SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Enthusiast rramroop's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Activation Script

    Hi,
    I am currently building a publishing system where e-mail confirmation is necessary for article to be published. I wrote the following code for the activation script:

    ------------------ activation.php -----------------------------
    <?
    $connection = mysql_connect($host, $user, $passwd) or die ("Unable to connect!");
    mysql_select_db($db) or die ("Unable to select database!");
    $query = "SELECT tempid, emailconfirm FROM articles WHERE email = '$eid' ";
    $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    $row = mysql_fetch_object($result);

    if ( $row->tempid == $aid && $row->emailconfirm == 0 ) {

    $query = "UPDATE articles SET emailconfirm = '1' WHERE tempid = '$aid'";
    $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    echo "<font face='Arial Black' size='4' color='#CC3300'>Thank you for confirming your email address</font>";
    mysql_close($connection);

    mail("admin@localhost", "Activation Confirmation received", "Click on the link to review and activate article\n\nhttp://localhost/admin/activate.php?eid=$eid&aid=$aid", "From: admin@localhost");
    }
    else
    {
    echo "<font face='Arial Black' size='4' color='#CC3300'>This email address has already been confirmed!</font>";
    }
    ?>
    ------------------------- End of Script ---------------------------

    the activation link is as follows:
    activate.php?eid=mail@localhost&aid=568722469

    The script works fine but the only problem that I'm having with it is that when I run the activate.php scripts with no variables I get the "Thank you for confirming" message and the email is sent to admin.

    How can I prevent this from happening?

    Cheers
    Ravi

  2. #2

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I havent tested it, but this should do the trick.
    Code:
    <?
        $connection = mysql_connect($host, $user, $passwd) or die ("Unable to connect!");
        mysql_select_db($db) or die ("Unable to select database!");
    
        $query = "SELECT tempid, emailconfirm FROM articles WHERE email = '$eid' ";
        $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    
        if (mysql_num_rows($result)<1)
        {
            // No rows were returned, hence there is no article with the given
            // (respectively not given) data.
        }
    
        $row = mysql_fetch_object($result);
    
        if ( $row->tempid == $aid && $row->emailconfirm == 0 )
        {
            $query = "UPDATE articles SET emailconfirm = '1' WHERE tempid = '$aid'";
            $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
            echo "<font face='Arial Black' size='4' color='#CC3300'>Thank you for confirming your email address</font>";
            mysql_close($connection);
    
            mail("admin@localhost", "Activation Confirmation received", "Click on the link to review and activate article\n\nhttp://localhost/admin/activate.php?eid=$eid&aid=$aid", "From: admin@localhost");
        } else echo "<font face='Arial Black' size='4' color='#CC3300'>This email address has already been confirmed!</font>";
    ?>

  3. #3
    SitePoint Enthusiast rramroop's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've tried it but it still sends me the e-mail and message

    <?
    $connection = mysql_connect($host, $user, $passwd) or die ("Unable to connect!");
    mysql_select_db($db) or die ("Unable to select database!");

    $query = "SELECT tempid, emailconfirm FROM articles WHERE email = '$eid' ";
    $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

    if (mysql_num_rows($result)<1)
    {
    echo "<font face='Arial Black' size='4' color='#CC3300'>Sorry. This resource cannot be accessed directly!</font>";
    }

    $row = mysql_fetch_object($result);

    if ( $row->tempid == $aid && $row->emailconfirm == 0 )
    {
    $query = "UPDATE articles SET emailconfirm = '1' WHERE tempid = '$aid'";
    $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    echo "<font face='Arial Black' size='4' color='#CC3300'>Thank you for confirming your email address</font>";
    mysql_close($connection);

    mail("admin@localhost", "Activation Confirmation received", "Click on the link to review and activate article\n\nhttp://localhost/admin/activate.php?eid=$eid&aid=$aid", "From: admin@localhost");
    } else echo "<font face='Arial Black' size='4' color='#CC3300'>This email address has already been confirmed!</font>";
    ?>

  4. #4

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Without any passed data your query would look like this
    Code:
    SELECT tempid, emailconfirm FROM articles WHERE email=''
    and would probably not return any rows as I do not suppose there are ones without associated email addresses, right? Check how many rows are returned.

  5. #5
    SitePoint Enthusiast rramroop's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the query returns this without an email address:

    mysql> select tempid, emailconfirm from reviews where email = "";
    Empty set (0.00 sec)
    and

    mysql> select tempid, emailconfirm from reviews where email = "rr303@gre.ac.uk";

    +---------+--------------+
    | tempid | emailconfirm |
    +---------+--------------+
    | 1907895 | 1 |
    +---------+--------------+
    1 row in set (0.00 sec)

    mysql>
    when an email address is supplied

  6. #6

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Code:
    <?
        $connection = mysql_connect($host, $user, $passwd) or die ("Unable to connect!");
        mysql_select_db($db) or die ("Unable to select database!");
    
        $query = "SELECT tempid, emailconfirm FROM articles WHERE email = '$eid' ";
        $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    
        if (mysql_num_rows($result)<1)
        {
            echo "<font face='Arial Black' size='4' color='#CC3300'>Sorry. This resource cannot be accessed directly!</font>";
            exit;
        }
    
        $row = mysql_fetch_object($result);
    
        if ( $row->tempid == $aid && $row->emailconfirm == 0 )
        {
            $query = "UPDATE articles SET emailconfirm = '1' WHERE tempid = '$aid'";
            $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
            echo "<font face='Arial Black' size='4' color='#CC3300'>Thank you for confirming your email address</font>";
            mysql_close($connection);
    
            mail("admin@localhost", "Activation Confirmation received", "Click on the link to review and activate article\n\nhttp://localhost/admin/activate.php?eid=$eid&aid=$aid", "From: admin@localhost");
        } else echo "<font face='Arial Black' size='4' color='#CC3300'>This email address has already been confirmed!</font>";
    ?>

  7. #7
    SitePoint Enthusiast rramroop's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cheers Mate!

    the script works fine but the only thing is the rest of my html is not rendered! :-)

  8. #8
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rramroop
    the only problem that I'm having with it is that when I run the activate.php scripts with no variables I get the "Thank you for confirming" message and the email is sent to admin.

    How can I prevent this from happening?
    add a mysql_affected_rows() :

    PHP Code:
    $query "UPDATE articles SET emailconfirm = 1 WHERE tempid = '$aid'";
    mysql_query($query) or die ("Error in query: $query. " mysql_error());
    if (
    mysql_affected_rows() == 1)
    {
      echo 
    "<font face='Arial Black' size='4' color='#CC3300'>Thank you for confirming your email address</font>";
    }
    else
    {
      echo 
    "<font face='Arial Black' size='4' color='#CC3300'>This email address has already been confirmed!</font>";
      exit();

    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  9. #9
    SitePoint Enthusiast rramroop's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks drzoid & frezno!

    Everything is working fine now.

    Cheers

  10. #10
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    something to think about_:

    Is your email address field set to UNIQUE, i.e. do you accept the same email address only once in your table?
    IMHO you should.
    So checking for the address should be (un)equal 1, whatever methode you choose
    (mysql_num_rows or mysql_affected_rows == 1 or != 1) just to make sure all is in sync.
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  11. #11
    SitePoint Enthusiast rramroop's Avatar
    Join Date
    May 2003
    Location
    UK
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yea, when posting an article, the current email address entered by the user is checked in the database. If the e-mail address exists, then the database is not updated.

    Thanks for the tip anyway. It'll come in handy next time.

    I just bought the book PHP & Mysql by Kevin Yank about a month ago. So I'm just a beginer in PHP & SQL programming and your help is much appreciated guys.

    Cheers


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •