This is for user activation.
function activate($email, $email_code){
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1){
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
}else{
return false;
}
}
Activation.php
if (isset($_GET['success']) === true && empty($_GET['success'])===true){
echo 'Account activated!';
}
else if (isset($_GET['email'], $_GET['email_code']) === true){
$email = trim($_GET['email']);
$email_code = trim($_GET['email_code']);
if(email_exists($email) === false){
$errors[] = 'Oops, something went wrong!';
}else if (activate($email, $email_code === false)){
$errors[] = 'We have problems activating your account!';
}
if (empty($errors) === false){
echo output_errors($errors);
}else{
header('Location:activate.php?success');
exit();
}
}else{
header('Location:go.php');
exit();
}
It says 'Account activated!' as I echoed but it didn't change the field in the table. It didn't activate at all basically. What is the problem here?
You have to change the function like this
function activate($email, $email_code){
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1){
if(mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'")){
return true;
}
else{
return false;
}
}
}
Related
I have this error "Warning: mysql_result(): user_id not found in MySQL result index 13 in C:\xampp\htdocs\core\functions\users.php on line 14"
I think i don't know how to read from my Database, it looks like
Here is my users code
<?php
function user_exists($username){
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`uID`) FROM `user` WHERE `uUserName` = '$username'"), 0) == 1) ? true : false;
}
function user_active($username){
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`uID`) FROM `user` WHERE `uUserName` = '$username' AND `uActive` = 1"), 0) == 1) ? true : false;
}
function user_id_from_username($username){
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `uID` FROM `user` WHERE `uUserName` = '$username'"), 0, 'user_id');
}
function login($username,$password){
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`uID`) FROM `user` WHERE `uUserName` = '$username' AND `uPassword` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
This is my login system code
if(empty($_POST) === false){
$username = $_POST['username'];
$password = $_POST['password'];
if(empty($username) === true || empty($password) === true){
$errors[] = 'You need to enter a Username and Password';
} else if(user_exists($username) == false){
$errors[] = 'We cannot find that Username, have you registered?';
} else if(user_active($username) === false){
$errors[] = 'You have not activated your account.';
}
else {
$login = login($username,$password);
if($login === false){
$errors[] = 'The username or password is incorrect';
} else {
echo 'ok';
}
}
print_r($errors);
}
You have an error at line 13 where you specify 'user_id' as an offset.
You can simply get the uID column and store the value if that row exists.
$result = mysql_query("SELECT `uID` FROM `user` WHERE `uUserName` = '$username'");
$user_id = 0; // default value, meaning user not found
if ($result && mysql_num_rows($result) > 0){
$row = mysql_fetch_assoc($result);
$user_id = $row[0];
}
return $user_id;
Then you can modify your login function to check whether user_id > 0 or not. If it's larger than 0, then you got that user's id.
Currently the only problem that I see is your user_id_from_username function.
You're trying to set an offset to a field that doesn't exist and mysql doesn't find it. So it's throwing an error:
function user_id_from_username($username){
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `uID` FROM `user` WHERE `uUserName` = '$username'"), 0, 'uID');
}
Try the above or leave off the uID since it's not a mandatory but rather an optional parameter.
Insert obligatory, you should be using mysqli instead of mysql at this point if your PHP version supports it.
I'm trying secure more my member system.
So basicly if somebody wants to create an account he needs to activate it by email.
Now when I receive an email with the activation code: he says We cannot find that email This is strange since the email is in the database.
I got a script called activate.php
<?php
if (isset($_GET['succes']) === true && empty ($_GET['succes']) === true) {
?>
<h2>Thanks, your account has been activated!</h2>
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = trim($_GET['email']);
$email_code = trim($_GET['email_code']);
$user = new User();
if($user->email_exists($email) === false) {
echo 'We cannot find that email';
} else if ($user->activate($email, $email_code) === false) {
echo 'problem activate your account';
}
}
?>
In the classes dir I got a file called User.php
The activate function
function activate ($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
require_once '../config.php';
if ($db->get($db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
$db->query("UPDATE `users` SET `group` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
And the email_exists function:
function email_exists($email) {
return ($this->_db->get($this->_db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
Use urlencode and urldecode funcitons while inserting/gettind email from url
$email = urldecode(trim($_GET['email']));
...
$url = 'http://site/?email='urlencode($email);
Check this:
function email_exists($email) {
var_dump($email);exit;
return ($this->_db->get($this->_db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
I created a login form but when i try to login, it says email or password is incorrect but I'm going in the right email and password.
I create user in my database users table but again again i get this error. All error is ok when i try to emtpy email and password it says You need to entere a email and password.
and activated error also ok.I am entering the correct password and email address. Gives me the error.
This is users.php
<?php
function user_exists($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
function user_active($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email' AND `active` = 1"), 0) == 1) ? true : false;
}
function user_id_from_email($email) {
$email = sanitize($email);
return mysql_result(mysql_query("SELECT `id` FROM `users` WHERE `email` = '$email'"), 0, 'id');
}
function login($email, $password) {
$id = user_id_from_email($email);
$email = sanitize($email);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT (`id`) FROM `users` WHERE `email` = '$email' AND `password` = '$password'"), 0 ) == 1) ? $id : false;
}
?>
And this is login.php
<?php
include("core/init.php");
if(empty($_POST) === false) {
$email = $_POST['email'];
$password = $_POST['password'];
if (empty($email) === true || empty($password) === true) {
$errors[] = 'You need to enter a email and password';
} else if (user_exists($email) === false) {
$errors[] = 'We can\'t find that email. Have you registered ?';
} else if (user_active($email) === false) {
$errors[] = 'You have\'t activated your account';
} else {
$login = login($email, $password);
if ($login === false) {
$errors[] = 'That email/passowrd cocmbination is incorrect';
}else {
$_SESSION['id'] = $login;
header('Location: main.php');
exit();
}
}
print_r ($errors);
}
?>
Sorry, but there's a whole load of stuff which is wrong - lots of it may be producing errors.
1) there is no 'sanitize' function in php and you haven't told us what it does.
2) your login.php does niclude users.php
3) generating an md5 hash of the password is far from secure (it should be a slated sha1 hash as a minimum)
4) you never check for errors being returned by the DBMS
5) ...actually - that's not true - you compare the return value from the functions in users.php to false - and you'll only get false if the query fails - not if it returns 0 rows
Consider....
function do_something_with_email($email, &$err) {
$email = mysql_real_escape_string($email);
if (!($res=mysql_query("SELECT `id` FROM `users` WHERE `email` = '$email'"))) {
$err=mysql_error();
return false;
}
if (!($data=mysql_fetch_array($res)) {
$err=mysql_error();
return false;
}
return $data[0];
}
switch (do_something_with_email($email, $err)) {
case false:
die ($err);
case 0:
print "No records matched";
break;
default:
print "OK";
break;
}
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
I can't find the missing curly brace, but I am getting this message "Parse error: syntax error, unexpected $end in /site/public_html/core/functions/users.php on line 75"
For the following code..
<?php
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
}
else {
return false;
}
function change_password ($user_id, $password) {
$user_id = (int)$user_id;
$password = md5($password);
mysql_query("UPDATE `users` SET `password` = '$password' WHERE `user_id` = $user_id");
}
function register_user($register_data) {
array_walk($register_data, 'array_sanitize');
$register_data['password'] = md5($register_data['password']);
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = '\'' . implode('\', \'', $register_data) . '\'';
mysql_query("INSERT INTO `users` ($fields) VALUES ($data)");
email($register_data['email'], 'Activate your account', "
Hello " . $register_data['username'] . ", \n\n You need to activate your account, so use the link below: \n\nhttp://www.mysite.com/activate.php?email=" . $register_data['email'] . "&email_code=" . $register_data['email_code'] . "\n\n~Admin~ ");
}
function user_count() {
return mysql_result(mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `active` = 1"), 0);
}
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` =1"), 0) ==1) ? true : false;
}
function user_id_from_username ($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id'));
}
function login ($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
Thanks for any help.
It looks like your activate() function is missing its closing bracket }.
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
} /* MISSING BRACKET */
function change_password ($user_id, $password) {
...
Your first function is missing a closing brace }:
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
Also, indentation would help find problems like this easier (and an IDE that matches your braces)
You're not closing your first function, so just add } at the end
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
oh, and by the way stop using the regular PHP mysql_* functions. They will be deprecated as of PHP 5.5, so take a look at mysqli or PDO
I think the 1st function "activate" is not closing, add } after the else closing.
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
^
here
you missed }
it should be
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
} <---missing bracket here
Okay, so I'm setting up the activation page using $_GET[] from the link the server emails the user.
Here's my activation page.
if (isset($_GET['success']) && $_GET['success'] == false) {
echo 'Your account has been activated, please login to continue.';
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = trim($_GET['email']);
$email_code = trim($_GET['email_code']);
if (email_exists($db, $_GET['email']) == false) {
$errors[] = 'This email address hasn\'t been registered with us.';
} else if (activate($db, $email, $email_code) === false) {
$errors[] = 'We had problems activating your account, please contact an Administrator.';
}
if (empty($errors) === false) {
echo output_errors($errors);
} else {
header('Location: activate.php?success');
exit();
}
} else {
header('Location: index.php');
}
I believe that to be fine, the problem lies within my function activate()
function activate(PDO $db, $email, $email_code) {
$stmt = $db->prepare("SELECT COUNT (`id`) FROM `users` WHERE `email` = :email AND `email_code` = :email_code AND `active` = 0");
$stmt->bindValue(':email', $email);
$stmt->bindValue(':email_code', $email_code);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_OBJ);
return $row ? $row->type : 0;
}
At this moment, I'm just trying to get it to return something, yet it doesn't.
What I really need, is for it to do this.
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) ==1) {
mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
But I cannot quite translate it.
Any help would be appreciated, thanks.
I thought I'd add this doesn't return any errors, mainly because I haven't put anything in correctly yet for it to return one.
EDIT:
else if (activate($db, $email, $email_code) === 0) {
$errors[] = 'We had problems activating your account, please contact an Administrator.';
}
Then the function
function activate(PDO $db, $email, $email_code) {
$sql = "SELECT `active`, `email_code` FROM `users` WHERE `email` = '?'";
$stmt = $db->prepare($sql);
$stmt->execute(array($email));
$row = $stmt->fetch();
if ($row && $row['active'] == $email_code && !$row['active'] ) {
$sql = "UPDATE `users` SET `active` = 1 WHERE `email` = '?'";
$stmt = $db->prepare($sql);
$stmt->execute(array($email));
return $stmt->rowCount();
} else {
return 0;
}
}
function activate(PDO $db, $email, $email_code) {
$sql = "SELECT active, email_code FROM users WHERE email = ?";
$stmt = $db->prepare($sql);
$stmt->execute(array($email));
$row = $stmt->fetch();
$if ($row && $row['active'] == $email_code && !$row['active'] )
$sql = "UPDATE users SET active = 1 WHERE email = ?");
$stmt = $db->prepare($sql);
$stmt->execute(array($email));
return $stmt->rowCount();
}
}