/    Sign up×
Community /Pin to ProfileBookmark

Validation / login issue

Copy linkTweet thisAlerts:
May 01.2006

Hi, I have a few problems with a piece of code im using to generate and use a validation code when a user registers on my website.

After the user registers they are sent an email with their details and an activation code.

At the moment the user can login without activation but not edit their profile unitl validatied. If they click the link in their email to validate their account they are asked to login first and then validate. This seems unnessesary and I woudl like to change it.

What I woudl liek is for the user to NOT be able to login until they are validated and for the validation script to let you enter the validation code with out you needing to be logged in. Once validated the user can login and use the account as needed.

Here’s the code for register.php:

[code=php]
<?php
ob_start();
session_start();
include(“config.php”);
//gets the config page
if ($_POST[register]) {
// the above line checks to see if the html form has been submitted
$username = $_POST[username];
$password = $_POST[pass];
$cpassword = $_POST[cpass];
$email = $_POST[emai1];
//the above lines set variables with the user submitted information
if($username==NULL|$password==NULL|$cpassword==NULL|$email==NULL) {
//checks to make sure no fields were left blank
echo “A field was left blank.”;
}else{
//none were left blank! We continue…
if($password != $cpassword) {
// the passwords are not the same!
echo “Passwords do not match”;
}else{
// the passwords are the same! we continue…
$password = md5($password);
// encrypts the password
$checkname = mysql_query(“SELECT username FROM users WHERE username=’$username'”);
$checkname= mysql_num_rows($checkname);
$checkemail = mysql_query(“SELECT email FROM users WHERE email=’$email'”);
$checkemail = mysql_num_rows($checkemail);
if ($checkemail>0|$checkname>0) {
// oops…someone has already registered with that username or email!
echo “The username or email is already in use”;
}else{
// noone is using that email or username! We continue…
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$email = htmlspecialchars($email);
// the above lines make it so that there is no html in the user submitted information.
$total = 12; // the number of characters you want in the validation code
$salt = “abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789″; // sets the characters that are allowed to be in the code
srand((double)microtime()*1000000); // starts it
$userval=””; // variable
for ($i=0;$i<$total;$i++) // loops it and creates the code

$userval = $userval . substr ($salt, rand() % strlen($salt), 1); // defines the code and sets the variable
//Everything seems good, lets insert.
$query = mysql_query(“INSERT INTO users (username, password, email, val_num) VALUES(‘$username’,’$password’,’$email’, ‘$userval’)”);
// inserts the information into the database.
mail(“$email”, “Please validate your account.”, “Thank you for registering at www.guardiansofshadowglen.co.uk. Please use the link below to validate your account.

Username: $username
Validation Code: $userval
To validate your account, visit: http://www.guardiansofshadowglen.co.uk/validate.php?username={$_POST[‘username’]}

If your username has spaces in it, you must replace them with %20″,”From: Guardian <[email protected]>”);
echo “You have successfully registered! Please check your email for your validation link!”;
}
}
}
}
else
{
// the form has not been submitted…so now we display it.
echo (”
<center>
<form method=”POST”>
Username: <input type=”text” size=”15″ maxlength=”25″ name=”username”><br />
Password: <input type=”password” size=”15″ maxlength=”25″ name=”pass”><br />
Confirm Password: <input type=”password” size=”15″ maxlength=”25″ name=”cpass”><br />
Email: <input type=”text” size=”15″ maxlength=”25″ name=”emai1″> (Requires Validation)<br />
<input name=”register” type=”submit” value=”Register”>
</form>
</center>
“);
}
?>
[/code]

Here’s the code for validate.php:

[code=php]
<?php
ob_start();
session_start();
include(“config.php”);
if(!$logged[username]){
echo (“You must log in before you can validate your account”);
}else{
if($logged[validated] == 1){
echo (“Your account is already validated”);
}else{
if($_GET[username] == $logged[username]){
if ($_POST[validate] && $valnum = $logged[val_num]) {
$username = “$_GET[username]”;
$query = “UPDATE users SET validated=’1′ WHERE username=’$username’ LIMIT 1”;
mysql_query($query);
echo (“Thank you, your account has been validated”);
}else{
echo(“<form method=”POST”>
</div><div class=bar>Validation Number:</div><div class=content> <input type=”text” size=”15″ maxlength=”60″ name=”valnum”>
<input name=”validate” type=”submit” value=”Validate!”>
</form><br /><a href=”forgotval.php”>Resend Validation Code</a>”);
$valnum = htmlspecialchars($_POST[valnum]);
}
}else{
echo (“Sorry, your validation link is invalid. Please recheck your email”);
}
}
}
?>
[/code]

This is the login.php:

[code=php]
<?
ob_start();
session_start();
include(“config.php”);
if (!$logged[username])
{
if (!$_POST[login])
{
echo ”
<center><form method=”POST”>
<table>
<tr>
<td align=”right”>
Username: <input type=”text” size=”15″ maxlength=”25″ name=”username”>
</td>
</tr>
<tr>
<td align=”right”>
Password: <input type=”password” size=”15″ maxlength=”25″ name=”password”>
</td></tr><tr>
<td align=”center”>
<input type=”submit” name=”login” value=”Login”>
<input type=”checkbox” name=”remember” checked=”checked” /> Rember me?
</td></tr><tr>
<td align=”center”>
<a href=”login.php”>Register Here</a>
</td></tr></table></form></center>”;
}
if ($_POST[login])
{
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$info = mysql_query(“SELECT * FROM users WHERE username = ‘$username'”) or die(mysql_error());
$data = mysql_fetch_array($info);
if($data[password] != $password)
{
echo “Incorrect username or password!”;
}
else
{
$query = mysql_query(“SELECT * FROM users WHERE username = ‘$username'”) or die(mysql_error());
$user = mysql_fetch_array($query);
if ($_POST[‘remember’])
{
setcookie(“id”, $user[id],time()+(60*60*24*5), “/”, “”);
setcookie(“pass”, $user[password],time()+(60*60*24*5), “/”, “”);
}
$_SESSION[id] = $user[id];
$_SESSION[pass] = $user[password];
echo “<meta http-equiv=”Refresh” content=”3; URL=login.php” />Login successful! You will be redirected”;
}
}
}
else
{
// we now display the user controls.
echo (“<center>Welcome <b>$logged[username]</b><br /></center>
– <a href=”editprofile.php”>Edit Profile</a><br />
– <a href=”members.php”>Member List</a><br />
– <a href=”logout.php”>Logout</a>”);
}
?>
[/code]

Any help to change this to what I want would be much appreciated ?

Yogi

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@aaronbdavisMay 01.2006 — I would add a boolean field to your users table called e.g. IsActive. Set it to false upon creation of the user and when a user attempts to login check using[code=php]$result = mysql_query("SELECT username, password, isactive FROM users WHERE ((username='$username') AND (password='password'));");[/code]

Then check to make sure that IsActive is true before you login the user.
Copy linkTweet thisAlerts:
@LiLcRaZyFuZzYMay 01.2006 — Do you realize your users can validate without actually giving you a valid e-mail because you ask for the username to validate, and obviously if they choose their own username, they'll know it.

Validate with a random code, something they can't guess and have to go to their e-mail account and click the link.

When checking for login, check if "Validated" is set to 1, if not, do not allow the user to login.
Copy linkTweet thisAlerts:
@LiLcRaZyFuZzYMay 01.2006 — I would add a boolean field to your users table called e.g. IsActive. Set it to false upon creation of the user and when a user attempts to login check using[code=php]$result = mysql_query("SELECT username, password, isactive FROM users WHERE ((username='$username') AND (password='password'));");[/code]

Then check to make sure that IsActive is true before you login the user.[/QUOTE]
there is already such a field in his table, it seems: [I]"validated"[/I]
×

Success!

Help @uber_yogi spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...