SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Threaded View

  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Struggling With Email Authorisation Code

    With a great deal of thanks from the members of this forum I have been able to put together a registration system. (Yet to go through security processes) However I am struggling to get the email authorisation to work. Does anyone have any feedback or suggestions on how I can get the email code to work?


    Code:
    <?php
      session_start();
      $_SESSION['userLoggedIn'] = 0;
      $_SESSION['userEmail'] = '';
      $_SESSION['userID'] = '';
       
      // Reset errors and success messages
      $errors = array();
      $success = array();
       
      // Login attempt
      if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
      {
        $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
        $loginPassword  = trim($_POST['password']);
         if ($loginEmail === false)
         {
            $errors['loginEmail'] = 'Please enter your email address in a valid format.   Example:  
              bobsmith@companyname.com';
          }
          if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
          {
             $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
           }
           if(count($errors) === 0)
           {
             $query  = '
                SELECT 
                  * 
                FROM users 
                WHERE email = "' . mysql_real_escape_string($loginEmail) . '" 
                AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; 
             $result = mysql_query($query);
              if (!$result)
              {
                 die('Invalid query: ' . mysql_error());
              }
              if(mysql_num_rows($result) === 1)
              {
                 $row = mysql_fetch_assoc($result);
                 $_SESSION['userLoggedIn'] = 1;
                 $_SESSION['userEmail'] = $loginEmail;
                 $_SESSION['userID'] = $row['id'];
                  header('Location: index.php');
                  exit;
                } else {
                   $errors['login'] = 'No user was found with the details provided.';
                }
            }
       }
    /*
      The rest of your login page code
    */
    // Reset errors and success messages 
      $errors = array(); 
      $success = array(); 
      // Login attempt 
     if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
     { 
        $loginEmail = trim($_POST['email']); 
        $loginPassword  = trim($_POST['password']);                 
        $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
        if (!$email)
        {
              $error = 'Please enter your email address in a valid format.  Example: 
                bobsmith@companyname.com';
        }       
         if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) 
            $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; 
                    if(!$errors){ 
                       $query  = 'SELECT * FROM users WHERE email =     
                                        "'mysql_real_escape_string($loginEmail) 
                                      . '" AND password = MD5("' . $loginPassword 
                                        . '") LIMIT 1'; 
                       $result = mysql_query($query); 
                       if(mysql_num_rows($result) == 1){ 
                          $user = mysql_fetch_assoc($result); 
                          $query = 'UPDATE users SET session_id 
                                            = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; 
                          mysql_query($query); 
                              header('Location: index.php'); 
                               exit; 
                        } else { 
                          $errors['login'] = 'No user was found with the details provided.'; 
                        } 
                    } 
            } 
             
      // Register attempt 
      if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
        $firstname = mysql_real_escape_string(trim($_POST['firstname']));
        $surname = mysql_real_escape_string(trim($_POST['surname']));
        $registerEmail = trim($_POST['email']); 
        $registerPassword = trim($_POST['password']); 
        $registerConfirmPassword        = trim($_POST['confirmPassword']);                         
        if(!isset($firstname) || empty($firstname)) 
        {
           $error = "Please enter your First Name.";
        }
        if(!isset($surname) || empty($surname)) 
        {
           $error = "Please enter your Surname.";
        }
        if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
        {   
          $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; 
          if($password != $confirmPassword && !$error) {
              $error = "The passwords you entered did not match.";
         }
         $emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL);
         if (!$emailAddress)
         {
           $error = 'Please enter your email address in a valid format.  
                         Example:   bobsmith@companyname.com';
         }
         if($registerPassword != $registerConfirmPassword) 
         {
            $errors['registerConfirmPassword'] = 'Your passwords did not match.'; 
            // Check to see if we have a user registered with this email address already 
           if(!$errors)
           {
              $query = "
                 INSERT INTO users (firstname, surname, email, password, date_registered) 
                VALUES (
                                 '" . $firstname . "'
                                 , '" . $surname . "'
                                 , '" . mysql_real_escape_string($registerEmail) . "'
                                 , MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW()
                 )";   
               // remove the or die(mysql_error()) code after you resolve the error                                 
             $result = mysql_query($query) or die(mysql_error());
             if($result){
                      $success['register'] = 'Thank you for registering. You can now log in on the left.';
              }else{
                      $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
             }
    } 
                               }
       
       
    
            $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
            if(mysql_num_rows($query) > 0 && !$error) {
                    $error = "Sorry, that email is already in use!";
            }
     
            if(!$error) {
                    $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
                    if($query) {
                            $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with site.com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com";
                            $headers = "From: ".$website['name']." <".$website['email'].">\r\n";
                            mail($_POST['email'], "Welcome", $message, $headers);
                            setcookie("user", mysql_insert_id(), $time);
                            setcookie("pass", mysql_real_escape_string(md5($password)), $time);
                            header("Location: users.php");
                    } else {
                            $error = "There was a problem with the registration. Please try again.";
                    }
            }
    
       
            ?>   
    
    
    <link rel="stylesheet" href="/stylesheet.css" type="text/css" />  
       
               <div class="topheader">        
    <?php
            if ($_SESSION['userLoggedIn'])
    {
      $row = mysql_fetch_array($query);
      echo '<div class="loggedin">
    You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a>
      </div>
      ';
    } else { echo
    '<div class="headersignin">
    <a href="/users/login.php"   rel="nofollow" class="blacklink"   >
    Sign in
    </a>
    </div>
    <div class="headerjoin">
    <a href="/users/register.php" rel="nofollow" class="whitelink"   > Join free</a>
    </div>';
    }
    ?>
    
              <div class="headerlinkright">
      <a href="/siteinfo/aboutus.php"   rel="nofollow" class='bloglink'   >About Us</a>
    </div>
              <div class="headerlinkright">
    <a href="/blog/blog.php"   rel="nofollow" class='bloglink'   >Blog</a>
    </div>
              </div>
    </div>
    </div>
      </div>   
       
                    <h1>Login</h1>
                    <form class="box400" name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
       
                            <?php if($errors['login']) print '<div class="invalid">' . $errors['login'] . '</div>'; ?> 
                             
                            <label for="email">Email Address</label> 
                            <input type="text" name="email" value="<?php echo htmlspecialchars($loginEmail); ?>" /> 
                            <?php if($errors['loginEmail']) print '<div class="invalid">' . $errors['loginEmail'] . '</div>'; ?> 
                             
                            <label for="password">Password <span class="info">6-12 chars</span></label> 
                            <input type="password" name="password" value="" /> 
                            <?php if($errors['loginPassword']) print '<div class="invalid">' . $errors['loginPassword'] . '</div>';  ?> 
                             
                            <label for="loginSubmit">&nbsp;</label> 
                            <input type="hidden" name="loginSubmit" id="loginSubmit" value="true" /> 
               <div class="user-area">
    <input type="submit" value="Login" class="submit-button" />
      </div>   
            
    
    
                    </form> 
     
     
                            <h2>Register</h2>
                    <form class="box400" name="registerForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
                     
                            <?php if($success['register']) print '<div class="valid">' . $success['register'] . '</div>'; ?> 
                            <?php if($errors['register']) print '<div class="invalid">' . $errors['register'] . '</div>'; ?> 
                                     <div class="registerinputarea">
             
             
             
             
               <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="email">Firstname</label>
      </div>
       <div class="registerinputright"> 
                            <input type="text" name="firstname" value="<?php echo htmlspecialchars($firstname); ?>" /> 
                            <?php if($errors['firstname']) print '<div class="invalid">' . $errors['firstname'] . '</div>'; ?> 
                              </div>        
             
                            <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="email">Surname</label>
      </div>
       <div class="registerinputright"> 
                            <input type="text" name="surname" value="<?php echo htmlspecialchars($surname); ?>" /> 
                            <?php if($errors['surname']) print '<div class="invalid">' . $errors['surname'] . '</div>'; ?> 
                              </div>
             
             
             
             
             
             
             
               <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="email">Email Address</label>
      </div>
       <div class="registerinputright"> 
                            <input type="text" name="email" value="<?php echo htmlspecialchars($registerEmail); ?>" /> 
                            <?php if($errors['registerEmail']) print '<div class="invalid">' . $errors['registerEmail'] . '</div>'; ?> 
                              </div>
       
               <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="password">Password</label> 
       </div>
             <div class="registerinputright">
                            <input type="password" name="password" value="" /> 
                            <?php if($errors['registerPassword']) print '<div class="invalid">' . $errors['registerPassword'] . '</div>'; ?> 
                                    </div>
     
       
                      <div class="registerinputcelltop">
             <div class="registerinputleft">
                            <label for="confirmPassword">Confirm Password</label> 
                     </div>
                     <div class="registerinputright">
                            <input type="password" name="confirmPassword" value="" /> 
                            <?php if($errors['registerConfirmPassword']) print '<div class="invalid">' . $errors['registerConfirmPassword'] . '</div>'; ?> 
                                       </div>
                       </div>
                       </div>
               
                    <div class="registerinputcelltop">
                            <label for="registerSubmit">&nbsp;</label> 
                            <input type="hidden" name="registerSubmit" id="registerSubmit" value="true" /> 
            <div class="user-area">
                             <input type="submit" value="Register" class="submit-button" />
             </div>
                    </form>
       
            </div>
      <div class="registerinputcelltop">
    <a href="logout.php">Logout</a>
    <a href="index.php">Index</a>
    </div>
    Last edited by ServerStorm; Oct 1, 2012 at 09:16.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •