E-m@il Confirmation

**mrhappiness** · 15.06.2003, 19:02

you gotta extend your user table with one single column

make it of type varchar, length 32 characters

before sending your mail generate a 32 characters long random string

place a link in your mail

Code:

http://www.yourdomain.tld/activate.php?id=[b]the string generated just before[/b]>klick here to activate your account</a>

of course you'll need the file activate.php

this file does something link this

Code:

UPDATE users
SET UserActivated='1'
WHERE UserActivated='[b]the string generated just before[/b]'

now you can check which users did activate their account and which didn't

**minds_gifts** · 15.06.2003, 20:13

Thanks Mr.happiness. will straight away look at it and let you know how it works.

**mrhappiness** · 15.06.2003, 20:17

aight

btw: i like your sig

**minds_gifts** · 15.06.2003, 22:30

Mr.happiness,

Back to my stuff today.well, i changed my code and seems to be working mostly except some weird behaviour with my update stuff.
The problem i see is- lets say user A has contacted profile with id 1 and user A again contacted profile with id 2 and with the same email as before.
He activates the email link for the profile id 2 ONLY and not for the profile id 1.But, I see in my table the column activated is set to 1 in both cases.How can i restrict to that id alone??
Thanks for your time.

Here it goes the latest code .......
mail.php

PHP-Code:


<?php

/*This script will handle the variables passed from the contact form*/



//Declare the relevant variables



$hostname = "";

$username = "";

$password = "";

$dbname = "";

$mytable = "user_information";

$adminaddress = "";



//Database connection



mysql_connect($hostname,$username,$password)or die ("unable to connect my database");

mysql_select_db("$dbname") or die ("unable to select database");



echo "<body bgcolor='#FFFFCC'>";

echo "<CENTER>";

echo "Hello, $name";

echo "<BR><BR>";

echo "Thank you for your interest.<BR><BR>";

echo "We have sent you an activation e-mail to $email.Please check your e-mail";

echo "<CENTER>";



// function to generate random string

function RandomString($length=32) 

{ 

$randstr=''; 

srand((double)microtime()*1000000); 

// array add all letters and numbers if you wish

$chars = array ( 'a','b','c','d','e','f'); 

for ($rand = 0; $rand <= $length; $rand++) 

{ 

$random = rand(0, count($chars) -1); 

$randstr .= $chars[$random]; 

} 

return $randstr; 

} 

$rstr = RandomString(8);

//Send the relevant e-mail to the user

    $from = $_REQUEST['email'];

    $mail_body = "To validate this email click the following link:\nhttp://www.blahblah.com/project/activate.php?id=$rstr";

    mail($from, "Validation Email", $mail_body, "From: minds_gifts\n");

    print("Please check your email <b>$from</b> for the test validation message");   

//Send the relevant email to admin

mail ("myself@myself.com", "visitor request for info", "$name requested for information.The email address is $email"); 



//Insert into the table



$query = "insert into $mytable (name, email, text, contacted_id) values ('$name','$email','$description','$id')";

$result = mysql_query($query);



//We close the MySQL connection 



    mysql_close(); 



?>

activate.php

PHP-Code:


$sql = mysql_query("UPDATE $mytable SET activated='1' WHERE activated='$rstr'");

**minds_gifts** · 17.06.2003, 12:16

Hello,

Coulple of questions i've got to ask over here.Before that I would like to say, i edited my previous post and this is my latest code.Well,
according to Mr.Happiness, he said i need to extend my table with one more column of type Varchar(32).I guess this column is called activated, but in my update query, i always set this to one.so, why do i need 32 of length??
Sorry if i had mis-understood.
I still have problems with my updation stuff.Do you think that the column activated should be unique??if i make it unique, i dont see records being inserted,huh!
I feel thats theres a way of tricky in getting my code fixed.I'll be glad if somebody can show me the way

Thanks

**mrhappiness** · 17.06.2003, 15:53

in your insert statrement you have to sepcify a value for your activate-column too. i guess this should be $rstr

**minds_gifts** · 17.06.2003, 16:23

hmm...that does'nt help me either.Now, when i contact the profile and submit it, i see the 8 char string inserted into the activated column of the table, fine!The first step is good.
well, this column has to updated to 1 when the user clicks on the link, right??but it does'nt.
Do you think is there any error in this line??

PHP-Code:


$mail_body = "To validate this email click the following link:\nhttp://www.inkaytown.f2o.org/project/activate.php?id=$rstr";

well, I feel theres some sort of confusion with the id
My table structure looks like as follows
id(int)--->>>>Auto-increment
name(varchar)
email(varchar)
description(text)
contacted_id(int)----->>>>This is the profile id which the user has contacted
activated(varchar)---->>This would tell if the user has activated the email

Is there anything messed up??
Thanks for your time

**mrhappiness** · 17.06.2003, 16:29

did you verify that $rstr is inserted correctly?

in activate.php do the following:

PHP-Code:


//connect to database



$statement="UPDATE $mytable SET activated='1' WHERE activated='$rstr'";

echo $statement;

echo '<hr />';

$statement="UPDATE $mytable SET activated='1' WHERE activated='".$_GET['id']."'";

echo $statement;

$sql=mysql_query($statement) or die(mysql_error());

in activate.php you dont have the variable $rstr, but you have a varibale called $_GET['id'] containing the radnom link generated previously, since you call it like this

Code:

activate.php?id=random

so you have to use $_GET['id'] instead of $rstr

**minds_gifts** · 17.06.2003, 16:44

This has further pushed me into trouble.I dont see the records being inserted now.After the contact form has been snubmitted, this message used to appear

PHP-Code:


echo "<body bgcolor='#FFFFCC'>";

echo "<CENTER>";

echo "Hello, $name";

echo "<BR><BR>";

echo "Thank you for your interest.<BR><BR>";

echo "We have sent you an activation e-mail to $email.Please check your e-mail";

echo "<CENTER>";

Now, i dont see neither this message nor the records inside the table.
hmm....turning things really complicated, aint it??
Thanks once again

**mrhappiness** · 17.06.2003, 16:46

this shouldnt'be possible since i advised you to change activcate.php and not mail.php which inserts the record

**minds_gifts** · 17.06.2003, 16:53

sorry, i acted dumb and changed something else.well, That works like a charm now

I'm still gonna shoot with couple of questions concerning security flaws, stay tuned!

Thanks a bunch Mr.Happiness.

**mrhappiness** · 17.06.2003, 16:56

OffTopic:
upon my life, i live to please

E-m@il Confirmation