CSS Codes
CSS Layouts
Results 1 to 3 of 3

Thread: More PHP woes

  1. 01-16-2009, 10:46 PM #1
    Schmoopy's Avatar
    Schmoopy
    Schmoopy is offline Senior Coders
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default More PHP woes

    Ok so I'm still trying to code a newsletter system, and am at the registration stage, and am trying to achieve the following:

    Validate user id and hash.
    Check email is not already active.
    Update table if details are correct.

    At the moment, when the user first signs up to the newsletter, their details are stored in a table with the following fields : ID, email and Active.

    When the user first signs up the Active field is 0 by default, and an email is sent out to their account to verify they want to join.

    Here is the code I'm currently using (and yes it's probably terrible, but there you go...):

    Code:
    <?php
$title = "Bristol DNB - Register";
include("page_header.php");
$hash = $_GET['ver'];
$id = $_GET['id'];

if ($id == "" || $hash == "")
	{
	die("Invalid information");
	}


$con = @mysql_connect("$host","$user","$password");
mysql_select_db("bristoldnb_mail",$con);

if (!$con)
	{
	die("Looks like something went wrong while connecting to the server, please try again later<p></p>You will be redirected back to the home page in 10 seconds, or click <a href=\"$server_url\">here</a>");
	}
	
$active = mysql_query("SELECT `email` FROM `subscribers` WHERE `ID` = '$id' AND `Active` = '1'");
if($srow = mysql_fetch_row($active))
{
die("Subscription already active");
}
			
elseif($sql = mysql_query("SELECT `email` FROM `subscribers` WHERE `ID` = '$id' AND `Active` = '0'")) {
				
		if (mysql_fetch_row($sql))
			{
			die("Oh noes");
			}
			
		$row = mysql_fetch_row($sql);
		$email = $row[0];
		
		if ($hash == sha1($email . "bristoldnb"));
			{
				mysql_query("UPDATE `subscribers` SET `Active` = '1' WHERE `id` = '$id'");
				echo "Registration Successul";
			}

}

?>
</div>

<div id="content">
<div id="unsubscribe">

</div>
</div>

<?php
include("page_footer.php");
?>
    I'm pretty sure some of the code doesn't make sense but I've just been playing around with values to get some sort of response from the php.

    Sort of lost as to what to do, I've tried using invalid ids and hash keys but still not working.

    Thanks for any help,

    Jack.
    Reply With Quote Reply With Quote
  2. 01-17-2009, 10:12 AM #2
    JasonDFR
    JasonDFR is offline Senior Coders
    Join Date
    Apr 2008
    Location
    Limoges, France
    Posts
    395
    Thanks
    13
    Thanked 61 Times in 61 Posts

    Default

    My instinct is always to keep things as simple as possible. I would do away with your hash, use the email address and a unique "id" to build the url for the email validation, and just test to see if an email / id combination exists in your db. If so, activate that subscriber.

    You can do this because in order to activate an account, someone will need the "id" from the email you send out. If they don't have access to the id in the email, they can't activate the account. If they do have access to the email, well, that's the point.

    Testing to see if an account is already active might just complicate matters. Is the outcome going to be any different if an account is already active? No, the end result is that the subscriber has an active account, so you can do away with that step.

    As long as unsubscribe deletes the email address, id, or both from your table, you are in good shape.

    Example URL: your_script.php?email=email@email.com&id=56456

    PHP Code:

    // Validate the information being passed in the URL; this is a good regex for any email validation btw
    if ( preg_match('/^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$/'$_GET['email']) && is_numeric($_GET['id']) ) {

                // Get your values to test against the db
                $email $_GET['email'];
            $id $_GET['id'];

                // db connection here
        
             // Build query to match an existing email address with it's corresponding id
            $q "SELECT *
        FROM `subscribers`
        WHERE `subscribers`.`email` = '    $email'
        AND `subscribers`.`id` = '    $id'
        LIMIT 1 "    ;

            $r mysql_query($q) or die ("Query Failed: " mysql_error());

        if  (     mysql_num_rows($r) == ) { // There is a legitimate match

                    // Query db and set active to 1

                $q "UPDATE `subscribers` SET `active` = '1'
                    WHERE `users`.`email` = '    $email' LIMIT 1 ";

                    if (     mysql_query($q) ) {

                    echo     '<p>Your account is activated.</p>';

                    }

            } else {     // mysql_affected_rows does not equal 1

                    // There is no match

                }

    } else {     // validation failed

    // bad information is being passed in the URL
    Good luck,

    Jason
    Last edited by JasonDFR; 01-17-2009 at 08:44 PM. Reason: the GET variable in the preg_match was wrong
    Reply With Quote Reply With Quote

  3. The Following User Says Thank You to JasonDFR For This Useful Post:

    Schmoopy (01-17-2009)
  4. 01-17-2009, 03:46 PM #3
    Schmoopy's Avatar
    Schmoopy
    Schmoopy is offline Senior Coders
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default

    Ah, much simpler in the approach. thanks for the help.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules