SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Hybrid View

  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Struggling With Email Authorisation Code

    With a great deal of thanks from the members of this forum I have been able to put together a registration system. (Yet to go through security processes) However I am struggling to get the email authorisation to work. Does anyone have any feedback or suggestions on how I can get the email code to work?


    Code:
    <?php
      session_start();
      $_SESSION['userLoggedIn'] = 0;
      $_SESSION['userEmail'] = '';
      $_SESSION['userID'] = '';
       
      // Reset errors and success messages
      $errors = array();
      $success = array();
       
      // Login attempt
      if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
      {
        $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
        $loginPassword  = trim($_POST['password']);
         if ($loginEmail === false)
         {
            $errors['loginEmail'] = 'Please enter your email address in a valid format.   Example:  
              bobsmith@companyname.com';
          }
          if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
          {
             $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
           }
           if(count($errors) === 0)
           {
             $query  = '
                SELECT 
                  * 
                FROM users 
                WHERE email = "' . mysql_real_escape_string($loginEmail) . '" 
                AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; 
             $result = mysql_query($query);
              if (!$result)
              {
                 die('Invalid query: ' . mysql_error());
              }
              if(mysql_num_rows($result) === 1)
              {
                 $row = mysql_fetch_assoc($result);
                 $_SESSION['userLoggedIn'] = 1;
                 $_SESSION['userEmail'] = $loginEmail;
                 $_SESSION['userID'] = $row['id'];
                  header('Location: index.php');
                  exit;
                } else {
                   $errors['login'] = 'No user was found with the details provided.';
                }
            }
       }
    /*
      The rest of your login page code
    */
    // Reset errors and success messages 
      $errors = array(); 
      $success = array(); 
      // Login attempt 
     if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
     { 
        $loginEmail = trim($_POST['email']); 
        $loginPassword  = trim($_POST['password']);                 
        $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
        if (!$email)
        {
              $error = 'Please enter your email address in a valid format.  Example: 
                bobsmith@companyname.com';
        }       
         if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) 
            $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; 
                    if(!$errors){ 
                       $query  = 'SELECT * FROM users WHERE email =     
                                        "'mysql_real_escape_string($loginEmail) 
                                      . '" AND password = MD5("' . $loginPassword 
                                        . '") LIMIT 1'; 
                       $result = mysql_query($query); 
                       if(mysql_num_rows($result) == 1){ 
                          $user = mysql_fetch_assoc($result); 
                          $query = 'UPDATE users SET session_id 
                                            = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; 
                          mysql_query($query); 
                              header('Location: index.php'); 
                               exit; 
                        } else { 
                          $errors['login'] = 'No user was found with the details provided.'; 
                        } 
                    } 
            } 
             
      // Register attempt 
      if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
        $firstname = mysql_real_escape_string(trim($_POST['firstname']));
        $surname = mysql_real_escape_string(trim($_POST['surname']));
        $registerEmail = trim($_POST['email']); 
        $registerPassword = trim($_POST['password']); 
        $registerConfirmPassword        = trim($_POST['confirmPassword']);                         
        if(!isset($firstname) || empty($firstname)) 
        {
           $error = "Please enter your First Name.";
        }
        if(!isset($surname) || empty($surname)) 
        {
           $error = "Please enter your Surname.";
        }
        if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
        {   
          $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; 
          if($password != $confirmPassword && !$error) {
              $error = "The passwords you entered did not match.";
         }
         $emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL);
         if (!$emailAddress)
         {
           $error = 'Please enter your email address in a valid format.  
                         Example:   bobsmith@companyname.com';
         }
         if($registerPassword != $registerConfirmPassword) 
         {
            $errors['registerConfirmPassword'] = 'Your passwords did not match.'; 
            // Check to see if we have a user registered with this email address already 
           if(!$errors)
           {
              $query = "
                 INSERT INTO users (firstname, surname, email, password, date_registered) 
                VALUES (
                                 '" . $firstname . "'
                                 , '" . $surname . "'
                                 , '" . mysql_real_escape_string($registerEmail) . "'
                                 , MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW()
                 )";   
               // remove the or die(mysql_error()) code after you resolve the error                                 
             $result = mysql_query($query) or die(mysql_error());
             if($result){
                      $success['register'] = 'Thank you for registering. You can now log in on the left.';
              }else{
                      $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
             }
    } 
                               }
       
       
    
            $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
            if(mysql_num_rows($query) > 0 && !$error) {
                    $error = "Sorry, that email is already in use!";
            }
     
            if(!$error) {
                    $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
                    if($query) {
                            $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with site.com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com";
                            $headers = "From: ".$website['name']." <".$website['email'].">\r\n";
                            mail($_POST['email'], "Welcome", $message, $headers);
                            setcookie("user", mysql_insert_id(), $time);
                            setcookie("pass", mysql_real_escape_string(md5($password)), $time);
                            header("Location: users.php");
                    } else {
                            $error = "There was a problem with the registration. Please try again.";
                    }
            }
    
       
            ?>   
    
    
    <link rel="stylesheet" href="/stylesheet.css" type="text/css" />  
       
               <div class="topheader">        
    <?php
            if ($_SESSION['userLoggedIn'])
    {
      $row = mysql_fetch_array($query);
      echo '<div class="loggedin">
    You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a>
      </div>
      ';
    } else { echo
    '<div class="headersignin">
    <a href="/users/login.php"   rel="nofollow" class="blacklink"   >
    Sign in
    </a>
    </div>
    <div class="headerjoin">
    <a href="/users/register.php" rel="nofollow" class="whitelink"   > Join free</a>
    </div>';
    }
    ?>
    
              <div class="headerlinkright">
      <a href="/siteinfo/aboutus.php"   rel="nofollow" class='bloglink'   >About Us</a>
    </div>
              <div class="headerlinkright">
    <a href="/blog/blog.php"   rel="nofollow" class='bloglink'   >Blog</a>
    </div>
              </div>
    </div>
    </div>
      </div>   
       
                    <h1>Login</h1>
                    <form class="box400" name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
       
                            <?php if($errors['login']) print '<div class="invalid">' . $errors['login'] . '</div>'; ?> 
                             
                            <label for="email">Email Address</label> 
                            <input type="text" name="email" value="<?php echo htmlspecialchars($loginEmail); ?>" /> 
                            <?php if($errors['loginEmail']) print '<div class="invalid">' . $errors['loginEmail'] . '</div>'; ?> 
                             
                            <label for="password">Password <span class="info">6-12 chars</span></label> 
                            <input type="password" name="password" value="" /> 
                            <?php if($errors['loginPassword']) print '<div class="invalid">' . $errors['loginPassword'] . '</div>';  ?> 
                             
                            <label for="loginSubmit">&nbsp;</label> 
                            <input type="hidden" name="loginSubmit" id="loginSubmit" value="true" /> 
               <div class="user-area">
    <input type="submit" value="Login" class="submit-button" />
      </div>   
            
    
    
                    </form> 
     
     
                            <h2>Register</h2>
                    <form class="box400" name="registerForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
                     
                            <?php if($success['register']) print '<div class="valid">' . $success['register'] . '</div>'; ?> 
                            <?php if($errors['register']) print '<div class="invalid">' . $errors['register'] . '</div>'; ?> 
                                     <div class="registerinputarea">
             
             
             
             
               <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="email">Firstname</label>
      </div>
       <div class="registerinputright"> 
                            <input type="text" name="firstname" value="<?php echo htmlspecialchars($firstname); ?>" /> 
                            <?php if($errors['firstname']) print '<div class="invalid">' . $errors['firstname'] . '</div>'; ?> 
                              </div>        
             
                            <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="email">Surname</label>
      </div>
       <div class="registerinputright"> 
                            <input type="text" name="surname" value="<?php echo htmlspecialchars($surname); ?>" /> 
                            <?php if($errors['surname']) print '<div class="invalid">' . $errors['surname'] . '</div>'; ?> 
                              </div>
             
             
             
             
             
             
             
               <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="email">Email Address</label>
      </div>
       <div class="registerinputright"> 
                            <input type="text" name="email" value="<?php echo htmlspecialchars($registerEmail); ?>" /> 
                            <?php if($errors['registerEmail']) print '<div class="invalid">' . $errors['registerEmail'] . '</div>'; ?> 
                              </div>
       
               <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="password">Password</label> 
       </div>
             <div class="registerinputright">
                            <input type="password" name="password" value="" /> 
                            <?php if($errors['registerPassword']) print '<div class="invalid">' . $errors['registerPassword'] . '</div>'; ?> 
                                    </div>
     
       
                      <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="confirmPassword">Confirm Password</label> 
                     </div>
                     <div class="registerinputright">
                            <input type="password" name="confirmPassword" value="" /> 
                            <?php if($errors['registerConfirmPassword']) print '<div class="invalid">' . $errors['registerConfirmPassword'] . '</div>'; ?> 
                                       </div>
                       </div>
                       </div>
               
                    <div class="registerinputcelltop">
                            <label for="registerSubmit">&nbsp;</label> 
                            <input type="hidden" name="registerSubmit" id="registerSubmit" value="true" /> 
            <div class="user-area">
                             <input type="submit" value="Register" class="submit-button" />
             </div>
                    </form>
       
            </div>
      <div class="registerinputcelltop">
    <a href="logout.php">Logout</a>
    <a href="index.php">Index</a>
    </div>
    Last edited by ServerStorm; Oct 1, 2012 at 09:16.

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    What errors are being given out?
    How do you know it is not working?
    Where do you think the problem lies?
    What action have you taken to identify the problem?
    Did you read "how to ask questions the smart way"?, if you did not, then I suggest you do.

  3. #3
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    No email is sent and there are no error messages.

    I had the code working on another registration system however it was poor registation script. I am trying to transfer it to this registration script but the email no longer works.

    No idea what so ever where the problem lies to be honest.

  4. #4
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Does anyone have any suggestions please on what I can try?

  5. #5
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Is there anyway I can develop the email section. Is there a standard way to introduce an email authorisation?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •