#1. Activation part doesn't seem to work correctly. After clickin activate account link all information disappears from database.
#2. Register page gives "The username field cannot be empty.". Even if i type random username in that field...
Some php and stuff:
user.inc.php
<?php
//check if the given username exists in the database
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//check if the giver username and password combination is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//checks if the given user account is active
function is_active($user){
$user = mysql_real_escape_string($user);
$sql = "SELECT
COUNT (`activations`.`user_id`)
FROM `users`
INNER JOIN `activations`.`user_id`
ON `users`.`user_id` = `activations`.`user_id`
WHERE `users`.`user_name` = '{$user}'";
$result = mysql_query($sql);
return (mysql_result($result, 0) == '0') ? true : false;
}
//acctivates the account related to the given activation code
function activate_account($aid){
$aid = mysql_real_escape_string($aid);
mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");
}
//adds a user to the database
function add_user($user, $email, $pass, $first, $last){
$user = mysql_real_escape_string(htmlentities($user));
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
$aid =implode('', array_rand($charset, 10));
$body = <<<EMAIL
Hi,
Thanks for registering to World Community, before you can login you need to activate your account.
to do that simply click link below or copy/paste it to your internet browser search bar.
http://worldcommunity.no-ip.org/activate.php?aid={$aid}
EMAIL;
mail($email, 'Your new account at worldcommunity.no-ip.org', $body, 'From: noreply@worldcommunity.no-ip.org');
mysql_query("INSET INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
$user_id = mysql_insert_id();
mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ('{$user_id}', '{$aid}')");
}
?>
init.inc.php:
<?php
error_reporting(E_ALL);
session_start();
$exceptions = array ('register', 'login', 'activate');
$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
mysql_connect('localhost', 'root', 'pass');
mysql_select_db('user_system');
$path = dirname(__FILE__);
include("{$path}\inc\user.inc.php");
if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION[username]) === false){
if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
$_SESSION['username'] = htmlentities($_COOKIE['username']);
setcookie('username', $_POST['username'], time() + 604800);
setcookie('password', sha1($_POST['password']), time() + 604800);
}
}
if (in_array($page, $exceptions) === false){
if (isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
?>
register.php:
<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['user_name'])){
$errors[] = 'The username field cannot be empty.';
}
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = 'The email address you entered does not seem to be valid';
}
if(empty($_POST['password'])){
$errors[] = 'The password field cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password is not entered.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed';
}
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
add_user($POST['user_name'], $_POST['email'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('location: protected.php');
die();
}
}
?>
<html>
<head>
<title></title>
<style type="text/css">
form {margin:10px 0px 0px 0px;}
form div {float:left; clear:both; margin:0px 0px 4px 0px;}
label {float:left; width:100px;}
input [type="text"], textarea{float:left; width:400px;}
input [type="submit"]{margin:10px 0px 0px 100px;}
</style>
</head>
<body>
<div>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
</div>
<form action='' method='POST'>
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>">
</p>
<label for="email">Email:</label>
<input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email'])?>">
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password">
</p>
<p>
<label for="repeat_password">Repeat password:</label>
<input type="password" name="repeat_password" id="repeat_password">
</p>
<p>
<input type="submit" value="Register">
</p>
</form>
</body>
</html>
activate.php:
<?php
include('core/init.inc.php');
if (isset($_GET['aid'])){
activate_account($_GET['aid']);
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" >
<title></title>
</head>
<body>
<p>
Your account has been activated, you can now <a href="login.php">log in</a>
</p>
</body>
</html>
If you can help me figure this out. Thanks!
