Web Analytics Made Easy -
StatCounter Validation System - CodingForum

Announcement

Collapse
No announcement yet.

Validation System

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Validation System

    Alright, so I am trying to make a simple signup form that verifies your email by send a link with hash which is stored in the database. It is stored in the database as md5 format. Whenever I try to activate the account, it says that the hash does not match the one on the database when I manually went ahead and checked that they matched by copying and pasting. Here is my code.

    REGISTER PROCESS PAGE:
    PHP Code:
    <?php
    session_start
    ();
    function 
    validate_email($email)
    {
    // Create the syntactical validation regular expression
    $regexp " ^((\"[^\"\f\n\r\t\v\b]+\")|([\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}]+(\.[\w\!\#\$\%\&\'\*\+\-\~\/\^\`\|\{\}]+)*))@((\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\-])+\.)+[A-Za-z\-]+))$";
    // Presume that the email is invalid
    $valid 0;
    // Validate the syntax
    if (eregi($regexp$email))
    {
        
    $valid 1;
    } else {
         
    $valid 0;
    }
    return 
    $valid;

    include(
    'users.db.php');
    $username $_POST['username'];
    $fname $_POST['fname'];
    $lname $_POST['lname'];
    $password $_POST['password'];
    $passcon $_POST['passcon'];
    $email $_POST['email'];
    $emailcon $_POST['emailcon'];
    $birthday $_POST['year'].$_POST['month'].$_POST['day'];
    if(
    $username == '' OR $fname == '' OR $lname == '' OR $password == '' OR $passcon == '' OR $email == '' OR $emailcon == '' OR $birthday == '') {
        
    $_SESSION['error'] = "You left one or more of the fields blank. Please fill them in.";
        
    $_SESSION['username'] = $_POST['username'];
        
    $_SESSION['fname'] = $_POST['fname'];
        
    $_SESSION['lname'] = $_POST['lname'];
        
    $_SESSION['email'] = $_POST['email'];
        
    $_SESSION['emailcon'] = $_POST['emailcon'];
        
    $_SESSION['month'] = $_POST['month'];
        
    $_SESSION['day'] = $_POST['day'];
        
    $_SESSION['year'] = $_POST['year'];
        
    header("Location: http://www.infernalschism.com/redefined/?id=register2");
        } else {
        include(
    'users.db.php');
        
    $query "SELECT * FROM users WHERE username='".$username."'";
        
    $result mysql_query($query);
        
    $usersfound mysql_num_rows($result);
        if(
    $usersfound 0) {
            
    $_SESSION['error'] = "This username has already been registered. Please choose another one.";
            
    $_SESSION['username'] = $_POST['username'];
            
    $_SESSION['fname'] = $_POST['fname'];
            
    $_SESSION['lname'] = $_POST['lname'];
            
    $_SESSION['email'] = $_POST['email'];
            
    $_SESSION['emailcon'] = $_POST['emailcon'];
            
    $_SESSION['month'] = $_POST['month'];
            
    $_SESSION['day'] = $_POST['day'];
            
    $_SESSION['year'] = $_POST['year'];
            
    header("Location: http://www.infernalschism.com/redefined/?id=register2");
            } else {
            if(
    $password != $passcon) {
                
    $_SESSION['error'] = "Your passwords do not match.";
                
    $_SESSION['username'] = $_POST['username'];
                
    $_SESSION['fname'] = $_POST['fname'];
                
    $_SESSION['lname'] = $_POST['lname'];
                
    $_SESSION['email'] = $_POST['email'];
                
    $_SESSION['emailcon'] = $_POST['emailcon'];
                
    $_SESSION['month'] = $_POST['month'];
                
    $_SESSION['day'] = $_POST['day'];
                
    $_SESSION['year'] = $_POST['year'];
                
    header("Location: http://www.infernalschism.com/redefined/?id=register2");
                } else {
                if(
    validate_email($email)) {
                    
    $_SESSION['error'] = "Your email is not valid.";
                    
    $_SESSION['username'] = $_POST['username'];
                    
    $_SESSION['fname'] = $_POST['fname'];
                    
    $_SESSION['lname'] = $_POST['lname'];
                    
    $_SESSION['email'] = $_POST['email'];
                    
    $_SESSION['emailcon'] = $_POST['emailcon'];
                    
    $_SESSION['month'] = $_POST['month'];
                    
    $_SESSION['day'] = $_POST['day'];
                    
    $_SESSION['year'] = $_POST['year'];
                    
    header("Location: http://www.infernalschism.com/redefined/?id=register2");
                    } else {
                    if(
    $email != $emailcon) {
                        
    $_SESSION['error'] = "Your email addresses do not match.";
                        
    $_SESSION['username'] = $_POST['username'];
                        
    $_SESSION['fname'] = $_POST['fname'];
                        
    $_SESSION['lname'] = $_POST['lname'];
                        
    $_SESSION['email'] = $_POST['email'];
                        
    $_SESSION['emailcon'] = $_POST['emailcon'];
                        
    $_SESSION['month'] = $_POST['month'];
                        
    $_SESSION['day'] = $_POST['day'];
                        
    $_SESSION['year'] = $_POST['year'];
                        
    header("Location: http://www.infernalschism.com/redefined/?id=register2");
                        } else {
                        
    $password md5($password);
                        
    $date date("m-d-y");
                        
    $hash md5($date).$password;
                        include(
    'users.db.php');
                        
    mysql_query("INSERT INTO users (username, password, email, fname, lname, bdate, regdate, lastdate, lastip, confirmhash) VALUES('$username','$password', '$email', '$fname', '$lname','$birthday','$date', '$date','$REMOTE_ADDR', '$hash')") or die("Could not register");
                        echo 
    "Successfully registered.\nPlease check your email for the verification.";
                        
    $to      $email;
                        
    $subject 'Verification for Infernal Schism';
                        
    $message "Hi!\nThank you for signing up at Infernal Schism. I promise you won't be disappointed.\n\nTo activate your account, you must click the link below\n\n <a href='http://www.infernalschism.com/redefined/?id=confirm&username=$username&hash=$hash>CLICK HERE</a>\n\nThank you again. Enjoy your stay.";
                        
    $headers 'From: [email protected]"\r\n" 'Reply-To: [email protected]"\r\n" 'X-Mailer: PHP/' phpversion();
                        
    mail($to$subject$message$headers);
                        }
                    }
                }
            }
        }
    ?>
    CONFIRMATION PAGE:
    PHP Code:
    <?php
    $username 
    $_GET['username'];
    $hash $_GET['hash'];
    include(
    'users.db.php');
    $confirm mysql_query("SELECT * FROM users WHERE username='".$username."'");
    if(
    $confirm['confirm'] == 1) {
        echo 
    "You have already been validated.";
        
    header("Location: http://www.infernalschism.com/redefined/");
        } else {
        if(
    $confirm['confirmhash'] == $hash) {
            
    $query "UPDATE users SET confirm='1' WHERE username='".$username."'";
            
    mysql_query("$query") or die(mysql_error()); 
            echo 
    "You are now validated. Please login.";
        } else {
            echo 
    "Wrong validation hash.";
        }
    }
    ?>
    Thanks for any help in advance. Oh and, the REGEXP I use is one of the best I have had in a while. Feel free to use it or any of this code. If you get it to work, just tell me how you did it

    EDIT: http://www.infernalschism.com/redefined/
    This is the website and it's still under dev. so go sign up if you want. It sends the email and everything, but it will not let you verify it. I am using the code above for this.
    Last edited by brightshadow; Aug 1, 2005, 11:34 PM. Reason: Want to add link

  • #2
    You need to use mysql_fetch_assoc with the $confirm variable if you want to use it as an array I think...

    PHP Code:
    <?php 
    $username 
    $_GET['username']; 
    $hash $_GET['hash']; 
    include(
    'users.db.php'); 
    $confirm mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE username='".$username."'")); 
    if(
    $confirm['confirm'] == 1) { 
        echo 
    "You have already been validated."
        
    header("Location: http://www.infernalschism.com/redefined/"); 
        } else { 
        if(
    $confirm['confirmhash'] == $hash) { 
            
    $query "UPDATE users SET confirm='1' WHERE username='".$username."'"
            
    mysql_query("$query") or die(mysql_error());  
            echo 
    "You are now validated. Please login."
        } else { 
            echo 
    "Wrong validation hash."
        } 

    ?>

    Comment


    • #3
      Just asking,
      PHP Code:
      if (eregi($regexp$email))
      {
          
      $valid 1;
      } else {
           
      $valid 0;
      }
      return 
      $valid;

      Shouldn't it be

      PHP Code:
      if (eregi($regexp$email))
      {
          
      $valid 1;
      }
      else {
           
      $valid 0;
      }
      return 
      $valid;

      ?

      I'm probably wrong.
      I lost my signature, have you seen it?
      I have the power to erase you...

      Comment


      • #4
        Badger: Your comment appears to be correct. The problem is that there is no $confirm['confirm'] set at least by this point. You can at this point use it as an object if you would prefer. This assumes as well that your registration is completed, which you can check with either a phpMyAdmin utility (or others), or a standard SQL query.

        e-Raser: The code in yours is the same, the formatting is irrelivent to operation.
        PHP Code:
         if (eregi($regexp$email)) 

            
        $valid 1
        } else { 
             
        $valid 0

        return 
        $valid

        I'd recommend format like so personally, as its easier to read:
        PHP Code:
        function name()
        {
             if (
        eregi($regexp$email))
             {
                  
        $valid 1;
             }
             else
             {
                  
        $valid 0;
             }
             return 
        $valid;

        In fact, you needn't even seperate the lines, so long as you end line execution with a semi-colon. To my knowledge, though I've never used a technique such as this, you don't need to use curly braces so long as its only one line of code:
        PHP Code:
        if (condition)
        $a 'b';
        else
        $a 'c'
        PHP Code:
        header('HTTP/1.1 420 Enhance Your Calm'); 
        Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

        Comment


        • #5
          Originally posted by Fou-Lu
          PHP Code:
          function name()
          {
               if (
          eregi($regexp$email))
               {
                    
          $valid 1;
               }
               else
               {
                    
          $valid 0;
               }
               return 
          $valid;

          Why not just:
          PHP Code:
          function validate_email($email) {
            
          // ...
            
          return eregi($regexp$email);

          dumpfi
          Last edited by dumpfi; Aug 2, 2005, 11:41 AM.
          "Failure is not an option. It comes bundled with the software."
          ....../)/)..(\__/).(\(\................../)_/)......
          .....(-.-).(='.'=).(-.-)................(o.O)...../<)
          ....(.).(.)("}_("}(.)(.)...............(.)_(.))¯/.
          ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
          Little did the bunnies suspect that one of them was a psychotic mass murderer with a 6 ft. axe.

          Comment


          • #6
            Oops, I'm so stupid. I didn't see that i was the same.
            I lost my signature, have you seen it?
            I have the power to erase you...

            Comment


            • #7
              Originally posted by dumpfi
              Why not just:
              PHP Code:
              function validate_email($email) {
                
              // ...
                
              return eregi($regexp$email);

              dumpfi
              Yes, for the purpose of this function as $valid is not being used either globally or within the function itself, I would also say that is the best route. The point I was making hadn't been the code itself though, but the way the formatting takes place. The only difference between what I've posted here and what I do on my scripts is that I use a tab value for each level in scripts, and five spaces here on the forums. Honestly, I don't know what the standards is on it anymore, last I heard it was using a five-space tab (that would have been around the time of php3), but I figure might as well save space on my script by using a standard tab
              PHP Code:
              header('HTTP/1.1 420 Enhance Your Calm'); 
              Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

              Comment


              • #8
                In good editors you can set the tab size .
                I'm not sure if this was any help, but I hope it didn't make you stupider.

                Experience is something you get just after you really need it.
                PHP Installation Guide Feedback welcome.

                Comment


                • #9
                  Yeah, the problem with my code was setting to get the rows and not just setting the query to the variable, which would only give me the resource id. Anyway, thanks for all the help. Another thing, the regexp is one of the best around. You should use it.

                  Comment

                  Working...
                  X