Hi,

I have a piece of code for a registration script which appears to be working fine. It inserts the name, email address and password into the database. It also forwards an email to the submitted email. However I now need to insert a character into the database from the email address to authorise the email. (quite standard)

However I am completely stuck on how to use the link on the email to activate the account. Should I do it on the page that sends the email or the link that is sent on the email?


Code:
<?php
        $_SESSION['userLoggedIn'] = 0;
        $_SESSION['userEmail'] = '';
        $_SESSION['userID'] = '';
   
        // Reset errors and success messages
        $errors = array();
        $success = array();
   
         
        // Register attempt 
        if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
        $firstname = mysql_real_escape_string(trim($_POST['firstname']));
        $surname = mysql_real_escape_string(trim($_POST['surname']));
                $registerEmail = trim($_POST['email']); 
                $registerPassword = trim($_POST['password']); 
                $registerConfirmPassword        = trim($_POST['confirmPassword']); 
                                 
        if(!isset($firstname) || empty($firstname)) {
                $errors['firstname'] = "Please enter your First Name.";
        }

if(!isset($surname) || empty($surname)) {
                $errors['surname'] = "Please enter your Surname.";
        }
$email = "$registerEmail";
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
                $errors['falseEmail'] = "Please enter your email address in a valid format.  Example: bobsmith@companyname.com";
  }
 
 
                if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)     
                        $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; 
                 
                if($password != $confirmPassword && !$error) {
                $error = "The passwords you entered did not match.";
        }


                if($registerPassword != $registerConfirmPassword) 
                        $errors['registerConfirmPassword'] = 'Your passwords did not match.'; 
                 
                if(strlen($registerConfirmPassword) < 6 || strlen($registerConfirmPassword) > 12)       
                        $errors['registerConfirmPassword'] = 'Please confirm your password.';   
   
 

if(!$errors){
$registerPassword = md5($registerPassword);
$query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', '". $registerPassword ."', NOW())";

                                                
         $result = mysql_query($query); // remove the or die(mysql_error()) code after you resolve the error
         if($result){
                  $success['register'] = '
   
   
        Thank you for registering with Website.com.</p>
        You will soon receive a confirmation email.  Please click the confirmation link.';
                        
   
                 
$query = mysql_query("SELECT * FROM users WHERE email = '". $registerEmail ."' OR email = '". $email ."'");
$emailduplicate = null;
if (mysql_num_rows($query) > 0)
{
$emailduplicate = 'Email Address is Already in Use.  Please <a href="http://www.website.com/test/activation.php?userid=Y">Retrieve Your Password</a>.';
}         
   
   
                  $message = '
<html>
<body>
<p>Welcome to Website.com</p>
<a href="http://www.website.com/test/activation.php?activation=Y">Click Here</a> to activate your account.

</body>
</html>
';
                 
                 
                  mail(mysql_real_escape_string($registerEmail), 'Website.com Confirmation', $message, 'From: info@website.com' . "\r\n".'MIME-Version: 1.0' . "\r\n".'Content-type: text/html; charset=iso-8859-1' . "\r\n");
                 
          }
   }
   }
  
   
        ?>