Search the Community
Showing results for tags 'activation.php'.
-
<?php // script 18.6 if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Need the database connection: require (MYSQL); // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $e = $p = FALSE; // Check for a first name: if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) { $fn = mysqli_real_escape_string ($dbc, $trimmed['first_name']); } else { echo '<p class="error">Please enter your first name!</p>'; } // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']); } else { echo '<p class="error">Please enter your last name!</p>'; } // Check for an email address: if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $trimmed['email']); } else { echo '<p class="error">Please enter a valid email address!</p>'; } // Check for a password and match against the confirmed password: if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) { if ($trimmed['password1'] == $trimmed['password2']) { $p = mysqli_real_escape_string ($dbc, $trimmed['password1']); } else { echo '<p class="error">Your password did not match the confirmed password!</p>'; } } else { echo '<p class="error">Please enter a valid password!</p>'; } if ($fn && $ln && $e && $p) { // If everything's OK... // Make sure the email address is available: $q = "SELECT user_id FROM users WHERE email='$e'"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_num_rows($r) == 0) { // Available. // Create the activation code: $a = md5(uniqid(rand(), true)); // new line include('includes/lib/password.php'); // new line $hash=password_hash($p, PASSWORD_BCRYPT); // Add the user to the database: $q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Send the email: $body = "Thank you for registering at <whatever site>. To activate your account, please click on this link:\n\n"; $body .= BASE_URL . 'activate/x=' . urlencode($e) . "&y=$a"; mail($trimmed['email'], 'Registration Confirmation', $body, 'From: mymail@sample.com'); // Finish the page: echo '<h3>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h3>'; include ('includes/footer.html'); // Include the HTML footer. exit(); // Stop the page. } else { // If it did not run OK. echo '<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; } } else { // The email address is not available. echo '<p class="error">That email address has already been registered. If you have forgotten your password, use the link at right to have your password sent to you.</p>'; } } else { // If one of the data tests failed. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of the main Submit conditional. ?> <h1>Register</h1> <form action="http://www.sample.com/register/" method="post"> <fieldset> <p><b>First Name:</b> <input type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /></p> <p><b>Last Name:</b> <input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /></p> <p><b>Email Address:</b> <input type="text" name="email" size="30" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" /> </p> <p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" value="<?php if (isset($trimmed['password1'])) echo $trimmed['password1']; ?>" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p> <p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" value="<?php if (isset($trimmed['password2'])) echo $trimmed['password2']; ?>" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Register" /></div> </form> <?php # Script 18.7 - activate.php // This page activates the user's account. require ('includes/config.inc.php'); $page_title = 'Activate Your Account'; include ('includes/header.html'); // If $x and $y don't exist or aren't of the proper format, redirect the user: if (isset($_GET['x'], $_GET['y']) && filter_var($_GET['x'], FILTER_VALIDATE_EMAIL) && (strlen($_GET['y']) == 32 ) ) { // Update the database... require (MYSQL); $q = "UPDATE users SET active=NULL WHERE (email='" . mysqli_real_escape_string($dbc, $_GET['x']) . "' AND active='" . mysqli_real_escape_string($dbc, $_GET['y']) . "') LIMIT 1"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // Print a customized message: if (mysqli_affected_rows($dbc) == 1) { echo "<h3>Your account is now active. You may now log in.</h3>"; } else { echo '<p class="error">Your account could not be activated. Please re-check the link or contact the system administrator.</p>'; } mysqli_close($dbc); } else { // Redirect. $url = BASE_URL . 'index.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } // End of main IF-ELSE. include ('includes/footer.html'); ?> I am modularizing a site that uses the registration (18.6) and activation (18.7) scripts from Chapter 18. All works fine until I try to rewrite activation.php to activation.inc.php and place it in the modules folder. When the activation e-mail comes and I click on the link, I receive a 404/Page Not Found. I am using the following in my .htaccess: RewriteEngine On RewriteRule ^(home|register)/?$ index.php?=$1 [L] RewriteRule ^(activate)/?$ index.php?p=$1&x=$2&y=$3 [L] As mentioned, registration works to the point of all data being inserted into database and the "Registration Confirmation" e-mail being received. It strongly appears to be a matter of my mod_rewrite syntax. Any suggestions as to where I am in error would be appreciated. Thank you.
- 3 replies
-
- chapter 18
- activation.php
-
(and 1 more)
Tagged with: