Newbie taken over site - registration php broken?

Bifford · January 13, 2011

Hey folks.

okay, I took over the admin of a website ( http://www.annualclownsdirectory.com ) a while back. I have changed nothing in the php but there seems to be a problem with account activation.

As a total newbie with php (I can work out what things do by reading the code, and can notice obvious mistakes but thats about it...) I have NO idea what is going on here to stop it working.

If I make a test account the email is sent to me with the link to click on to activate the account, which looks like this:

" http://www.annualclownsdirectory.com/confirm.php?id=330&hash=c6efb8f1d00beef170bd0df223ab87f1 "

but when clicked the website throws up this:

"Sorry, either this account is already active or it cannot be found, try logging in.

If you have just created this account and are getting this error then please wait a couple of minutes and try again"

Now when I check in myphpadmin the account is there, it's status is "unconfirmed" and I can't see anything wrong with the code (but as I say I am a total fresher here lol).

I have attached register.php so you can see what is there. I can see no "md5" variable in the phpmyadmin section for clown_account.

If any other files are needed please just say! And again, apologies for being useless!

Sam / Bifford

[attachment deleted by admin]

btherl · January 14, 2011

Can you post confirm.php as well? That is the script that is displaying the error message. The important part is the condition it checks before it gives you that message.

Skylight_lady · January 14, 2011

Can you post confirm.php as well? That is the script that is displaying the error message. The important part is the condition it checks before it gives you that message.

I had a check in the register.php file and that error is not show at all. As btherl said, we need to be able to follow the route of that message to get to the problem.

Bifford · January 14, 2011

Hello,

thanks for checking! I've included the file as asked.

Let's hope it's something obvious.

Sam

[attachment deleted by admin]

Bifford · January 14, 2011

Any ideas please??

Sam

PFMaBiSmAd · January 14, 2011

if ($res && ($arr = mysql_fetch_assoc($res)) && !strcmp($hash, md5($arr['id'].$arr['password'])) ) {

The above statement is false and you would need to determine why. Any one, two, or all of the following are false -

$res will be false if the query failed due to an error.

$arr will be false if the query matched zero rows.

The !strcmp will be false if the md5() of the id . password does not match the hash on the end of the url.

For troubleshooting purposes only, I recommend temporarily adding the following code, starting on the line after the line with the mysql_query() statement -

echo "result:<br />";
var_dump($res);
echo "<br />num rows:";
echo mysql_num_rows($res);

That will tell you if the query executed without error and if it matched a row(s) in the table.

You should also echo the md5() of the id concatenated with the password that is in the table and visually compare, character by character, the result with the hash that is on the end of the URL.

Bifford · January 15, 2011

if ($res && ($arr = mysql_fetch_assoc($res)) && !strcmp($hash, md5($arr['id'].$arr['password'])) ) {

The above statement is false and you would need to determine why. Any one, two, or all of the following are false -

Thank you for that reply!

This is the response I receive from this:

"

resource(4) of type (mysql result)

num rows:0

Warning: Cannot modify header information - headers already sent by (output started at /home/sifsskhn/public_html/annualclownsdirectory.com/confirm.php:9) in /home/sifsskhn/public_html/annualclownsdirectory.com/include/common.php on line 69

"

Which means it is the no matched rows that is the problem if I am reading that right?

But what does that mean, and how to solve it!?

You should also echo the md5() of the id concatenated with the password that is in the table and visually compare, character by character, the result with the hash that is on the end of the URL.

I'm afraid I do not know how to do that

I know I am useless. Never studied php before! So apologies for being dim.

Sam

PFMaBiSmAd · January 15, 2011

Yes, the query is matching zero rows. In that same code that you just added, add the following so that you can see what the query actually is (I suspect that the sqlesc() function is not returning an expected value) -

echo "query: $query<br />";

Could you also find and post the include/common.php file as that is where the sqlesc() function is (probably) defined. The database connection details are also likely in the common.php file. xxxxxx out the database details before you post the file.

Bifford · January 15, 2011

Yes, the query is matching zero rows. In that same code that you just added, add the following so that you can see what the query actually is (I suspect that the sqlesc() function is not returning an expected value) -
echo "query: $query<br />";
Could you also find and post the include/common.php file as that is where the sqlesc() function is (probably) defined. The database connection details are also likely in the common.php file. xxxxxx out the database details before you post the file.

Right, that now reports the following:

"result:

resource(4) of type (mysql result)

num rows:0query: SELECT * FROM `clown_account` WHERE `id`='332' AND `status` != 'unconfirmed'

Warning: Cannot modify header information - headers already sent by (output started at /home/sifsskhn/public_html/annualclownsdirectory.com/confirm.php:9) in /home/sifsskhn/public_html/annualclownsdirectory.com/include/common.php on line 69"

Database details are tucked away within secrets.php so no need for worry there.

The common.php file is attached.

Thanks!

Sam

[attachment deleted by admin]

PFMaBiSmAd · January 15, 2011

So, I was just looking at the query to write a reply on what you should check next and I realized that the `status` != 'unconfirmed' logic in the query is wrong. Your code is not working because someone monkeyed with (or in this case, clowned with) the query and changed an equal = comparison to a not-equal != comparison.

Bifford · January 15, 2011

So, I was just looking at the query to write a reply on what you should check next and I realized that the `status` != 'unconfirmed' logic in the query is wrong. Your code is not working because someone monkeyed with (or in this case, clowned with) the query and changed an equal = comparison to a not-equal != comparison.

You know, I looked at that != and wondered what the ! meant! I know badic and/or/not/nor stuff from programming my old Amstrad CPC464 in Basic - but that one was new to me and I didn't give it more thought.

I shall change that when I get home from work later and let you know if it solves the problem!!

Thank you!

Bifford · January 15, 2011

So, I was just looking at the query to write a reply on what you should check next and I realized that the `status` != 'unconfirmed' logic in the query is wrong. Your code is not working because someone monkeyed with (or in this case, clowned with) the query and changed an equal = comparison to a not-equal != comparison.

Wonderful! All is now working perfectly in regards to confirming an account with the site.

Apparently this has been a problem since before I took the management over so I'm very glad it's sorted. To all who helped, but especially PFMaBiSmAd, I (and the business's owner!) thank you most heartedly!

Sam / Bifford

Sign In

Newbie taken over site - registration php broken?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information