PHPhulp.nl PHPhulp.nl
35k+ leden Over PHPhulp Offerte opdracht Contact
p

probleem met activerings code

Door peter druyts op 31-01-2011 16:31
3.992 views
hallo vrienden, ben een php programma aan het schrijven waar je een register php en activation hebt. Tot de moment dat je een activation email met code krijgt loopt het ongeveer goed, het probleem is dat ik zie in mijn database in de tabel code steeds dezelfde code zie van 4 cijfers alhoewel in een random heb staan van 8, hoe komt die, wat kan ik doen om het te veranderen, alsook als je dan op de activation link klikt en de code met username en password ingeefd je telkens een error bericht krijgt dat de code niet juist is.
volgende code in register.php
"$email1 = mysql_real_escape_string($email1);
$pass1 = mysql_real_escape_string($pass1);
$code = rand(23456789, 99999999);

$pass = md5 ($password);


$full_birthday = "$b_y-$b_m-$b_d";


$ipaddress = getenv('REMOTE_ADDR');


$sql = mysql_query("INSERT INTO meetyourpal2 (username, gender, birthday, email, password, ipaddress, sign_up_date, code)
VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', '$code', now())") "
De volgende code zie ik in mijn database
code 2011
code 2011

Wie kan mij helpen, groetjes en alvast bedankt,peter
- SanThe -
31-01-2011 18:28
Ozzie PHP op 31/01/2011 17:58:20

[quote="- SanThe - op 31/01/2011 17:14:19"]
Wel tussen de enkele maar uit de dubbele quotes.
dus ... "INSERT .... VALUES('" . $username . "', '" . $gender . "', enz.)
moet dat per se tussen quotes? Zou het zonder niet werken?

[/quote]

Probeer het eens zou ik zeggen. ;-)
SQL zal dan denken dat het een veldnaam is o.i.d. en zal een error geven.
Ozzie PHP
31-01-2011 19:08
oh oke... bij PDO (prepared statements) kan ik me niet herinneren dat ik de waardes tussen quotes zet eigenlijk...
?
Onbekende gebruiker
31-01-2011 21:43
Ozzie PHP op 31/01/2011 19:08:19

oh oke... bij PDO (prepared statements) kan ik me niet herinneren dat ik de waardes tussen quotes zet eigenlijk...


Inderdaad, dat hoeft niet, want je stuurt de query en de data los van elkaar naar de database.
Ozzie PHP
31-01-2011 23:30
Oke, ik snap het nu. Thanks Karl.
p
peter druyts
31-01-2011 23:44 gewijzigd op 01-02-2011 18:32
Hallo vrienden, het probleem met de activeringsemail is nog steeds niet opgelost, heb alle sugesties die jullie hebben gedaan uitgevoerd. De '" . $username . "',...
de activatiecode = '".mysql_real_escape_string( $_GET['code'] )."' met telkens een ander error, of hij herkend de code niet, of de username en passwoord is fout, en nu is het zo dat het passwoord niet in de database wordt ingevuld. Waar ik ook nog geen oplossing voor heb, heb ik jullie niet verteld is dat de activerings email wordt verstuurd onder de naam "Mail failure - malformed recipient address" vanuit mijn email account van mijn database.


$from = ""; 
if (isset ($_POST['username'])){
	 
	 $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); 
	 $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); 
	 $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); 
     $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); 
	 $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); 
     $email1 = $_POST['email1'];
     $email2 = $_POST['email2'];
     $pass1 = $_POST['pass1'];
     $pass2 = $_POST['pass2'];
	 
     $humancheck = $_POST['humancheck'];

     $email1 = stripslashes($email1); 
     $pass1 = stripslashes($pass1); 
     $email2 = stripslashes($email2);
     $pass2 = stripslashes($pass2); 
	 
     $email1 = strip_tags($email1);
     $pass1 = strip_tags($pass1);
     $email2 = strip_tags($email2);
     $pass2 = strip_tags($pass2);

     
     include_once "xxxxxxx.php";
     $emailCHecker = mysql_real_escape_string($email1);
	 $emailCHecker = str_replace("`", "", $emailCHecker);
	 
	 $sql_uname_check = mysql_query("SELECT username FROM meetyourpal2 WHERE username='$username'"); 
     $uname_check = mysql_num_rows($sql_uname_check);
     
     $sql_email_check = mysql_query("SELECT email FROM meetyourpal2 WHERE email='$emailCHecker'");
     $email_check = mysql_num_rows($sql_email_check);

     
     if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) { 

     $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';
  
     if(!$username){ 
       $errorMsg .= ' * User Name<br />';
     } 
     if(!$gender){ 
       $errorMsg .= ' * Gender: Confirm your sex.<br />';
     } 	
	 if(!$b_m){ 
       $errorMsg .= ' * Birth Month<br />';      
     }
	 if(!$b_d){ 
       $errorMsg .= ' * Birth Day<br />';        
     } 
	 if(!$b_y){ 
       $errorMsg .= ' * Birth year<br />';        
     } 		
	 if(!$email1){ 
       $errorMsg .= ' * Email Address<br />';      
     }
	 if(!$email2){ 
       $errorMsg .= ' * Confirm Email Address<br />';        
     } 	
	 if(!$pass1){ 
       $errorMsg .= ' * Login Password<br />';      
     }
	 if(!$pass2){ 
       $errorMsg .= ' * Confirm Login Password<br />';        
     } 	
	
     } else if ($email1 != $email2) {
              $errorMsg = 'ERROR: Your Email fields below do not match<br />';
     } else if ($pass1 != $pass2) {
              $errorMsg = 'ERROR: Your Password fields below do not match<br />';
     } else if ($humancheck != "") {
              $errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />';		 
     } else if (strlen($username) < 4) {
	           $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />"; 
     } else if (strlen($username) > 20) {
	           $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />"; 
     } else if ($uname_check > 0){ 
              $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; 
     } else if ($email_check > 0){ 
              $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; 
     } else { 
	
     $email1 = mysql_real_escape_string($email1);
     $pass1 = mysql_real_escape_string($pass1);
	 $code = rand(23456789, 99999999);
     
     $pass = md5 ($password);
	 
	  
	 $full_birthday = "$b_y-$b_m-$b_d";

     
     $ipaddress = getenv('REMOTE_ADDR');

     
     $sql = mysql_query("INSERT INTO meetyourpal2 (username, gender, birthday, email, password, ipaddress, sign_up_date, code) 
     VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")  
     or die (mysql_error());
 
     $id = mysql_insert_id();
	 
	 		
     mkdir("members/$id", 0755);	

    
            $to = $email;
			$subject = "Activate your account";
			$headers = "from:  [email protected]";
			$server = "mail.50webs.biz";
			ini_set("SMTP",$server);
			$body = "Hello $username,\n\nYou registered and need to activate your account. Click on the link below or paste it into the url bar of your browser \n\nhttp://mijn domeinnaam.php?code=$code\n\n
			Thanks!";
			
			mail($to, $subject, $message, $body, $headers);

    die ("You have been registered! Check your email to activate your account<a href='login.php'> Go to Login page</a>");
	
   $msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>$username, there is one last step to verify your email identity:</h4><br />
   In a moment you will be sent an Activation link to your email address.<br /><br />
   <br />
   <strong><font color=\"#990000\">VERY IMPORTANT:</font></strong> 
   If you check your email with your host providers default email application, there may be issues with seeing the email contents.  If this happens to you and you cannot read the message to activate, download the file and open using a text editor.<br /><br />
   ";
   
   include_once 'msgToUser.php'; 
   exit();

   } 

} else { 
	  
	  $errorMsg = "";
      $username = "";
	  $gender = "";
	  $b_m = "";
	  $b_d = "";
	  $b_y = "";
	  $email1 = "";
	  $email2 = "";
	  $pass1 = "";
	  $pass2 = "";
}

?>


ik dank jullie bijvoorbaat

[size=xsmall]Toevoeging op 31/01/2011 23:45:21:[/size]

mijn activerings php


$getcode = $_GET['code'];

$form = "<form action='xxxx.php' method='post'>
<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode' size='10'></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submit' value='Activate'</td>
</tr>
</table>
</form>";

if ($_POST['submit']){
	$code = strip_tags($_POST['code']);
	$username = strip_tags($_POST['username']);
	$password = strip_tags($_POST['password']);
	
	if ($code && $username && $password){
		if (strlen($code) == 8){
			$pass = md5(md5($password));
			require ('connect_to_database.php');
			$query = mysql_query("SELECT * FROM meetyourpal2 WHERE username='$username' AND password='$pass'");
			$numrows = mysql_num_rows($query);
			
			if ($numrows == 1){
				
				$row = mysql_fetch_assoc($query);
				$dbcode = $row['code'];
				 
				 if ($code == $dbcode){
					 
					 mysql_query("UPDATE meetyourpal2 SET active='1' WHERE activation_code='".mysql_real_escape_string( $_GET['code'])."'");
					 echo "Your account has been activated. You may now login <a href='login.php'>Click here to login</a>";
				 }
				 else 
				 echo "Your activation code was incorrect. $form";
				
			}
			else 
			  echo "Your username and password are invalid. $form";
		}
		else
		   echo "You have not supplied a valid code. $form";
		
	}
	else
	    echo "You did not fill in the entire form. $form";
}
  else
      echo "$form";
?>


?
Onbekende gebruiker
01-02-2011 00:03
S.v.p. code plaatsen tussen [[color=black]code[/color]] en [/[color=black]code[/color]] tags.
?
Onbekende gebruiker
01-02-2011 00:09
Zoals ik zeg. Die zooi hierboven tussen code tags plaatsen.
Dan wordt het hier overzichtelijker.
Milo S
01-02-2011 08:12
[.code][./code] <- Zonder de puntjes.
Als je daar even je code tussen zet kunnen wij het tenminste lezen...
p
peter druyts
01-02-2011 14:03
hallo vrienden, hartelijk dank voor jullie reactie, heb nog 2 problemen, met de eerste code, heb ik het resultaat dat hij het wachtwoord niet in de database zet, het tweede probleem is dat ik van mijn host een "Mail failure - malformed recipient address?" krijg, heb bij mijn host de inkomende emails op doorstuur staan, is dat fout, zoja wat moet ik dan doen want de activeringsmail wordt niet naar de registrerende persoon gestuurd. groetjes peter

[size=xsmall]Toevoeging op 01/02/2011 14:05:01:[/size]


<?php
$from = "";
if (isset ($_POST['username'])){

$username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$gender = preg_replace('#[^a-z]#i', '', $_POST['gender']);
$b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']);
$b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']);
$b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']);
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];

$humancheck = $_POST['humancheck'];

$email1 = stripslashes($email1);
$pass1 = stripslashes($pass1);
$email2 = stripslashes($email2);
$pass2 = stripslashes($pass2);

$email1 = strip_tags($email1);
$pass1 = strip_tags($pass1);
$email2 = strip_tags($email2);
$pass2 = strip_tags($pass2);


include_once "xxxxxxx.php";
$emailCHecker = mysql_real_escape_string($email1);
$emailCHecker = str_replace("`", "", $emailCHecker);

$sql_uname_check = mysql_query("SELECT username FROM meetyourpal2 WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);

$sql_email_check = mysql_query("SELECT email FROM meetyourpal2 WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);


if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) {

$errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

if(!$username){
$errorMsg .= ' * User Name<br />';
}
if(!$gender){
$errorMsg .= ' * Gender: Confirm your sex.<br />';
}
if(!$b_m){
$errorMsg .= ' * Birth Month<br />';
}
if(!$b_d){
$errorMsg .= ' * Birth Day<br />';
}
if(!$b_y){
$errorMsg .= ' * Birth year<br />';
}
if(!$email1){
$errorMsg .= ' * Email Address<br />';
}
if(!$email2){
$errorMsg .= ' * Confirm Email Address<br />';
}
if(!$pass1){
$errorMsg .= ' * Login Password<br />';
}
if(!$pass2){
$errorMsg .= ' * Confirm Login Password<br />';
}

} else if ($email1 != $email2) {
$errorMsg = 'ERROR: Your Email fields below do not match<br />';
} else if ($pass1 != $pass2) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if ($humancheck != "") {
$errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />';
} else if (strlen($username) < 4) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
$errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else {

$email1 = mysql_real_escape_string($email1);
$pass1 = mysql_real_escape_string($pass1);
$code = rand(23456789, 99999999);

$pass = md5 ($password);


$full_birthday = "$b_y-$b_m-$b_d";


$ipaddress = getenv('REMOTE_ADDR');


$sql = mysql_query("INSERT INTO meetyourpal2 (username, gender, birthday, email, password, ipaddress, sign_up_date, code)
VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")
or die (mysql_error());

$id = mysql_insert_id();


mkdir("members/$id", 0755);


$to = $email;
$subject = "Activate your account";
$headers = "from: [email protected]";
$server = "mail.50webs.biz";
ini_set("SMTP",$server);
$body = "Hello $username,\n\nYou registered and need to activate your account. Click on the link below or paste it into the url bar of your browser \n\nhttp://mijn domeinnaam.php?code=$code\n\n
Thanks!";

mail($to, $subject, $message, $body, $headers);

die ("You have been registered! Check your email to activate your account<a href='login.php'> Go to Login page</a>");

$msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>$username, there is one last step to verify your email identity:</h4><br />
In a moment you will be sent an Activation link to your email address.<br /><br />
<br />
<strong><font color=\"#990000\">VERY IMPORTANT:</font></strong>
If you check your email with your host providers default email application, there may be issues with seeing the email contents. If this happens to you and you cannot read the message to activate, download the file and open using a text editor.<br /><br />
";

include_once 'msgToUser.php';
exit();

}

} else {

$errorMsg = "";
$username = "";
$gender = "";
$b_m = "";
$b_d = "";
$b_y = "";
$email1 = "";
$email2 = "";
$pass1 = "";
$pass2 = "";
}

?>


[size=xsmall]Toevoeging op 01/02/2011 14:06:04:[/size]


<?php
$getcode = $_GET['code'];

$form = "<form action='xxxx.php' method='post'>
<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode' size='10'></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submit' value='Activate'</td>
</tr>
</table>
</form>";

if ($_POST['submit']){
$code = strip_tags($_POST['code']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);

if ($code && $username && $password){
if (strlen($code) == 8){
$pass = md5(md5($password));
require ('connect_to_database.php');
$query = mysql_query("SELECT * FROM meetyourpal2 WHERE username='$username' AND password='$pass'");
$numrows = mysql_num_rows($query);

if ($numrows == 1){

$row = mysql_fetch_assoc($query);
$dbcode = $row['code'];

if ($code == $dbcode){

mysql_query("UPDATE meetyourpal2 SET active='1' WHERE activation_code='".mysql_real_escape_string( $_GET['code'])."'");
echo "Your account has been activated. You may now login <a href='login.php'>Click here to login</a>";
}
else
echo "Your activation code was incorrect. $form";

}
else
echo "Your username and password are invalid. $form";
}
else
echo "You have not supplied a valid code. $form";

}
else
echo "You did not fill in the entire form. $form";
}
else
echo "$form";
?>

Reageren

Inloggen om te reageren