I am having a major problem with the PHP mail() function. I have a user sign-up page that generates an email for verification of their email address. Unfortunately and bizarrely, the function sends anywhere from 6 or 7 to 90+ emails to the same user. I do not understand how or why this is occurring, even after looking through others' posts on here.
Can someone help me debug this?
This is the code:
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$email = mysql_real_escape_string($_POST['email']);
$username = strtoupper(mysql_real_escape_string($_POST['username']));
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$termsofuse = mysql_real_escape_string($_POST['termsofuse']);
$status = mysql_real_escape_string($_POST['status']);
$approved = mysql_real_escape_string($_POST['approved']);
$acctype = mysql_real_escape_string($_POST['acctype']);
$industry = mysql_real_escape_string($_POST['industry']);
$newsletter = mysql_real_escape_string($_POST['newsletter']);
$contactname = mysql_real_escape_string($_POST['contactname']);
$contactnumber = mysql_real_escape_string($_POST['contactnumber']);
// Hashing of $password1
$password1 = sha256($password1);
$password2 = sha256($password2);
$hash = hash('sha256', $username);
// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$username2 = $row['username'];
// If $username doesn't equal $username2 (meaning there isn't an existing username, and both passwords match, write to database
if($username <> $username2 && $password1 === $password2){
$sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
$result = mysql_query($sql) or die ("Can't insert".mysql_error());
$to = $email; // Send email to user
$subject = 'Signup Verification'; //Subject line in email
$message = 'Welcome ' . $first_name . ','
. "\r\n\r\n"
. 'Thanks for signing up!'
. "\r\n\r\n"
. 'Your account has been created. To activate your account, click on the link below to get started!'
. "\r\n\r\n"
. 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
$headers = 'From: xxxx' . "\r\n" .
'Reply-To: same xxxx as above' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-fxxxx same as above'); //Send the email
header("location:new_member_sucess.php"); //yes, i know i spelled success wrong, but i also spelled it wrong in the page filename lol
} else {
echo "<style type='text/css'>A{text-decoration:none}</style>";
echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
echo "Passwords do not match or that username is already taken, please try again!<br>";
echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
}
?>
Thanks!
Your problem lies with the SQL to check for duplicate usernames.
// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$username2 = $row['username'];
...
}}
I have taken your code, and made some minor changes. I have changed your SQL query to retrieve a count of users with the same username, instead of returning every username to check individually.
I have also taken the code around the mail() function out of a loop. If no duplicate usernames have been found, the $duplicateUsername variable is set to false, otherwise its set to true.
If $duplicateUsername is false, then the mail function is called... once, otherwise the error is displayed.
Please everything from // Check for existing username with the following:
// Check for existing username
$username = mysql_real_escape_string($username);
$duplicateUsername = false;
$sql = "SELECT COUNT(username) AS usernameCount FROM members WHERE username = '{$username}'";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$duplicateUsername = $row['usernameCount']>0 ? true : false;
}
if(!$duplicateUsername){
$sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
$result = mysql_query($sql) or die ("Can't insert".mysql_error());
$to = $email; // Send email to user
$subject = 'Signup Verification'; //Subject line in email
$message = 'Welcome ' . $first_name . ','
. "\r\n\r\n"
. 'Thanks for signing up!'
. "\r\n\r\n"
. 'Your account has been created. To activate your account, click on the link below to get started!'
. "\r\n\r\n"
. 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
$headers = 'From: xxxx' . "\r\n" .
'Reply-To: same xxxx as above' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-fxxxx same as above');
header("location:new_member_sucess.php");
} else {
echo "<style type='text/css'>A{text-decoration:none}</style>";
echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
echo "Passwords do not match or that username is already taken, please try again!<br>";
echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
Your while loop doesn't make any sense.
You actually loop over all users (all rows in your db) and every time the new user doesn't match the current row in your while loop you add the new user to the database and send the email each time.
This is what you should do:
Your query
$sql = "SELECT * FROM members";
is way to generic.
Use MySql for what it's good for and let the database find the match not your php script by iterating over the result set.
Use a query like this:
$sql = "SELECT count(*) as count FROM members WHERE username LIKE '$username'";
$result = mysql_query($sql);
and then check if the $result['count'] equals 0. If that's the case the new user doesn't exist yet and you can create the new user and send your email.
You are executing mail() in a while() loop that includes all of the users in your database.
Based the if statement in that condition, you are doing an insert and sending the email every time the user-supplied username doesn't match the current row and the password matches. Presumably, several of your users a lot of the same passwords.
You will need to update your query to include conditions to excludes non-matching users from the result set.
You're looping though all of your members if if the usernames don't match, but the passwords do, you add a user and send an e-mail. Usernames will almost never be identical and passwords might...
You should change your query to only query the database for that particular user, e.g.
$sql = "SELECT * FROMmembersWHERE username LIKE \"" . $username . \"";
Not an answer to your question, but you can shorten the first lines of your code to this:
foreach($_POST AS $k => $v){
$$k = mysql_real_escape_string($v);
}
$username = strtoupper($username);
A lot shorter.
Your mail function is within while loop, so it's sending so many emails. please cut that code and place it above or below loop. Second, query is wrong, $sql = "SELECT * FROM members"; will select all members, use $sql = "SELECT * FROM members where ....."; i don't know column names. read, http://www.w3schools.com/php/php_mysql_where.asp
Related
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 1 year ago.
my problem is that i have two codes one for guest table and the other is for employee table....they are literally the same but with changes on the name of columns....the guest code works like charm...but the employee code wont insert the row at all...it doesnt show me errors it prints out the TRUE message.
here is the employee code:
if ($emp = $con->prepare('SELECT emp_id, password FROM employee WHERE emp_name = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$emp->bind_param('s', $_POST['emp_name']);
$emp->execute();
$emp->store_result();
// Store the result so we can check if the account exists in the database.
if ($emp->num_rows > 0) {
// Useremp_name already exists
echo "<script>viewmessagebox('emp_name exists please choose another ....','empactivate.php')</script>";
} else {
// Insert new account
// Useremp_name doesnt exists, insert new account
if ($emp = $con->prepare('INSERT INTO employee (gender, emp_type, designation, status ,emp_name, password, login_id, activation_code) VALUES (?, ?, ?, ?, ?, ?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$uniqid = uniqid();
$stat = 'Active';
$emp->bind_param('ssssss', $_POST['gender'], $_POST['emp_type'], $_POST['designation'], $stat, $_POST['emp_name'], $password, $_POST['login_id'], $uniqid);
$emp->execute();
$from = 'noreply#yourdomain.com';
$subject = 'Account Activation Required';
$headers = 'From: ' . $from . "\r\n" . 'Reply-To: ' . $from . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . 'MIME-Version: 1.0' . "\r\n" . 'Content-Type: text/html; charset=UTF-8' . "\r\n";
// Update the activation variable below
$hashed = 'you password' . $_POST['password'];
$activate_link = 'http://localhost/eHostel%20Source%20code/empactivate.php?login_id=' . $_POST['login_id'] . '&code=' . $uniqid;
$message = '<p>Please click the following link to activate your account: ' . $activate_link . ' ' . $hashed . ' </p>';
mail($_POST['login_id'], $subject, $message, $headers);
echo "<script>viewmessagebox('Please check your login_id to activate your account!....','index.php')</script>";
}
else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo "<script>viewmessagebox('UNKOWN ERROR TRY AGAIN ....','empactivate.php')</script>";
}
}
$emp->close();
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo "<script>viewmessagebox('UNKOWN ERROR TRY AGAIN ....','empactivate.php')</script>";
}
$con->close();
}
}
and here is the guest code:
if ($stmt = $con->prepare('SELECT guestid, password FROM guest WHERE name = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bind_param('s', $_POST['name']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
// Username already exists
echo "<script>viewmessagebox('name exists please choose another ....','guest - Copy.php')</script>";
} else {
// Insert new account
// Username doesnt exists, insert new account
if ($stmt = $con->prepare('INSERT INTO guest (contactno, status ,name, password, emailid, activation_code) VALUES (?, ?, ?, ?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$uniqid = uniqid();
$stat = 'Active';
$stmt->bind_param('ssssss', $_POST['contactno'], $stat, $_POST['name'], $password, $_POST['emailid'], $uniqid);
$stmt->execute();
$from = 'noreply#yourdomain.com';
$subject = 'Account Activation Required';
$headers = 'From: ' . $from . "\r\n" . 'Reply-To: ' . $from . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . 'MIME-Version: 1.0' . "\r\n" . 'Content-Type: text/html; charset=UTF-8' . "\r\n";
// Update the activation variable below
$hashed = 'you password' . $_POST['password'];
$activate_link = 'http://localhost/eHostel%20Source%20code/activate.php?emailid=' . $_POST['emailid'] . '&code=' . $uniqid;
$message = '<p>Please click the following link to activate your account: ' . $activate_link . ' ' . $hashed . ' </p>';
mail($_POST['emailid'], $subject, $message, $headers);
echo "<script>viewmessagebox('Please check your emailid to activate your account!....','index.php')</script>";
}
else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo "<script>viewmessagebox('UNKOWN ERROR TRY AGAIN ....','guest - Copy.php')</script>";
}
}
$stmt->close();
} else {
// Something is wrong with the sql statement, check to make sure accounts table exists with all 3 fields.
echo "<script>viewmessagebox('UNKOWN ERROR TRY AGAIN ....','guest - Copy.php')</script>";
}
$con->close();
}
}
Okay, I found the issue. Here is a problem with line:
$emp->bind_param('ssssss', $_POST['gender'], $_POST['emp_type'], $_POST['designation'], $stat, $_POST['emp_name'], $password, $_POST['login_id'], $uniqid);
Here you are binding 8 variables, but on first argument here are only 6 types of data:
'ssssss'
Also it would be better to save data using proper types:
i - integer,
d - double,
s - string,
b - BLOB
I want to send an email to someone that clicks the link having the information on them from my database. So they put in their username , password, and email and get the 'Item' and 'Aisle' sent to them. The problem is they can have multiple items under their username. So I need to echo all the information in one email. But its not possible to echo information in an email. Currently it sends an email for each item and aisle information found so it can send 2+ emails of information. Any help would be loved. Thanks!
$Username = mysql_real_escape_string($_POST['Username']);
$Password = mysql_real_escape_string($_POST['Password']);
$Loc = mysql_real_escape_string($_POST['Loc']);
$To = mysql_real_escape_string($_POST['To']);
$Subject = "List";
$query = mysql_query("select * from Members where Username = '$Username' and Password = '$Password'");
while ($row = mysql_fetch_array($query)) {
$headers = 'From: email#email.com';
$Items = $row['Items'];
$Loc = $row['Loc'];
$msg= "Item: $Items
Aisle: $Loc\n";
mail($To, $Subject, $msg, 'From:' . $header);
echo 'Email sent to: ' . $To. '<br>';
Changing the 2nd part of your codes as below:
$query = mysql_query("select * from Members where Username = '$Username' and Password = '$Password'");
$items = '';
$headers = 'From: email#email.com';
while ($row = mysql_fetch_array($query)) {
$items .= $row['Items'] . PHP_EOL;
$loc = $row['Loc']; // what is Loc ?
}
$msg= "Item: $items
Aisle: $loc\n";
mail($To, $Subject, $msg, 'From:' . $header);
echo 'Email sent to: ' . $To. '<br>';
However, your table structure is weird. You should put your items in a separate table with your member ID as foreign key.
Try placing the message in a separate file and include it in the message.
like this.
$message = include('email_massage.php');
I am trying to create an email validation form for my database but am having a number of issues. When i try and run the code below i get the error no database selected.
I also get an undefined variable error. I want the put the name of the user into my database under the username field, but apparently $name is an undefined variable. error on line xx undefined variablemysql_query("INSERT INTO registrations (username, password, email, hash) VALUES( '". mysql_real_escape_string($name) ."',.
I am using WAMP server. The name of the database is sitememberdetails, and the name of the
table i need the information put into is registrations. I am pretty new to this - Could anyone tell me how i would define the variable and how i select the db( even though it already appears to be selected?)
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx#xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die
("Error: ".mysql_error());
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-
z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to
your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,
email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or
die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from
headers
mail($to, $subject, $message, $headers); // Send our email
?>
try changing this code
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
to this
mysql_select_db($databasename) or die(mysql_error());
EOL;
if (database_connection) {
unset($undefined_variable_error)
} else {
echo $undefined_variable_error;
}
// Because mysql_real_escape_string needs an open mysql connection
check out this modified code:
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx#xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die ("Error: ".mysql_error());
mysql_select_db($databasename) or die(mysql_error());
$name = "";
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.'; }
else {
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = ' Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from
mail($to, $subject, $message, $headers); // Send our email
?>
and i advise you to use PDO instead of mysql_ functions
Seems like the $name value isn't getting posted to the form. You're mysql_escaping the name variable if it is set and isn't empty, but what happens if the name variable isn't set at all? There are no checks for this so it continues until it gets to the INSERT statement and causes an error.
Look at example #1 here to select the db. You have a semicolon after ($databasename); which doesn't make sense.
Here's some revised code, using PDO instead of mysql_*. Let me know if this one works and we can address any issues from there.
<?php
$host = 'localhost';
$dbname = 'sitememberdetails';
$user = '';
$pass = '';
try
{
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']))
{
$name = $_POST['name'];
$email = $_POST['email'];
}
else
{
$name = 'No Name';
$email = 'No Email';
}
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email))
{
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
$query = "INSERT INTO registrations (username, password, email, hash) VALUES('?', '?', '?', '?')";
$sth = $DB->prepare($query);
//By using ?'s and prepare/execute, PDO will prevent SQL Injection for you!
$sth->execute(array($name, md5($password), $email, $hash));
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = 'Thanks for signing up! Your account has been created,
you can login with the following credentials after you
have activated your account by pressing the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash;
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from header
mail($to, $subject, $message, $headers); // Send our email
?>
I tried to a user registration and email verification using PHP, everything responded very well but a certain point after the user has submitted the registration form then the form is posted to verify.php then the script will send an activation code to the user's email.
The error is that the moment the activation mail is sent to the user's mail box, the page should display:
Thank you! An email has been sent to {Form.email}. To complete your registration, click on the email verification link sent to your email address.
Instead, it will automatically refresh the page and redirect the user to registrationcomplete.php page. which suppose to come after the user has verified.
I used the following code:
<?php
require ('Connections.php');
$activationkey = mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$name = mysql_real_escape_string($_POST['name']);
$country = mysql_real_escape_string($_POST['country']);
$state = mysql_real_escape_string($_POST['state']);
$add = mysql_real_escape_string($_POST['add']);
$phone = mysql_real_escape_string($_POST['phone']);
$email = mysql_real_escape_string($_POST['email']);
$userid = mysql_real_escape_string($_POST['userid']);
$password = mysql_real_escape_string($_POST['password']);
$lrname = mysql_real_escape_string($_POST['lrname']);
$lraccount = mysql_real_escape_string($_POST['lraccount']);
$wmz = mysql_real_escape_string($_POST['wmz']);
$form_submitt = $_POST['button'];
if ($form_submitt == true){
$sql = "INSERT INTO customers (`activationkey`, `name`, `country`, `state`, `add`, `phone`, `email`, `lrname`, `lraccount`, `comment`, `wmz`, `okpay`, `userid`, `password`, `status`) VALUES ('$activationkey', '$name', '$country', '$state', '$add', '$phone', '$email', '$lrname', '$lraccount', '', '$wmz', '', '$userid', '$password', 'verify');";
mysql_query($sql) or die(mysql_error());
##Send activation Email
$to = $_POST['email'];
$subject = "Complete registation";
$message = "Welcome to sitename!\r\rYou, or someone using your email address, has completed registration at www.sitename.com.\r\r You can complete registration by clicking the following link:\rhttp://www.sitename.com/verify.php?$activationkey \r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\r\r www.sitename.com Team";
$headers = 'From: noreply#sitename.com' . "\r\n" .
'Reply-To: noreply#sitename.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
}
?>
<?php
##User isn't registering, check verify code and change activation code to null, status to activated on success
if(isset($_SERVER['QUERY_STRING'])){
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM `DBName`.`customers`";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($queryString == $row['activationkey']){
$sql = "UPDATE `DBName`.`customers` SET `activationkey` = '', `status` = 'verified' WHERE `customers`.`id` = $row[id];";
mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=registrationcomplete.php'>";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
}
}
}
?>
Replace,
echo "<meta http-equiv='refresh' content='0;url=registrationcomplete.php'>";
to
header('location:verify.php?action=success');
exit();
Now using the action variable you can display the message
if(isset($_GET['action']) && $_GET['action'] == "success"){
echo 'Thank you message........';
}
I would like an email sent to me if a someone has logged into the database. My config to connect and log in is below.
<?php
session_start();
require_once('connect.php');
// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM user WHERE username = '".$input_username."'" );
// Check username and password match
$row = mysql_fetch_array($login);
if (mysql_num_rows($login)) {
if($row['password'] === md5($_POST['password'])){
$_SESSION['username'] = $_POST['username']; // store in session
$sql = "UPDATE user SET logindate = NOW() WHERE username = '" . mysql_real_escape_string($_SESSION['username']) . "'";
mysql_query($sql) or die("Error in SQL: " . mysql_error());
}
else{
// Invalid login
echo header('Location: loginerror.php');
exit;
}
?>
You can simply send mails with the PHP mail function.
You may want to add it like this, if you want to recieve an email every time a user logged in:
if ($rowcount == 1) {
$_SESSION['username'] = $_POST['username'];
$headers = "From:Me <no-reply#example.com>\r\n";
$headers .= "Reply-To: no-reply#example.com\r\n";
$email_to = "your#emailadress.tld";
$subject = "Someone logged in!";
$message = "User ".$_POST['username']." logged in!";
mail($email_to, $subject, $message, $headers);
header("Location: securedpage.php");
}
To check whether the mail function was successful or not you can use:
if(mail($email_to, $subject, $message, $headers)) {
// mail function was successful
} else {
// error; mail function was NOT successful
}
Edit:
Just a note: You do a query twice and in the second one you don't use escaped data. You should remove your first one and change the second one to the code below. Also use mysql_real_escape string for the password:
$input_password = mysql_real_escape_string($_POST['password']);
$login = mysql_query("SELECT * FROM tbuser WHERE (username = '" . $input_username . "') AND (password = '" . md5($input_password) . "')",$db);