[Newbie PHP]Email Activation

Cooper · 05-21-2006, 03:48 PM

I'm pretty new to PHP, however, I'd say I have quite a good understanding of it.

I'm currently writing a sign up script which is basically a registration form which enters info into a database and a login form which does something with sessions (I'm still learning about that ;p)

Now, I may be wrong, so if I am, please correct me...

What I need to do is, when someone submits the registration form; enter a random activation code into the member’s row under a new field like “activation_code”.
Then I would use PHP mail() to send an email to the person who has just signed up a link to activate their account with a URL which is something like activate.php?do=ACTIVATIONCODE
When they click the link sent in the email, the script will check the activation code at the end of the URL against that of the one in the database. If they match the members field, change the group field from (say) 1 to 2 (1 being not activated, 2 being activated and having full access to members pages)

My question is, how would I generate such a code? Also, how would I get the script to recognise that someone has gone to activate.php?do=ACTIVATIONCODE and use the activation code in the URL to check if it matches that of the one in the database?
????: NamePros.com http://www.namepros.com/programming/199709-newbie-php-email-activation.html

Any help here would be brilliant, thanks

abdulmueid · 05-21-2006, 04:07 PM

Hello Cooper.

To generate a random number, you can use function like rand() i.e. if you need a 5 digit random number, you could use rand(10000, 99999) and it would generate random numbers between the specified range.

For the activation:
1. Create two fields, let's say "activ" and "activ_code".
2. By default set "activ" to 0 and store the random number in "activ_code" when the user submitted the activation form.
3. In the email, include a link to activate.php?user=USERNAME&do=ACTIVATIONCODE
4. In activate.php use a search query to look for the activation code in "activ_code" field of the corresponding username and if the activation code exists, execute another query that changes the value for "activ" to 1 meaning the user has activated his account!

Shorty · 05-21-2006, 04:08 PM

Well first of all it would need to be activate.php?username=Whatever&&do=ACTIVATIONCODE.

Then on activate.php you need:
$username = $_GET['username'];
$activationcode = $_GET['do'];

So then you simply do a MySQL query to SELECT activationcode from users WHERE username=$username. (Not perfect syntax but you get the idea.)

And then an if statement along the following lines:
if ($activationcode == $database_activationcode) {
// Approve the user
} else {
// The activation code didnt match that in the database, do whatever you want
}

Eric · 05-21-2006, 07:15 PM

As for generating that activation code, here's something i've used before:

PHP Code:

  <?php

????: NamePros.com http://www.namepros.com/showthread.php?t=199709
 
$act_code = md5(sha1(uniqid(mt_rand(), true)));

 
?>

Which produces something like: d6420b35b18fb0ee782215ad8223b4b0

Cooper · 05-22-2006, 12:26 AM

+Rep to you all. Thanks, that pretty much clears everything up

abdulmueid · 05-22-2006, 04:02 AM

No problem Cooper

It's always a pleasure.
And thanks for the +rep

Cooper · 05-26-2006, 03:42 PM

Well I've written something, however, acivate.php doesn't seem to be working. Below is acivate.php

PHP Code:

  <?PHP 

require_once('mysql_connect.php');

                

$user_id = $_GET['user'];

$activationcode = $_GET['code'];

 
$query = ("SELECT activation_code FROM members WHERE id='$user_id'");

$result = @mysql_query($query); 

 
if ($result == $activationcode) {

 
mysql_query("UPDATE members SET active=2 WHERE id='$user_id' LIMIT 1") ;

 
echo "You have sucsessfully activated your account!";

}

 else {

echo "That is the wrong activation code";

}

?>

I have a feeling something is wrong with the query. Any help here?

Eric · 05-26-2006, 04:31 PM

PHP Code:

  <?php

 
require_once('mysql_connect.php');

 
// I strongly recommend some input validation here!

// Wide open to all sorts of vulnerabilities.

$user_id = $_GET['user'];

$activationcode = $_GET['code'];

 
$query = mysql_query("SELECT activation_code FROM members WHERE id=$user_id") or die("Error");

$row = mysql_fetch_array($query);

 
if ($row['activation_code'] == $activationcode)

{

    mysql_query("UPDATE members SET active=2 WHERE id=$user_id LIMIT 1") or die("Error");

????: NamePros.com http://www.namepros.com/showthread.php?t=199709
 
    echo 'You have successfully activated your account!';

}

else

{

    echo 'That is the wrong activation code.';

}

 
?>

Cooper · 05-26-2006, 05:06 PM

Thanks dude, works great!

Also, what do you mean by input validation?

Eric · 05-26-2006, 05:31 PM

Np

http://www.google.com/search?q=php+input+validation
http://www.google.com/search?q=sql+injection
http://en.wikipedia.org/wiki/SQL_Injection
http://phpsec.org/library/

05-21-2006, 03:48 PM	THREAD STARTER #1 (permalink)
Cooper NamePros Member Join Date: May 2005 Location: Portsmouth, UK Posts: 191	[Newbie PHP]Email Activation I'm pretty new to PHP, however, I'd say I have quite a good understanding of it. I'm currently writing a sign up script which is basically a registration form which enters info into a database and a login form which does something with sessions (I'm still learning about that ;p) Now, I may be wrong, so if I am, please correct me... What I need to do is, when someone submits the registration form; enter a random activation code into the member’s row under a new field like “activation_code”. Then I would use PHP mail() to send an email to the person who has just signed up a link to activate their account with a URL which is something like activate.php?do=ACTIVATIONCODE When they click the link sent in the email, the script will check the activation code at the end of the URL against that of the one in the database. If they match the members field, change the group field from (say) 1 to 2 (1 being not activated, 2 being activated and having full access to members pages) My question is, how would I generate such a code? Also, how would I get the script to recognise that someone has gone to activate.php?do=ACTIVATIONCODE and use the activation code in the URL to check if it matches that of the one in the database? ????: NamePros.com http://www.namepros.com/programming/199709-newbie-php-email-activation.html Any help here would be brilliant, thanks __________________ :kickass: Brand New Media Site Script MyMediaScript.com:kickass: Alpha Web Directory - Permanent $15 Solid PR3 Inner Pages Burnout 5

05-21-2006, 07:15 PM	#4 (permalink)
Eric Senior Member Join Date: Mar 2005 Posts: 4,948	As for generating that activation code, here's something i've used before: PHP Code: `<?php ????: NamePros.com http://www.namepros.com/showthread.php?t=199709 $act_code = md5(sha1(uniqid(mt_rand(), true))); ?>` Which produces something like: d6420b35b18fb0ee782215ad8223b4b0

05-22-2006, 12:26 AM	THREAD STARTER #5 (permalink)
Cooper NamePros Member Join Date: May 2005 Location: Portsmouth, UK Posts: 191	+Rep to you all. Thanks, that pretty much clears everything up __________________ :kickass: Brand New Media Site Script MyMediaScript.com:kickass: Alpha Web Directory - Permanent $15 Solid PR3 Inner Pages Burnout 5

05-26-2006, 03:42 PM	THREAD STARTER #7 (permalink)
Cooper NamePros Member Join Date: May 2005 Location: Portsmouth, UK Posts: 191	Well I've written something, however, acivate.php doesn't seem to be working. Below is acivate.php PHP Code: `<?PHP require_once('mysql_connect.php'); $user_id = $_GET['user']; $activationcode = $_GET['code']; $query = ("SELECT activation_code FROM members WHERE id='$user_id'"); $result = @mysql_query($query); if ($result == $activationcode) { mysql_query("UPDATE members SET active=2 WHERE id='$user_id' LIMIT 1") ; echo "You have sucsessfully activated your account!"; } else { echo "That is the wrong activation code"; } ?>` I have a feeling something is wrong with the query. Any help here? __________________ :kickass: Brand New Media Site Script MyMediaScript.com:kickass: Alpha Web Directory - Permanent $15 Solid PR3 Inner Pages Burnout 5

05-26-2006, 04:31 PM	#8 (permalink)
Eric Senior Member Join Date: Mar 2005 Posts: 4,948	PHP Code: <?php require_once('mysql_connect.php'); // I strongly recommend some input validation here! // Wide open to all sorts of vulnerabilities. $user_id = $_GET['user']; $activationcode = $_GET['code']; $query = mysql_query("SELECT activation_code FROM members WHERE id=$user_id") or die("Error"); $row = mysql_fetch_array($query); if ($row['activation_code'] == $activationcode) { mysql_query("UPDATE members SET active=2 WHERE id=$user_id LIMIT 1") or die("Error"); ????: NamePros.com http://www.namepros.com/showthread.php?t=199709 echo 'You have successfully activated your account!'; } else { echo 'That is the wrong activation code.'; } ?>

05-21-2006, 04:07 PM	#2 (permalink)
abdulmueid Account Closed Join Date: Jun 2005 Location: Mozambique Posts: 607	Hello Cooper. To generate a random number, you can use function like rand() i.e. if you need a 5 digit random number, you could use rand(10000, 99999) and it would generate random numbers between the specified range. For the activation: 1. Create two fields, let's say "activ" and "activ_code". 2. By default set "activ" to 0 and store the random number in "activ_code" when the user submitted the activation form. 3. In the email, include a link to activate.php?user=USERNAME&do=ACTIVATIONCODE 4. In activate.php use a search query to look for the activation code in "activ_code" field of the corresponding username and if the activation code exists, execute another query that changes the value for "activ" to 1 meaning the user has activated his account!

05-21-2006, 04:08 PM	#3 (permalink)
Shorty Senior Member Join Date: Sep 2005 Location: England Posts: 1,034	Well first of all it would need to be activate.php?username=Whatever&&do=ACTIVATIONCODE. Then on activate.php you need: $username = $_GET['username']; $activationcode = $_GET['do']; So then you simply do a MySQL query to SELECT activationcode from users WHERE username=$username. (Not perfect syntax but you get the idea.) And then an if statement along the following lines: if ($activationcode == $database_activationcode) { // Approve the user } else { // The activation code didnt match that in the database, do whatever you want }

05-22-2006, 04:02 AM	#6 (permalink)
abdulmueid Account Closed Join Date: Jun 2005 Location: Mozambique Posts: 607	No problem Cooper It's always a pleasure. And thanks for the +rep

05-26-2006, 05:06 PM	THREAD STARTER #9 (permalink)
Cooper NamePros Member Join Date: May 2005 Location: Portsmouth, UK Posts: 191	Thanks dude, works great! Also, what do you mean by input validation? __________________ :kickass: Brand New Media Site Script MyMediaScript.com:kickass: Alpha Web Directory - Permanent $15 Solid PR3 Inner Pages Burnout 5

05-26-2006, 05:31 PM	#10 (permalink)
Eric Senior Member Join Date: Mar 2005 Posts: 4,948	Np http://www.google.com/search?q=php+input+validation http://www.google.com/search?q=sql+injection http://en.wikipedia.org/wiki/SQL_Injection http://phpsec.org/library/

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)