Quick question.. thanks :)

**mak-uk** · Dec 16, 2003, 04:19

Hi

Thanks for that!

One thing I have noticed is that when the form is re-displayed, the options in some of the drop-own boxes have a space in between like this:

option1

option2

option3

Whereas they should be as normal:

option1
option2
option3

Any ideas?

Thanks.

Mak

**Gaheris** · Dec 16, 2003, 05:42

I forgot to close the option tag at some dropdown boxes.

PHP Code:


echo '<option '.$selected.' value="',$diet_id,'">',$diet_type,'<option>',"\n";

should be

PHP Code:


echo '<option '.$selected.' value="',$diet_id,'">',$diet_type,'</option>',"\n";

**mak-uk** · Dec 17, 2003, 11:42

Hi

Okay thanks, fixed that.

Secondly, this bit of code was meant to put a leading zero in front of the days 1-9 but it no longer works:

PHP Code:


 <?php
                            $preselection = safe_post('day_select');
                            for ($day = 1; $day <= 31; $day++) {
                                if ($day < 10) { '0' . $day; }
                                $selected = ($day == $preselection) ? 'selected' : '';
                            ?>
                            <option <?php echo $selected; ?>>
                                <?php echo $day; ?>
                            </option>

Can you see what's wrong?

Thanks.

Mak

**Gaheris** · Dec 17, 2003, 11:48

Sorry, I think I really need those holidays.

PHP Code:


if ($day < 10) { $day = '0' . $day; }

**SphereS** · Dec 17, 2003, 11:49

You might want to try this:

PHP Code:


<?php

                            $preselection = safe_post('day_select');

                            for ($day = 1; $day <= 31; $day++) {

                                if ($day < 10) { $day = '0' . $day; }

                                $selected = ($day == $preselection) ? 'selected' : '';

                            ?>

                            <option <?php echo $selected; ?>>

                                <?php echo $day; ?>

                            </option>

**mak-uk** · Dec 17, 2003, 12:33

Hi

Okay cool, got that sorted.

What I then do is e-mail the user their login details:

PHP Code:


else { 
    $memberID = mysql_insert_id();
    
    // Let's mail the user! 
    $subject = "Your Membership at MyWebsite!"; 
    $message = "Dear $mForename $mSurname, 
    Thank you for registering at our website, [url="http://localhost/site/"]http://localhost/site/[/url]! 
     
    You are two steps away from logging in and accessing our exclusive members area. 
     
    To activate your membership, 
    please click here: [url="http://localhost/site/activate.php?id=$memberID&amp;code=$db_password"]http://localhost/site/activate.php?id=$memberID&amp;code=$db_password[/url]
     
    Once you activate your memebership, you will be able to login 
    with the following information: 
    Username: $mUsername 
    Password: $random_password 
     
    Thanks! 
    The Webmaster 
     
    This is an automated response, please do not reply!"; 
     
    mail($email_address, $subject, $message, 
        "From: MyDomain Webmaster<[email="admin@mydomain.com>n"]admin@mydomain.com>\n[/email] 
        X-Mailer: PHP/" . phpversion()); 
    echo 'Your membership information has been mailed to your email address! 
    Please check it and follow the directions!'; 
} 
}

Yet I get this browser error message:

Warning: mail(): SMTP server response: 501 <mailhost.isp.co.uk>: sender address must contain a domain in d:\inetpub\wwwroot\site\join_code.php on line 245
Your membership information has been mailed to your email address! Please check it and follow the directions!

I have checked the mail address I entered to test but no mail has arrived.

Any ideas?

Thanks.

Mak

**Gaheris** · Dec 17, 2003, 13:39

For testing set From to <admin@mydomain.com> only and see if it works.

**mak-uk** · Dec 17, 2003, 14:21

Hi

I do have:

PHP Code:


"From: MyDomain Webmaster<[email="admin@mydomain.com>n"]admin@mydomain.com>\n[/email]

In the sign-up form I enter whatever@hotmail.com but when I check this, nothing has arrived as I get that error message.

Odd?

Thanks.

Mak

**Gaheris** · Dec 17, 2003, 14:51

Try setting a blank space between webmaster and <.

**mak-uk** · Dec 17, 2003, 15:36

Hi

No luck, it seems to have a problem with:

PHP Code:


X-Mailer: PHP/" . phpversion());

and gives the same error message

Thanks.

Mak

EDIT: I thought it might be that I was doing:

PHP Code:


mail($email_address, $subject, $message,

instead of

PHP Code:


mail($mEMail, $subject, $message,

but still no luck.

**Gaheris** · Dec 18, 2003, 06:23

Does a very simple mail work (without extra headers)?

PHP Code:


mail('me@you.com', 'Subject', "foo\nbar");

**mak-uk** · Dec 18, 2003, 07:03

Hi

I tried:

PHP Code:


<?php
mail('address@domain.com', 'Subject', "foo\nbar"); 
?>

Yet I still get this error:

Warning: mail(): SMTP server response: 501 <mailhost.isp.co.uk>: sender address must contain a domain in d:\inetpub\wwwroot\site\mailtest.php on line 2

Do you think it is the way my mail-server is set-up? I'm certain it has worked before some months back when I tried it.

Thanks.

Mak

EDIT: What I have in my php.ini is:

Code:

[mail function]
; For Win32 only.
SMTP = mailhost.iso.co.uk ; for Win32 only
sendmail_from = mailhost.isp.co.uk ; for Win32 only

**mak-uk** · Dec 18, 2003, 15:17

Hi

I think the problem was the line:

Code:

sendmail_from = mailhost.isp.co.uk ; for Win32 only

I simply changed it to a 'domain'-like address, eg. test@test.com.

For some reason, however, join_code.php (which is posted to by the original form join_form.php) is not adding anything into the database.

Gaheris, is it possible for you to PM me your e-mail addr.? Then I can mail you the file to have a quick look at if you don't mind?

Thanks all for your wonderful help so far!

Mak

**mak-uk** · Dec 20, 2003, 14:30

Hi

Gaheris, any luck with the stuff I mailed you?

Thanks.

Mak

**mak-uk** · Dec 24, 2003, 13:09

Hi

Happy X-Mas Gaheris and All, eagerly awaiting your modifications.

Thanks.

Mak

**mak-uk** · Dec 29, 2003, 03:57

Hi

Thanks for your help on that!

Now I am working in activating the user account (by setting 0 to 1) when the user clicks a link I provide in an e-mail to them. This is the activation script:

PHP Code:


<? 
/* Account activation script */ 
// Get database connection 
require_once './inc/db.php';
// Create variables from URL. 
$userid = $_REQUEST['id']; 
$code = $_REQUEST['code']; 
$sql = mysql_query("UPDATE members SET mActivated='1' WHERE userid='$userid' AND password='$code'"); 
$sql_doublecheck = mysql_query("SELECT * FROM users WHERE memberID='$userid' AND mPassword='$code' AND mActivated='1'"); 
$doublecheck = mysql_num_rows($sql_doublecheck); 
if($doublecheck == 0){ 
    echo "<strong><font color=red>Your account could not be activated!</font></strong>"; 
} elseif ($doublecheck > 0) { 
    echo "<strong>Your account has been activated!</strong> You may login below!<br />"; 
    include 'join_form.php'; 
} 
?>

This is the error I get:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in d:\inetpub\wwwroot\site\activate.php on line 15
Your account could not be activated!

I think this could be because if you notice in the URL for activating the membership, the ID is set as 0 when in-fact it should be > 0:

Code:

Dear sad asd, 
Thank you for registering at our website, http://localhost/site/! 

You are two steps away from logging in and accessing our exclusive members area. 

To activate your membership, 
please click here: http://localhost/site/activate.php?id=0&amp;code=bb57a1407c21956d2d7dfc6008c000c0

Once you activate your memebership, you will be able to login 
with the following information: 
Username: test1234 
Password: n3pgfzz9 

Thanks! 
The Webmaster 

This is an automated response, please do not reply!

Does this mean there is an error in the code where I generate this e-mail:

PHP Code:


// Send email to the new user   
    $subject = 'Your Membership at MyWebsite!'; 
    $message = 'Dear '.$_POST['mForename'].' '.$_POST['mSurname'].', 
    Thank you for registering at our website, [url="http://localhost/site/"]http://localhost/site/[/url]! 
     
    You are two steps away from logging in and accessing our exclusive members area. 
     
    To activate your membership, 
    please click here: [url="http://localhost/site/activate.php?id='.$memberID.'&amp;code='.$db_password.'"]http://localhost/site/activate.php?id='.$memberID.'&amp;code='.$db_password.'[/url]
     
    Once you activate your memebership, you will be able to login 
    with the following information: 
    Username: '.$_POST['mUsername'].' 
    Password: '.$random_password.' 
     
    Thanks! 
    The Webmaster 
     
    This is an automated response, please do not reply!'; 
     
    mail($_POST['mEMail'], $subject, $message, 
         "From: MyDomain Webmaster <[email="admin@mydomain.com>n"]admin@mydomain.com>\n[/email] 
          X-Mailer: PHP/".phpversion());
           
    echo 'Your membership information has been mailed to your email address ('.$_POST['mEMail'].')! 
    Please check it and follow the directions!';

What do you think?

Thanks.

Mak

**Gaheris** · Dec 29, 2003, 16:00

Insert

PHP Code:


$memberID = mysql_insert_id();

before the second query ($q2) in join_code.php and delete the other $memberID assignment below.

**mak-uk** · Jan 8, 2004, 06:56

Hi Gaheris and All,

Thanks for your wonderful help so far.

Currently, I am still having a problem with my join_code.php script.

It works all fine in the sense that a members' details are inserted into the DB but for some reason the MD5 password is exactly the same for new members. Secondly, when the new member is sent the activation e-mail, the password is missing.

It did work before soI am not sure what it is that I have done wrong:

PHP Code:


<?php // join_code.php
require_once './inc/db.php';
// Functions
function strip_magic_quotes($arr) {
    foreach ($arr as $k => $v) {
        if (is_array($v)) {
            $arr[$k] = strip_magic_quotes($v);
        } else {
            $arr[$k] = stripslashes($v);
        }
    }
    return $arr;
}
function makeRandomPassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000);
  $i = 0;
  $pass = '';
  while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($salt, $num, 1);
        $pass = $pass . $tmp;
        $i++;
  }
  return $pass;
}
// Prepare input data
$_POST = strip_magic_quotes($_POST);
$_GET  = strip_magic_quotes($_GET);
// Validate input data
$validate = array('createdby_select'  => array('errstr' => 'Who is creating 
this profile'),
                  'mUsername'         => array('regex'  => '^.{6,20}$',
                                               'errstr' => 'Please enter a 
valid username (6-20 characters)'),
                  'mForename'         => array('regex'  => 
'^[a-zA-Z]{1,25}$',
                                               'errstr' => 'Please enter a 
Forename consisting of alphabetical characters'),
                  'mSurname'          => array('regex'  => 
'^[a-zA-Z]{1,25}$',
                                               'errstr' => 'Please enter a 
Surname consisting of alphabetical characters'),
                  'mEMail1'           => array('regex'  => 
'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$',
                                               'errstr' => 'Please enter a 
valid E-Mail address'),
                  'mEMail'            => array('regex'  => 
'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$',
                                               'match'  => 'mEMail1',
                                               'errstr' => 'Please enter a 
valid E-Mail address (must match)'),
                  'gender_select'     => array('regex'  => '^M|F$',
                                               'errstr' => 'Please select a 
gender'),
[i]..etc[/i]
//$sql_email_check    = mysql_query('SELECT mEMail FROM members WHERE 
//mEMail=\''.mysql_escape_string($_POST['mEMail']).'\'');
$sql_username_check = mysql_query('SELECT mUsername FROM members WHERE 
mUsername=\''.mysql_escape_string($_POST['mUsername']).'\'');
//$email_check        = mysql_num_rows($sql_email_check);
$username_check     = mysql_num_rows($sql_username_check);
$errors = array();
foreach ($validate as $name => $val) {
    (!isset($_POST[$name])) ? $errors[] = $val['errstr'] : $_POST[$name] = 
trim($_POST[$name]);
    if (empty($_POST[$name])) {
        $errors[] = $val['errstr'];
    } else {
        if (isset($val['regex']) && !preg_match('´'.$val['regex'].'´', 
$_POST[$name])) {
            $errors[] = $val['errstr'];
        }
        if (isset($val['match'])) {
            if ($_POST[$name] != $_POST[$val['match']]) {
                $errors[] = $val['errstr'];
            }
        }
    }
}
if (!empty($errors) || ($email_check > 0) || ($username_check > 0)) {
    echo 'Please fix the following errors: <br />';
    if ($email_check > 0) {
        echo '<ul><strong>Your email address has already been used by 
another member in our database. Please submit a different E-Mail 
address!</strong><br />';
    }
    if ($username_check > 0) {
        echo '<strong>The username you have selected has already been used 
by another member in our database. Please choose a different 
Username!</strong><br />';
    }
    if (!empty($errors)) {
        echo 'You have '.count($errors).' errors';
        echo '<ul>';
        foreach ($errors as $err) {
            echo '<li>' , $err , '</li>';
        }
        echo '</ul>';
    }
    include 'join_form.php';
    exit;
} else {
    
    $db_password     = md5($random_password);
    $_POST['about_yorself'] = (!empty($_POST['about_yourself'])) ? 
$_POST['about_yourself'] : '';
    $_POST['about_family']  = (!empty($_POST['about_family']))   ? 
$_POST['about_family']   : '';
 $mDOB = $_POST['year_select'] . '-' . $_POST['month_select'] . '-' . 
$_POST['day_select'];
    $q1 = 'INSERT INTO
               members
               (mForename, mSurname, mEMail, mGender, mDOB, mHasChildren, 
mSmokes, mDrinks, mAboutYourself, mAboutFamily, mJoinDate, mUsername, 
mPassword)
           VALUES
              (\''.mysql_escape_string($_POST['mForename']).'\',
               \''.mysql_escape_string($_POST['mSurname']).'\',
               \''.mysql_escape_string($_POST['mEMail1']).'\',
               \''.mysql_escape_string($_POST['gender_select']).'\',
               \''.mysql_escape_string($mDOB).'\',
               \''.mysql_escape_string($_POST['children_select']).'\',
               \''.mysql_escape_string($_POST['smoking_select']).'\',
               \''.mysql_escape_string($_POST['drinking_select']).'\',
               \''.mysql_escape_string($_POST['about_yourself']).'\',
               \''.mysql_escape_string($_POST['about_family']).'\',
               NOW(),
     \''.mysql_escape_string($_POST['mUsername']).'\',
               \''.$db_password.'\')';
    $query1 = mysql_query($q1) or die('There has been an error creating your 
account. Please contact the webmaster. The error was: '.mysql_error());
 $memberID = mysql_insert_id();
    $q2 = 'INSERT INTO
               Lookup
           SET
               relMemberID     = \''.$memberID.'\',
               relReligionID   = 
\''.mysql_escape_string($_POST['religion_select']).'\',
               relcreatedbyID  = 
\''.mysql_escape_string($_POST['createdby_select']).'\',
               relMStatusID    = 
\''.mysql_escape_string($_POST['mstatus_select']).'\',
               relHeightID     = 
\''.mysql_escape_string($_POST['height_select']).'\',
               relBuildID      = 
\''.mysql_escape_string($_POST['build_select']).'\',
               relComplexionID = 
\''.mysql_escape_string($_POST['complexion_select']).'\',
               relCBirthID     = 
\''.mysql_escape_string($_POST['countryb_select']).'\',
               relCOriginID    = 
\''.mysql_escape_string($_POST['countryo_select']).'\',
               relEducationID  = 
\''.mysql_escape_string($_POST['education_select']).'\',
               relOccupationID = 
\''.mysql_escape_string($_POST['occupation_select']).'\',
               relDietID       = 
\''.mysql_escape_string($_POST['diet_select']).'\',
               relReferrerID   = 
\''.mysql_escape_string($_POST['referer_select']).'\',
               relLinkID       = 
\''.mysql_escape_string($_POST['link']).'\'';
    $query2 = mysql_query($q2) or die('There has been an error creating your 
account. Please contact the webmaster. The error was: ' . mysql_error());
    //$memberID = mysql_insert_id();
    // Send email to the new user
    $subject = 'Your Membership at MyWebsite!';
    $message = 'Dear '.$_POST['mForename'].' '.$_POST['mSurname'].',
    Thank you for registering at our website, [url="http://localhost/site/"]http://localhost/site/[/url]!
    You are two steps away from logging in and accessing our exclusive 
members area.
    To activate your membership,
    please click here: 
[url="http://localhost/site/activate.php?id='.$memberID.'&code='.$db_password.'"]http://localhost/site/activate.php?id='.$memberID.'&code='.$db_password.'[/url]
    Once you activate your memebership, you will be able to login
    with the following information:
    Username: '.$_POST['mUsername'].'
    Password: '.$random_password.'
    Thanks!
    The Webmaster
    This is an automated response, please do not reply!';
    mail($_POST['mEMail'], $subject, $message,
         "From: MyDomain Webmaster <[email="admin@mydomain.com>n"]admin@mydomain.com>\n[/email]
          X-Mailer: PHP/".phpversion());
    echo 'Your membership information has been mailed to your email address 
('.$_POST['mEMail'].')!
    Please check it and follow the directions!';
}
?>

Can anyone see what it is that is causing this?

Thanks.

Mak

**Gaheris** · Jan 8, 2004, 07:09

Because somehow the line which generates $random_password got deleted. Just add $random_password = makeRandomPassword(); before hashing it with $db_password = md5($random_password);

**mak-uk** · Jan 8, 2004, 15:59

Hi Gaheris,

Strange, I can't recall deleting that line but it has done the trick.

Now you remember that the activate table was not filling up? Well now it is. So when a user requests to reset their PWD, the activate table gains an entry. Then once they have reset their password to a new one, this entry is then deleted.

I remember you explaining the reasoning behind this (so that Mr Bad-Guy just can't go around changing peoples' passwords). In relation to this, I was wondering is what the purpose of the entry in the activate table is?

Secondly, I get the following warnings:

recover_pwd.php:

An email has been sent to someaddress@hotmail.com, it contains instructions on how to change your password.
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at d:\inetpub\wwwroot\site\recover_pwd.php:42) in d:\inetpub\wwwroot\site\login_func.php on line 4

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at d:\inetpub\wwwroot\site\recover_pwd.php:42) in d:\inetpub\wwwroot\site\login_func.php on line 4

reset_pwd.php:

Your password has been set to the one your entered, please login.
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at d:\inetpub\wwwroot\site\reset_pwd.php:49) in d:\inetpub\wwwroot\site\login_func.php on line 4

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at d:\inetpub\wwwroot\site\reset_pwd.php:49) in d:\inetpub\wwwroot\site\login_func.php on line 4

Any ideas on why this is?

Thanks.

Mak

**Gaheris** · Jan 9, 2004, 07:52

In relation to this, I was wondering is what the purpose of the entry in the activate table is?

The activate stores requests for auth changes.

Code:

+------------+-------------+----------------------------------+
| start      | mEMail      | code                             |
+------------+-------------+----------------------------------+
| 1073603352 | foo@bar.com | c4ca4238a0b923820dcc509a6f75849b |
+------------+-------------+----------------------------------+

start: Stores the unix time (seconds since 1. January 1970) on which the request was created.
mEMail: Obvious, the email address of the account who sent the request.
code: The generated, random hash. The unique key the user has to enter so set his new password.

Secondly, I get the following warnings:

You get those because require_auth starts a session but you already have sent data to the client, so that adding headers is impossible and PHP outputs those warnings.

So instead of directly including login.php or any page that calls the require_auth function just print a link to one of the pages and/or use a meta-tag to redirect them to that page.

HTML Code:

<meta http-equiv="refresh" content="3;url=http://www.some.org/some.html" />

**mak-uk** · Jan 11, 2004, 08:56

Hi

Thanks for that.

Okay, now what I want to do is to record the last login date/time of the user in the members table along with their last IP address.

I already have a field mLastLogin of type DATETIME and I guess I can create a a field mLastIP of type varchar(255).

I was, therefore, wondering how to get this done?

Thanks.

Mak

**mak-uk** · Jan 13, 2004, 07:10

Hi

I thought about doing this:

$date=date("l M jS Y");
$ipaddy=$_SERVER['REMOTE_ADDR'];
$query=("UPDATE tablename SET lastvisit='$date',ipaddy='$ipaddy' WHERE username='$username'");
$sql = mysql_query($query) or die("error updating users ip and time: ".mysql_error());

but what I have is a 'automatic login' (remembering of settings so users are kept logged in) feature. So what happens if a user is kept logged in but later uses the account on the same machine but dials-up again, for example? Surely then the new IP address would not be recorded but instead remains as the the original one?

Anyone have any ideas?

Thanks.

Mak

**Gaheris** · Jan 13, 2004, 07:26

Try replacing the original auth function in the login_func.php file with this one (you might have you change the SQL queries table/field names).

PHP Code:


function auth($_uid, $_pwd)

    {

        $sql = 'SELECT memberID 

                FROM members 

                WHERE mEMail = \''.mysql_escape_string($_uid).'\' 

                AND mPassword = \''.$_pwd.'\'';   

        $result = mysql_query($sql) or die('A database error occurred while checking your '. 

                                           'login details. If this error persists, please '. 

                                           'contact [email]me@me.com[/email]. Error was: '.mysql_error());

        $ret = (bool)mysql_num_rows($result);

        if ($ret) {

            $ip_address = $_SERVER['REMOTE_ADDR'];

            $sql = 'UPDATE members SET lastvisit = NOW(), ip = \''.$ipaddy.'\' WHERE mEMail = \''.$_uid.'\'';

            $result = mysql_query($query) or die('A database error occurred while updating the table. '.

                                                 'If this error persits, please contact [email]me@me.com[/email]. Error was: '.mysql_error());



        }

        return $ret;                    

    }

**mak-uk** · Jan 13, 2004, 07:51

Hi

When trying that and logging in I get:

A database error occurred while updating the table. If this error persits, please contact me@me.com. Error was: Query was empty

Any ideas?

Thanks.

Mak

PHP Code:


function auth($_uid, $_pwd) 
    { 
        $sql = 'SELECT memberID 
                FROM members 
                WHERE mEMail = \''.mysql_escape_string($_uid).'\' 
                AND mPassword = \''.$_pwd.'\'';    
        $result = mysql_query($sql) or die('A database error occurred while checking your '. 
                                           'login details. If this error persists, please '. 
                                           'contact [email="me@me.com"]me@me.com[/email]. Error was: '.mysql_error()); 
        $ret = (bool)mysql_num_rows($result); 
        if ($ret) { 
            $ip_address = $_SERVER['REMOTE_ADDR']; 
            $sql = 'UPDATE members SET mLastLogin = NOW(), mLastIP = \''.$ip_address.'\' WHERE mEMail = \''.$_uid.'\''; 
            $result = mysql_query($query) or die('A database error occurred while updating the table. '. 
                                                 'If this error persits, please contact [email="me@me.com"]me@me.com[/email]. Error was: '.mysql_error()); 
        } 
        return $ret;                     
    }

The SitePoint Forums have moved.

User Tag List

Thread: Quick question.. thanks :)

Thread Tools

Display

Activating it now..

Bookmarks

Bookmarks

Posting Permissions