Why would this code for my verification of a user account produced a blank page?
I'm using this as the file to activate accounts from an email, and it comes up blank.
I'm sorry for the previous stupid post.. I pasted the wrong code, here is the file that still produces a blank page..
verify.php
//Require Database Stuff
require("database.class.php");
require("user.php");
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']))
{
$verify = $db->prepare('UPDATE users SET active=:active WHERE active=0 AND email=:email and active=:active');
$status = $verify->execute(array(':active' => 1));
if( $status )
{
echo '<p>Your account has been activated, you can now login.</p>';
} else {
echo '<p>Account already active, or account does not exist.</p>';
}
}else{
echo "<p>Invalid URL.</p>";
}
}
Try this, added ':email'=>$_GET['email']
$verify = $db->prepare('UPDATE users SET active=:active WHERE active=0 AND email=:email');
$status = $verify->execute(array(':active' => 1, ':email'=>$_GET['email']));
Related
I have this form programmed to log a user in. I have confirmed that it does in fact set a session for a user, but for some reason, it forwards the user to the page to connect to the database. I have this page linked in the code because I obviously need to consult the database to confirm the user has an account, but I don't understand why it goes to this page and then just stays there. Help would be appreciated. Index2.php (set as that right now so users won't see it when they go to the site) is supposed to be set as the redirected page after login. The user is supposed to be able to see the homepage even without logging in, but certain content only appears in the user is logged in.
<?php
session_start();
include("db_connect.php");
if($_SERVER['REQUEST_METHOD'] == "POST")
{
//something was posted
$email = $_POST['email'];
$password = $_POST['password'];
if(!empty($email) && !empty($password))
{
//read from database
$query = "select * from users_listers where email = '$email' limit 1";
$result = mysqli_query($conn, $query);
if($result)
{
if($result && mysqli_num_rows($result) > 0)
{
$user_data = mysqli_fetch_assoc($result);
if($user_data['password'] === $password)
{
$_SESSION['user_lister_id'];
header("Location: ../index2.php");
die;
}
}
}
echo "wrong username or password!";
}else
{
echo "wrong username or password!";
}
}
?>
Thank you for the help!
I am sending to me a email when a new User has sign-up to aprove it. Now I have this verify.php Code:
<?php
mysql_connect("localhost", "database", "pw", "databasename") or die(mysql_error()); // Connect to database server(localhost) with username and password.
mysql_select_db("databasename") or die(mysql_error()); // Select registration database.
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysql_escape_string($_GET['email']); // Set email variable
$hash = mysql_escape_string($_GET['hash']); // Set hash variable
$search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>
I get everything.. the mail with correct link:
http://www.yourwebsite.com/verify.php?email='.$email.'&hash='.$hash.'
But once I click the link it just stays in blank Website.. No error but no Change to... :(... Pretty sure there is small error I cant find..
Solved with:
<?php
ini_set('display_errors', true); error_reporting(E_ALL);
$link = $link = mysqli_connect("localhost", "database", "pw!", "database");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysqli_escape_string($link, $_GET['email']); // Set email variable
$hash = mysqli_escape_string($link, $_GET['hash']); // Set hash variable
$passwort = mysqli_escape_string($link, $_GET['passwort']); // Set hash variable
$passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);
$search = mysqli_query($link, "SELECT email, hash, active, passwort FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error());
$match = mysqli_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysqli_query($link, "UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>
Check this line:
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
You have used "AND" here. It should be:
if((isset($_GET['email']) && !empty($_GET['email'])) && (isset($_GET['hash']) && !empty($_GET['hash']))){
I have checked your script, It is working with some modifications. Possible error according to me is status datatype. it should be 'int' Please check below.:
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysql_escape_string($_GET['email']); // Set email variable
$hash = mysql_escape_string($_GET['hash']); // Set hash variable
$search = mysql_query("SELECT * FROM test_users WHERE u_email='".$email."' AND u_hash='".$hash."' ") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysql_query("UPDATE test_users SET u_status='1' WHERE u_email='".$email."' AND u_hash='".$hash."'") or die(mysql_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>
It's a bad idea to use die(), if this happens the error is logged to the Apache error log and you are left with a blank screen. You should consider moving away from using this way of interacting with mysql and consider using PDO (https://phpdelusions.net/pdo) with prepared statements.
To see what the actual error is follow your web server error log and see what is being logged.
I have a verification link like this:
http://nailsalon.gwiddle.co.uk/nailsalon/verify.php?email=email#enail.com&hash=66808e327dc79d135ba18e051673d906.
When I click it or manually insert it to the address bar I get error 500 or File not found. The page which I am trying to access through this link uses the $_GET array.
When I use a link like this:
http://nailsalon.gwiddle.co.uk/nailsalon/index.php?id=1 which leads to a page which doesn't use the $_GET it loads without problem.
There is another question with the same problem but no solution here:
Internal server error on email verification
Here is the code of the target page:
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
$email = clear_entry($_GET['email']);
$hash = clear_entry($_GET['hash']);
/*Query that retrieves all users with the given email and hash*/
$result = $mysqli->query("SELECT * FROM users WHERE user_email='$email' AND hash='$hash' AND is_activated='0'");
/*Checks if the account is already verified*/
if ($result->num_rows == 0 ){
$_SESSION['message'] = "Account has already been activated or the URL is invalid!";
header("location: error.php");
}else{
$_SESSION['message'] = "Your account has been successfully activated!";
$mysqli->query("UPDATE users SET is_activated='1' WHERE user_email='$email'") or die($mysqli->error);
$_SESSION['active'] = 1;
header("location: success.php");
}
}else{
$_SESSION['message'] = "Invalid parameters provided for account verification!";
echo "Invalid parameters provided for account verification!";
header("location: error.php");
}
?>
I have created a registration system with email verification and when I signed up everything was ok. But when I clicked on link in email it said error. Can you help me please?
<?php session_start();
include_once 'dbconnect.php';
if (isset($_GET['email'])){
$email = $_GET['email'];
}
if (isset($_GET['status']) && (strlen($_GET['status']) == 32)) {
$status = $_GET['status'];
}
if (isset($email) && isset($status)) {
$query_activate_account = "UPDATE users SET status='Active' WHERE(email ='$email' AND status='$status')";
$result_activate_account = mysqli_query($query_activate_account);
echo '<div>Your account is now active. You may now Log in</div>';
} else {
echo '<div>Oops !Your account could not be activated. Please recheck the link or contact the system administrator.</div>';
}
?>
The url you are sending to user is wrong
It does not contain email and status
To use code like this,
if (isset($_GET['email'])){
$email = $_GET['email'];
}
if (isset($_GET['status']) && (strlen($_GET['status']) == 32)) {
$status = $_GET['status'];
}
your email should be like this,
$email = "email here";
$message = "http://chat-web.net/activate.php?status=$status&email=$email";
There are many questions about email confirmation, databases, and permissions on Stackoverflow, but nothing I could find that would help me with this.
This specific question is directed to an email confirmation function built with PHP. The tutorial I am using can be found here: http://www.phpeasystep.com/phptu/24.html. Everything is working, however when the user clicks the email confirmation link (which would move their information from the temp_table to the confirmed_table), I receive this error:
Error updating database: No database selected
From what I have gathered from different sites/research/Stackoverflow questions is that this is due to the permissions of the database(s) I am working with (please correct me if it is another problem). I have read that I need to change all the users to be able to READ, but am unsure whether I should do this to both the databases as a whole (I couldn't find whether you can set the privileges for all the users in a database to automatically have the READ privileged), or the PHP when I add them to the temp_table. The tutorial I showed above doesn't say anything about it, so I am confused.
Registration form code:
<?php
session_start();
if(isset($_SESSION['aI']) || isset($_SESSION['pss'])) {
header("Location: pa.php");
}
include 'db.php';
if(isset($_POST['rSub'])) {
// connects to database using PHP Data Objects, throws exception if error in connection
try {
$conn = new PDO("mysql:host=$svrHost;db=$svrDb", $sUme, $sp);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo "ERROR: " . $e->getMessage();
}
$error = '';
if($_POST['fN'] == '' || $_POST['lN'] == '' || $_POST['aI'] == '' || $_POST['eml'] == '' || $_POST['pss'] == ''
|| $_POST['pss2'] == '') {
$error = "<li style=\"color:#C70000; font-weight:bold;\"><center>- All fields are required. Try again.</font><center></li>";
}
if($error == '') {
$fN = ucfirst($_POST['fN']);
$lN = ucfirst($_POST['lN']);
$aI = $_POST['aI'];
$eml = $_POST['eml'];
$pss = $_POST['pss'];
$pss2 = $_POST['pss2'];
$admin = 0;
if($error != '') {
$error = "<ul>".$error."</ul>";
$_SESSION['error'] = $error;
}
else {
$hF = "$2y$10$"; // 2y = blowfish and 10 = num of hashes
$sa = "testsaltforwebsite1219"; //"random" 22-character sa
$fAS = $hF.$sa;
$sha = crypt($pss, $fAS);
// Random confirmation code
$c_cd=md5(uniqid(rand()));
$insert = $conn->prepare("INSERT INTO t_awhole (c_cd, fN, lN, aI, eml, pss)
VALUES (:c_cd, :fN, :lN, :aI, :eml, :pss)");
$insert->bindParam(':c_cd', $c_cd);
$insert->bindParam(':fN', $fN);
$insert->bindParam(':lN', $lN);
$insert->bindParam(':aI', $aI);
$insert->bindParam(':eml', $eml);
$insert->bindParam(':pss', $sha);
$result=$insert->execute();
// ---------------- Confirmation email ---------------- \\
// table name
$t_apart=t_awhole;
if($result){
// send e-mail to ...
$to=$eml;
// Your subject
$subject="Registration Confirmation";
// From
$header="from: no-reply#example.com"; //Need the address to send the eml to.
// Your message
$message="Copy and paste this link in your browser to activate your account: \r\n";
$message.="\n";
$message.="(serverAddress)/confirmation.php?passkey=$c_cd \r\n";
$message.="\n";
$message.="Thank you";
// send eml
$sml = mail($to,$subject,$message,$header);
}
// if not found
else {
echo "Your email Is Not Registered. Please Register.";
}
// if your email succesfully sent
if($sml){
echo '<script> window.location.href="emlC.php"</script>';
}
else {
echo "Cannot Send Confirmation Link To Your email Address.";
}
// ---------------- Confirmation email ---------------- \\
$_SESSION['aI'] = $aI;
$_SESSION['pss'] = $pss;
$_SESSION['admin'] = 0;
$stmt = $conn->prepare("SELECT DISTINCT dN, dU, ex FROM doc WHERE aI != '0'");
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $row)
{
$ex = $row['ex'];
$dU = $row['dU'];
$dN = $row['dN'];
$insert = $conn->prepare("INSERT INTO doc (dN, dU, aI, ex)
VALUES (:dN, :dU, :aI, :ex)");
$insert->bindParam(':aI', $aI);
$insert->bindParam(':ex', $ex);
$insert->bindParam(':dU', $dU);
$insert->bindParam(':dN', $dN);
$insert->execute();
}
}
}
?>
Confirmation page code:
<?php
include('db.php');
// passkey that got from link
$pk=$_GET['pk'];
$t_awhole_conf="t_awhole";
// Retrieve data from table where row that match this passkey
$sql_conf1="SELECT * FROM $t_awhole_conf WHERE confirm_code ='$pk'";
$result_conf=mysql_query($sql_conf1) or die ('Error updating database: '.mysql_error());
// If successfully queried
if($result_conf){
// Count how many row has this passkey
$count=mysql_num_rows($result_conf);
// if found this passkey in our database, retrieve data from table "t_awhole"
if($count==1){
$rows=mysql_fetch_array($result_conf);
$fN = $rows['fN']; // capitalizes the first letter (6-26-14)
$lN = $rows['lN']; // capitalizes the first letter (6-26-14)
$aI = $rows['aI'];
$eml = $rows['eml'];
$pss = $rows['pss'];
$pss2 = $rows['pss2'];
$a_whole_conf="a_whole";
// Insert data that retrieves from "t_awhole" into table "a_whole"
$sql_conf2="INSERT INTO $a_whole_conf(fN, lN, aI, eml, pss, admin)
VALUES ($fN, $lN, $aI, $eml, $pss, $admin)";
$result_conf2=mysql_query($sql_conf2);
}
// if not found passkey, display message "Wrong Confirmation code"
else {
echo "Wrong Confirmation code";
}
// if successfully moved data from table"t_awhole" to table "a_whole" displays message "Your account has been activated" and don't forget to delete confirmation code from table "t_awhole"
if($result_conf2){
echo "Your account has been activated";
// Delete information of this user from table "t_awholeb" that has this passkey
$sql_conf3="DELETE FROM $t_awhole_conf WHERE confirm_code = '$pk'";
$result_conf3=mysql_query($sql_conf3);
}
}
?>
In your Registration form code, you have two lines that create the connection to the database (new PDO ...). You can further use $conn to execute statements.
In your Confirmation code, you don't create any connection before calling mysql_query (why the switch from PDO to mysql functions ?).
See the mysql_query documentation here.