0

Hello.

My registration system is complete, I made the activation function too. The activation link gets send to the email address, but when the user clicks the link, it says invalid code.

However, I have set the code to random, and that random code should go to the email address when verifying. But I can see the code on the URL link but after the code there are some more random text added.

This is an image example if you do not get my message: http://i.imgur.com/lC9xT.png

My code is simple, here is the code. Please help.

<?php

if ( $_POST['registerbtn'] ){
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];

if ($getuser){
if ($getemail){
if ($getpass) {
if ($getretypepass) {
if ( $getpass === $getretypepass ){
if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){
require("connect.php");

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){

$password = md5($password);
$date = date("F d, Y");
$code = md5(rand());

mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$getpass', '$getemail', '0', '$code', '$date', '0'
)");

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");  
$numrows = mysql_num_rows($query);
if ($numrows == 1){

$site = "localhost/logintest";
$webmaster = "admin@localhost";
$headers = "From: LoginTest ($webmaster)";
$subject = "Login - Activate Your Account";
$message = "Thank you for registering. \n Click the link below to activate your account ";
$message .= "$site/activate.php?user=$getuser&code=$code";

if (mail($getemail, $subject, $message, $headers) ){
$errormsg =  "You have been registered. An activation link has been sent to your email address.";
$getuser = "";
$getemail = "";
}
else
$errormsg =  "An error has occured and the activation link was not sent to your email address";

There is more of the "else" code down below. If you want that, let me know.

The verification code area:

$message .= "$site/activate.php?user=$getuser&code=$code";

I hope you can understand my question.

Thanks.

3
Contributors
2
Replies
4
Views
5 Years
Discussion Span
Last Post by Zagga
1

Hi,

According to http://php.net/manual/en/function.md5.php

Returns the hash as a 32-character hexadecimal number.

The number in the confirmation e-mail is 32 characters, the number above it is not, so I'm guessing the correct one is in the e-mail and the code you have circled is not.

I was reading up on this more out of interest since I'm a bit unfamiliar with password verification, but it seems to me the error could be in a different part of the code, like the storing or the verification parts.

Not much help I'm afraid,

Traevel

0

Further to Traevel's well spotted point, are you sure your database field is set to hold a 32 character code?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.