Register and Login (Email Activation)
Posted: Fri Mar 23, 2012 12:48 pm
Problem:
#1. Activation part doesn't seem to work correctly. After clickin activate account link all information disappears from database.
#2. Register page gives "The username field cannot be empty.". Even if i type random username in that field...
Some php and stuff:
user.inc.php
#1. Activation part doesn't seem to work correctly. After clickin activate account link all information disappears from database.
#2. Register page gives "The username field cannot be empty.". Even if i type random username in that field...
Some php and stuff:
user.inc.php
<?php //check if the given username exists in the database function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } //check if the giver username and password combination is valid function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } //checks if the given user account is active function is_active($user){ $user = mysql_real_escape_string($user); $sql = "SELECT COUNT (`activations`.`user_id`) FROM `users` INNER JOIN `activations`.`user_id` ON `users`.`user_id` = `activations`.`user_id` WHERE `users`.`user_name` = '{$user}'"; $result = mysql_query($sql); return (mysql_result($result, 0) == '0') ? true : false; } //acctivates the account related to the given activation code function activate_account($aid){ $aid = mysql_real_escape_string($aid); mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'"); } //adds a user to the database function add_user($user, $email, $pass, $first, $last){ $user = mysql_real_escape_string(htmlentities($user)); $email = mysql_real_escape_string($email); $pass = sha1($pass); $charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9'))); $aid =implode('', array_rand($charset, 10)); $body = <<<EMAIL Hi, Thanks for registering to World Community, before you can login you need to activate your account. to do that simply click link below or copy/paste it to your internet browser search bar. http://worldcommunity.no-ip.org/activate.php?aid={$aid} EMAIL; mail($email, 'Your new account at worldcommunity.no-ip.org', $body, 'From: noreply@worldcommunity.no-ip.org'); mysql_query("INSET INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')"); $user_id = mysql_insert_id(); mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ('{$user_id}', '{$aid}')"); } ?>init.inc.php:
<?php error_reporting(E_ALL); session_start(); $exceptions = array ('register', 'login', 'activate'); $page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4); mysql_connect('localhost', 'root', 'pass'); mysql_select_db('user_system'); $path = dirname(__FILE__); include("{$path}\inc\user.inc.php"); if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION[username]) === false){ if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){ $_SESSION['username'] = htmlentities($_COOKIE['username']); setcookie('username', $_POST['username'], time() + 604800); setcookie('password', sha1($_POST['password']), time() + 604800); } } if (in_array($page, $exceptions) === false){ if (isset($_SESSION['username']) === false){ header('Location: login.php'); die(); } } ?>register.php:
<?php include('core/init.inc.php'); $errors = array(); if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){ if (empty($_POST['user_name'])){ $errors[] = 'The username field cannot be empty.'; } if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){ $errors[] = 'The email address you entered does not seem to be valid'; } if(empty($_POST['password'])){ $errors[] = 'The password field cannot be empty.'; } if (empty($_POST['password']) || empty($_POST['repeat_password'])){ $errors[] = 'The password is not entered.'; } if ($_POST['password'] !== $_POST['repeat_password']){ $errors[] = 'Password verification failed'; } if (user_exists($_POST['username'])){ $errors[] = 'The username you entered is already taken.'; } if (empty($errors)){ add_user($POST['user_name'], $_POST['email'], $_POST['password']); $_SESSION['username'] = htmlentities($_POST['username']); header('location: protected.php'); die(); } } ?> <html> <head> <title></title> <style type="text/css"> form {margin:10px 0px 0px 0px;} form div {float:left; clear:both; margin:0px 0px 4px 0px;} label {float:left; width:100px;} input [type="text"], textarea{float:left; width:400px;} input [type="submit"]{margin:10px 0px 0px 100px;} </style> </head> <body> <div> <div> <?php if (empty($errors) === false){ ?> <ul> <?php foreach ($errors as $error){ echo "<li>{$error}</li>"; } ?> </ul> <?php } ?> </div> </div> <form action='' method='POST'> <p> <label for="username">Username:</label> <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>"> </p> <label for="email">Email:</label> <input type="text" name="email" id="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email'])?>"> <p> <label for="password">Password:</label> <input type="password" name="password" id="password"> </p> <p> <label for="repeat_password">Repeat password:</label> <input type="password" name="repeat_password" id="repeat_password"> </p> <p> <input type="submit" value="Register"> </p> </form> </body> </html>activate.php:
<?php include('core/init.inc.php'); if (isset($_GET['aid'])){ activate_account($_GET['aid']); } ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" > <title></title> </head> <body> <p> Your account has been activated, you can now <a href="login.php">log in</a> </p> </body> </html>If you can help me figure this out. Thanks!