Menu
I have already asked this before but I never seem getting how it works(I tried a lot but no success at all) could someone tell me how can I send a activation link to the users email address up on registration and don't allow the user until they activate their account by following the link in the email address? What should I do? I'm not getting it at all...please help me out..
What I have in a table users in database:
1 id int(11) AUTO_INCREMENT
2 username varchar(255)
3 password char(64)
4 salt char(16)
5 email varchar(255)
register.php
// First we execute our common code to connection to the database and start the session
require("common.php");
// This if statement checks to determine whether the registration form has been submitted
// If it has, then the registration code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty username
if(empty($_POST['username']))
{
echo "Please enter a username.";
}
// Ensure that the user has entered a non-empty password
if(empty($_POST['password']))
{
die("Please enter a password.");
}
// Make sure the user entered a valid E-Mail address
// filter_var is a useful PHP function for validating form input, see:
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
$query = "
SELECT
1
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This username is already in use");
}
// Now we perform the same type of check for the email address, in order
// to ensure that it is unique.
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This email address is already registered");
}
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "
INSERT INTO users (
username,
password,
salt,
email
) VALUES (
:username,
:password,
:salt,
:email
)
";
$to = "email";
$subject = "Your Account Information!";
$body = <<<EMAIL
Hello {'email'}, here is your account information!
Username:{'username'}
Password:{'password'}
Please activate your account by clicking the following activation link:
http://www.mywebsite.com/activate.php?aid={$aid}
EMAIL;
$headers = 'From: [email protected]' . "\r\n" .
'Reply-To: [email protected]' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail($to, $subject, $body, $headers)){
echo("<p>Your account information was successfully sent to your email - ('email')! <br><br>Please open your email and click the activation link to activate your account.</p><br><p>If you do not see your account information in your inbox within 60 seconds please check your spam/junk folder.</p>");
} else {
echo("<p> Unfortunately, your account information was <u>unsuccessfully</u> sent to your email - ('email'). </p>");
}
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':username' => $_POST['username'],
':password' => $password,
':salt' => $salt,
':email' => $_POST['email']
);
try
{
// Execute the query to create the user
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
}
header("Location: login.php");
die("Redirecting to login.php");
}
?>
<h1>Register</h1>
<form action="" method="post">
Username:<br />
<input type="text" name="username" required value="" />
<br /><br />
E-Mail:<br />
<input type="text" name="email" required value="" />
<br /><br />
Password:<br />
<input type="password" required name="password" value="" />
<br /><br />
<input type="submit" value="Register" />
</form>
login.php
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
$submitted_username = '';
if(!empty($_POST))
{
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
// The parameter values
$query_params = array(
':username' => $_POST['username']
);
try
{
// Execute the query against the database
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$login_ok = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password'])
{
$login_ok = true;
}
}
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
// Redirect the user to the private members-only page.
header("Location: private.php");
die("Redirecting to: private.php");
}
else
{
// Tell the user they failed
print("The Username/Password is invalid.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
?>
<h1>Login</h1>
<form action="login.php" method="post">
Username:<br />
<input type="text" name="username" required value="<?php echo $submitted_username; ?>" />
<br /><br />
Password:<br />
<input type="password" name="password" value="" required />
<br /><br />
<input type="submit" value="Login" />
</form>
<a href="register.php">Register</a>
479
Select the username to whose account you want to send the activation link, and then select More > Resend Activation Link. An alert message appears, asking you to confirm the resend activation link operation. Click Yes to confirm the resend activation link operation.
An activation link automatically activates a button by clicking another linked button. Activation links can be created between any combination of code, label, and toggle buttons.
EMail activation is primarily used to ensure that you're signing up with a "real" email address, and also one that you have access to (and therefore, presumably, are the legitimate "owner" of the email address).
For one you're not emailing the user anything in this script. What you should do is create a registration table and store the values there along with a token and a datetime. Some URL based identifier. A simple md5 of the email and timestamp concat would work fine.
$token = md5($_POST['email'].time());
Then email the user a link - something like: http://www.yoursite.com/register/confirm?token=yourmd5token
This script would fetch the stored user info from that token, make sure the datetime was within an hour or so, then push the data into the user table only on confirmation so you don't fill up a table unnecessarily.
Based on the code you provided, you're not a true beginner in PHP. So you should have no problems google searching examples of the things mentioned. This is too involved to write it all out for you since typically SO is used for quick help and basic QA. Yours is more of a full project thing.
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
