Please help me with my confirmation email scripts (scripts included)

**Rosalie** · 08-10-2010, 07:42 PM

Hello!
I really need some help. I have been struggling with my scripts for days now and I hope that someone can figure out the mistakes I have made.

register-exec

PHP Code:


<?php
    //Start session
    session_start();
    
    //Include database connection details
    require_once('config.php');
    
    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;
    
    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }
    
    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }
    
    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    
    //Sanitize the POST values
    $confirmation_code = md5(uniqid(rand()));
    $fname = clean($_POST['fname']);
    $lname = clean($_POST['lname']);
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);
    $cpassword = clean($_POST['cpassword']);
    
    //Input Validations
    if($fname == '') {
        $errmsg_arr[] = 'First name missing';
        $errflag = true;
    }
    if($lname == '') {
        $errmsg_arr[] = 'Last name missing';
        $errflag = true;
    }
    if($address == '') {
        $errmsg_arr[] = 'Address missing';
        $errflag = true;
    }
    if($city == '') {
        $errmsg_arr[] = 'City missing';
        $errflag = true;
    }
    if($postalcode == '') {
        $errmsg_arr[] = 'Postalcode missing';
        $errflag = true;
    }
    if($state == '') {
        $errmsg_arr[] = 'State/Province missing';
        $errflag = true;
    }
    if($country == '') {
        $errmsg_arr[] = 'Country missing';
        $errflag = true;
    }
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    if($cpassword == '') {
        $errmsg_arr[] = 'Confirm password missing';
        $errflag = true;
    }
    if( strcmp($password, $cpassword) != 0 ) {
        $errmsg_arr[] = 'Passwords do not match';
        $errflag = true;
    }
    
    //Check for duplicate login ID
    if($login != '') {
        $qry = "SELECT * FROM temp WHERE login='$login'";
        $result = mysql_query($qry);
        if($result) {
            if(mysql_num_rows($result) > 0) {
                $errmsg_arr[] = 'Login ID already in use';
                $errflag = true;
            }
            @mysql_free_result($result);
        }
        else {
            die("Query failed");
        }
    }
    
    //If there are input validations, redirect back to the registration form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: register-form.php");
        exit();
    }

    //Create INSERT query
    $qry = "INSERT INTO temp(code, firstname, lastname, address, city, postalcode, state, country, email, login, passwd) VALUES('$confirmation_code','$fname','$lname','$address','$city','$postalcode','$state','$country','$email','$login','".md5($_POST['password'])."')";
    $result = @mysql_query($qry);
    
    //Check whether the query was successful or not
    if($result) {
        $message="Your Confirmation link \r\n";
        $message.="Click on this link to activate your account \r\n";
        $message.="http://www.------------.com/confirmation.php?pass_key=$confirmation_code";
        $sent_mail = mail("$email", "Registration Confirmation", "$message");
                  }
                  else
                  {
                   echo "Not found your e-mail in our database";
                  }
                  
                  if($sent_mail)
                  {
                  echo "Your Confirmation link has been sent to your e-mail account";
                  }
                  else
                  {
                  echo "cannot send confirmation link to your e-mail adress";
                  }
            
?>

confirmation.php

PHP Code:


<?php
    //Start session
    session_start();
    
    //Include database connection details
    require_once('config.php');
    
    $passkey=$_GET['pass_key'];
    
    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;
    
    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }
    
    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }
    
    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
        
    //Create INSERT query
    $qry1="SELECT * FROM temp(code) VALUES('$confirmation_code')";
    $result=@mysql_query($qry1);    

if($result)
{
$count=mysql_num_rows($result);
   if($count==1)
   {   
   $rows=mysql_fetch_array($result);
   $fnamex=$rows['firstname'];
   $emailx=$rows['email'];
   $passwordx=$rows['passwd'];
   
   $fname=str_replace(' ','',$fnamex);
   $email=str_replace(' ','',$emailx);
   $password=str_replace(' ','',$passwordx);
   
   
       $qry2 = "INSERT INTO members(firstname, lastname, address, city, postalcode, state, country, email, login, passwd) VALUES('$fname','$lname','$address','$city','$postalcode','$state','$country','$email','$login','".md5($_POST['password'])."')";
    $result2=@mysql_query($qry2);
   }
   else
   {echo "wrong confirmation code";}
   
   
   if($result2){
   header("Location:confirmation2.html");
   
   }
   
}

?>

So what's my problem? When someone enters their information in my register form they receive a confirmation email with a link. When they click on the link their data should go from my mysql database called temp to the database called 'members'. However, this doesn't happen.
I am just a starter with php so hopefully you can help me!

Thank you so much in advance!

**djr33** · 08-10-2010, 07:51 PM

I haven't seen anything that is clearly wrong. The general idea seems correct, so I hope that helps a little.

One thing I noticed, though this won't fix the overall problems, is that this code seems problematic:

Code:

$fname=str_replace(' ','',$fnamex);
   $email=str_replace(' ','',$emailx);
   $password=str_replace(' ','',$passwordx);

Why do you want to change these values after they have been saved? Don't you want to tell the user the username, email or password has been updated??

**Rosalie** · 08-10-2010, 07:57 PM

Hey Daniel, I just send you a reply on your email. Again thanks for the help

.

I thought I needed to remove the spaces because it is easy for people to forget those. But you're right, maybe it is not necessary and better to take it out.

Originally Posted by djr33

I haven't seen anything that is clearly wrong. The general idea seems correct, so I hope that helps a little.

One thing I noticed, though this won't fix the overall problems, is that this code seems problematic:

Code:

$fname=str_replace(' ','',$fnamex);
   $email=str_replace(' ','',$emailx);
   $password=str_replace(' ','',$passwordx);

Why do you want to change these values after they have been saved? Don't you want to tell the user the username, email or password has been updated??

**Rosalie** · 08-10-2010, 08:05 PM

So to clarify:
The data goes into my temp database but after clicking on the link in the confirmation email it should go to the members database, which it doesn't

**djr33** · 08-10-2010, 08:50 PM

You can remove spaces if you'd like, but the user won't know about this and then won't be able to log in. A valid email cannot contain spaces, so that should not be a problem. But for the others, that will change what they type. If you want to remove spaces, that's probably a good idea, just tell them before they are allowed to register (in the first step).

Code:

    $result2=@mysql_query($qry2);

That line is what matters, I think.
Immediately after that, try to add this:

Code:

echo $result2===FALSE?'It is broken':'It works'; exit();

(The format is: condition?if true:else [false], so this is like if/else, but just in one line.)

That will tell you whether the query executed. The only way to solve this now is to just use "trial and error", going one step at a time until you find the exact problem.

Again, this is just for debugging, and you will need to remove this line after you use it to test.

**Rosalie** · 08-10-2010, 09:31 PM

Thanks again for your help. However, the frustrating thing is that the page turns blank. So if I click on the link in the confirmation email I go to confirmation.php but there is nothing on the page. Usually when there is something wrong in my code I immediatelly see the error message.

Originally Posted by djr33

You can remove spaces if you'd like, but the user won't know about this and then won't be able to log in. A valid email cannot contain spaces, so that should not be a problem. But for the others, that will change what they type. If you want to remove spaces, that's probably a good idea, just tell them before they are allowed to register (in the first step).

Code:

    $result2=@mysql_query($qry2);

That line is what matters, I think.
Immediately after that, try to add this:

Code:

echo $result2===FALSE?'It is broken':'It works'; exit();

(The format is: condition?if true:else [false], so this is like if/else, but just in one line.)

That will tell you whether the query executed. The only way to solve this now is to just use "trial and error", going one step at a time until you find the exact problem.

Again, this is just for debugging, and you will need to remove this line after you use it to test.

**Rosalie** · 08-10-2010, 09:33 PM

Here it is late in the evening so I will leave this thread until tomorrow morning.
Thanks for all the help thus far and hopefully I see some helpful replies when I wake up

**Rosalie** · 08-11-2010, 05:06 PM

hello everyone,

I finally managed to build my register/login script. However, I have one little question. When they fill in my form but forget to fill in their address they get the message: address missing. The problem is that when this happens all the information they already entered in the other fields disappears. This is really annoying because then they have to start all over again.

How can I solve this?

Thanks very much in advance.