
$msg = "You need to activate your account before logging in.";
}
if(isset($_GET['u'])){
$u=$_GET['u'];
}

$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5."'";
if($row['actcode']) == (md5(1)){

}else{
$msg = "You need to activate your account before logging in.";
}

But what I don't understand, is how to verify that the string == md5(1). Could someone help me please?

Last edited by Tekkno; Aug 27th, 2009 at 3:56 pm.

Similar Threads

Tekkno

Reputation Points: 12

Solved Threads: 7

Junior Poster

Offline

134 posts
since Apr 2009

Permalink

Aug 27th, 2009

Re: User activation help

When a user registers you must provide a link to the verification page with two get variables U & AID (activation ID), you must also store these details in the table.

When it verifies a user then remove all values from the AID field thus leaving it blank.

Then when it comes to logging them in then you only need to check if the field value is true, if it is then they haven't vrified there account if it isn't then they have and you can create the cookie.

Josh Connerty

Reputation Points: 31

Solved Threads: 27

Unverified User

Offline

342 posts
since Apr 2009

Permalink

Aug 28th, 2009

Re: User activation help

I have an activation script in place, which works just fine. I'd rather not change the script I have, because everything works perfectly as it is. The users can log in, if they have activated. I am just looking for a way to find out if they have activated from my login script, so I can notify them that they need to activate in order to log in.

Last edited by Tekkno; Aug 28th, 2009 at 3:13 am.

Tekkno

Reputation Points: 12

Solved Threads: 7

Junior Poster

Offline

134 posts
since Apr 2009

Permalink

Aug 28th, 2009

Re: User activation help

You aren't understanding how an activation script works. As of right now yours makes no sense. The values you are passing via get are not even being used in your queries.

The point of an activation script is to send a unique random number that is hard to guess (md5 of 1 will be the same every time, thats pointless). This helps make sure that the link was sent to their email address only and no one elses. The activation script needs to get the values from the url and use them in the database to identify the user that registered and mark them as 'active'.

kkeith29

Reputation Points: 235

Solved Threads: 193

Nearly a Posting Virtuoso

Offline

1,315 posts
since Jun 2007

Permalink

Aug 28th, 2009

Re: User activation help

Well forgive me for not being an expert, but why do you think I am here asking? You may know PHP better than I do, but your people skills really need some work. My script is obviously incorrect, thanks for the criticism.

Tekkno

Reputation Points: 12

Solved Threads: 7

Junior Poster

Offline

134 posts
since Apr 2009

Permalink

Aug 28th, 2009

Re: User activation help

On forums I tend to say things without the other persons feelings in mind (probably this is is because its not a face to face conversation). I didn't realize how rude that sounded until after I read again. For that, I apologize.

To make up for it, I will tell you exactly what to do.

On your registration page you need to create the link, email it, and save the random string in the database. I usually use a column named 'active' for this.

php Syntax (Toggle Plain Text)
//this is after form validates and you are about to insert the data into the database
function randString( $length ) {
	$array = array("b","c","d","f","g","h","j","k","l","m","n","p","q","r","s","t","v","w","x","y","z","B","C","D","F","G","H","J","K","L","M","N","P","Q","R","S","T","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9");
	$i = 0;
	$code = '';
	while ( $i < $length ) {
		$rand = rand( 0,( count( $array ) - 1 ) );
		$code .= $array[$rand];
	$i++;
	}
	return $code;
}
$code = randString(50);
mysql_query("INSERT INTO `members` (....column names....,'active') VALUES (....values here....,'{$code}')") or die(mysql_error()); //shows how you insert the code
$message = "Welcome to something.com,\n\nTo activate your account click the link below:\n\nhttp://www.something.com/activate.php?id=" . mysql_insert_id() . "&code={$code}\n\nBest regards,\n\nAdmin\nSomething.com (info@something.com)";
mail('email of user from form','Email Confirmation',$message,"From: Something.net<no-reply@something.net>"); //sends the activation email with the id of the user and activation code.
//this is after form validates and you are about to insert the data into the database
function randString( $length ) {
	$array = array("b","c","d","f","g","h","j","k","l","m","n","p","q","r","s","t","v","w","x","y","z","B","C","D","F","G","H","J","K","L","M","N","P","Q","R","S","T","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9");
	$i = 0;
	$code = '';
	while ( $i < $length ) {
		$rand = rand( 0,( count( $array ) - 1 ) );
		$code .= $array[$rand];
	$i++;
	}
	return $code;
}
$code = randString(50);
mysql_query("INSERT INTO `members` (....column names....,'active') VALUES (....values here....,'{$code}')") or die(mysql_error()); //shows how you insert the code
$message = "Welcome to something.com,\n\nTo activate your account click the link below:\n\nhttp://www.something.com/activate.php?id=" . mysql_insert_id() . "&code={$code}\n\nBest regards,\n\nAdmin\nSomething.com (info@something.com)";
mail('email of user from form','Email Confirmation',$message,"From: Something.net<no-reply@something.net>"); //sends the activation email with the id of the user and activation code.

On activate.php, we use the id and the code the id the user and set them to active.

php Syntax (Toggle Plain Text)
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");
  if ( mysql_num_rows( $query ) == 1 ) {
    list( $active ) = mysql_fetch_rows( $query );
    if ( $active == 1 ) {
       die('User account has already been activated');
    }
    elseif ( $active == $code ) {
      mysql_query("UPDATE `members` SET `active` = 1 WHERE `id` = {$id}"); //sets the member to active.
    }
    else {
      die('Invalid activation code');
    }
  }
  else {
    die('User not found!');
  }
}
else {
  die('Malformed URL');
}
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");
  if ( mysql_num_rows( $query ) == 1 ) {
    list( $active ) = mysql_fetch_rows( $query );
    if ( $active == 1 ) {
       die('User account has already been activated');
    }
    elseif ( $active == $code ) {
      mysql_query("UPDATE `members` SET `active` = 1 WHERE `id` = {$id}"); //sets the member to active.
    }
    else {
      die('Invalid activation code');
    }
  }
  else {
    die('User not found!');
  }
}
else {
  die('Malformed URL');
}

In your login script all you need to do is add ' AND `active` = 1' in your query.

Last edited by kkeith29; Aug 28th, 2009 at 5:26 am.

kkeith29

Reputation Points: 235

Solved Threads: 193

Nearly a Posting Virtuoso

Offline

1,315 posts
since Jun 2007

Permalink

Aug 28th, 2009

Re: User activation help

Apology accepted, it was obviously not intentional. Thanks for this code keith, but this brings me back to my original question. With your script, how do I notify the user at login that they need to activate their account in order to log in?

php Syntax (Toggle Plain Text)
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");
 
if($row['active']) == 1){
 
}else{
 
$msg = "You need to activate your account before logging in.";
 
}
if ( isset( $_GET['id'],$_GET['code'] ) ) {
  $id = (int) $_GET['id'];
  $code = mysql_real_escape_string( $_GET['code'] );
  $query = mysql_query("SELECT `active` FROM `members` WHERE `id` = {$id}");

if($row['active']) == 1){
 
}else{

$msg = "You need to activate your account before logging in.";

}

Maybe?

Last edited by Tekkno; Aug 28th, 2009 at 4:52 pm.

Tekkno

Reputation Points: 12

Solved Threads: 7

Junior Poster

Offline

134 posts
since Apr 2009

Permalink

Aug 28th, 2009

Re: User activation help

My script goes on its own page called activate.php.

In your login script you should get the user via a username/email which you have probably already done.
ex.

PHP Syntax (Toggle Plain Text)
$username = mysql_real_escape_string( $_POST['user'] ); //username from form
$query = mysql_query("SELECT `password`,`active` FROM `table_name` WHERE `username` = '{$user}' LIMIT 1");
if ( mysql_num_rows( $query ) == 0 ) {
  $msg = 'Username and/or Password incorrect'; //never be specific
}
else {
  list( $password,$active ) = mysql_fetch_row( $query );
  if ( $active !== 1 ) {
    $msg = 'You need to activate your account before logging in.';
  }
  else {
    //check the password and set login session here. Your passwords should be hashed.
  }
}
$username = mysql_real_escape_string( $_POST['user'] ); //username from form
$query = mysql_query("SELECT `password`,`active` FROM `table_name` WHERE `username` = '{$user}' LIMIT 1");
if ( mysql_num_rows( $query ) == 0 ) {
  $msg = 'Username and/or Password incorrect'; //never be specific
}
else {
  list( $password,$active ) = mysql_fetch_row( $query );
  if ( $active !== 1 ) {
    $msg = 'You need to activate your account before logging in.';
  }
  else {
    //check the password and set login session here. Your passwords should be hashed.
  }
}

Make sure your passwords are hashed as well.

kkeith29

Reputation Points: 235

Solved Threads: 193

Nearly a Posting Virtuoso

Offline

1,315 posts
since Jun 2007

Permalink

Aug 29th, 2009

Re: User activation help

Unfortunately Keith, I could not get my activation working with the script you posted. However, after changing the way my activation works and adjusting the login script, I was able to get everything working properly. Thanks for your time and effort.

Tekkno

Reputation Points: 12

Solved Threads: 7

Junior Poster

Offline

134 posts
since Apr 2009

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: PHP HTTP Screen-Scraping Class with Caching

Next Thread in PHP Forum Timeline: Installing php libraries on linux

DaniWeb Message

Cancel Changes