PHP email activation to add user to DB

[chris_161]

Hi I have created several php scripts which adds a user to the database and allows them to login aswell. I want an email confirmation link in which the user has to click in order for them to get added to the database. Below is my code any help in what php I put in and where would be most helpful, thanks in advance. Chris

 

***********************************************************************

mainregister.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Web Server</title>

<link href="css/style.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

<tr>

<form name="form1" method="post" action="checkregister.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><strong>Member Login </strong></td>

</tr>

<tr>

<td width="78">Username</td>

<td width="6">:</td>

<td width="294"><input name="myusername" type="text" id="myusername"></td>

</tr>

<tr>

<td>Password</td>

<td>:</td>

<td><input name="mypassword" type="text" id="mypassword"></td>

</tr>

<tr>

<td> </td>

<td> </td>

<td><input type="submit" name="Submit" value="Register"></td>

</tr>

</table>

</td>

</form>

</tr>

</table>

</body>

</html>

 

******************************************************************************

checkregister.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

<body>

<?php

$host="localhost"; // Host name

$username="root"; // Mysql username

$password=""; // Mysql password

$db_name="webserver"; // Database name

$tbl_name="members"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// username and password sent from form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

$sql="INSERT INTO $tbl_name (username,password) VALUES('$myusername','$mypassword')";

$result=mysql_query($sql);

echo "Registered to database";

 

?>

</body>

</html>

[princeofpersia]

In your register page do this, this is my code and works fine.

 

1- in user table add a column call it activated as int

 

then use this code

 

    <?php

    include 'db.php';

    if ($_POST['register'])
    {
     //get form data
     $username = addslashes(strip_tags($_POST['username']));
     $password = addslashes(strip_tags($_POST['password']));
     $email = addslashes(strip_tags($_POST['email']));
     
     if (!$username||!$password||!$email)
        echo "Please fill out all fields";
     else
     {
        //encrypt password
        $password = md5($password);
        
        //check if username already taken
        $check = mysql_query("SELECT * FROM users WHERE username='$username'");
        if (mysql_num_rows($check)>=1)
           echo "Username already taken";
        else
        {
           //generate random code
           $code = rand(11111111,99999999);
           
           //send activation email
           $to = $email;
           $subject = "your subject";
           $headers = "From: your email";
           $body = "Hello $username,\n\nYou registered and need to activate your account. Click the link below or paste it into the URL bar of your browser\n\nhttp://your domain/activate.php?code=$code\n\nThanks!";

           if (!mail($to,$subject,$body,$headers))
               echo "We couldn't sign you up at this time. Please try again later.";
           else
           {
               //register into database
               $register = mysql_query("INSERT INTO users VALUES ('','$username','$password','$email','$code','0')");
               echo "You have been registered successfully! Please check your email ($email) to activate your account";
           }

        }
     }
    }
    else
    {

    ?>

    <form action='register.php' method='POST'>
    Choose username:<br />
    <input type='text' name='username'><p />
    Choose password:<br />
    <input type='password' name='password'><p />
    Email:<br />
    <input type='text' name='email'><p />
    <input type='submit' name='register' value='Register'>
    </form>

    <?php

    }

    ?>

 

then create a page call it activate.php and insert this code

 

    <?php

    include 'db.php';

    $code = $_GET['code'];

    if (!$code)
        echo "No code supplied";
    else
    {
        $check = mysql_query("SELECT * FROM users WHERE code='$code' AND active='1'");
        if (mysql_num_rows($check)==1)
            echo "You have already activated your account";
        else
        {
            $activate = mysql_query("UPDATE users SET active='1' WHERE code='$code'");
            echo "Your account has been activated!";
        }
        
    }
    ?>
    

 

When users login, login page checks if the user has been activated or not, if not it asks them to check email and activate

 

I hope it helps, and also if you insert your code in php tag when you post on this forum, it would be easier for others to read and respond quicker

 

 

[chris_161]

Why is there a need for the include 'db.php'; as i do not have a php file called this. Thanks in advance

Chris

[j.smith1981]

Take this out of the 'checkregister.php' script:

 

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="webserver"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");]$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="webserver"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

 

And put it in db.php

 

Then include at the top of the page.

 

For what I do commonly and have now always done this.

 

I create a custom function like so:

 

db.php:

function connectDb() {
$connect = mysql_connect("localhost","user","password");
if($connect) {
      mysql_select_db("databasename",$connect);
      }
}

 

Then to call that within your script, obviously use:

 

    include 'db.php';
    connectDb(); // will call the connectDb() function and connect you to your database

 

Just allows you to connect to your database when ever you want.

 

I just prefer doing that personally.