I tried to a user registration and email verification using PHP, everything responded very well but a certain point after the user has submitted the registration form then the form is posted to verify.php then the script will send an activation code to the user's email.
The error is that the moment the activation mail is sent to the user's mail box, the page should display:
Thank you! An email has been sent to {Form.email}. To complete your registration, click on the email verification link sent to your email address.
Instead, it will automatically refresh the page and redirect the user to registrationcomplete.php page. which suppose to come after the user has verified.
I used the following code:
<?php
require ('Connections.php');
$activationkey = mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$name = mysql_real_escape_string($_POST['name']);
$country = mysql_real_escape_string($_POST['country']);
$state = mysql_real_escape_string($_POST['state']);
$add = mysql_real_escape_string($_POST['add']);
$phone = mysql_real_escape_string($_POST['phone']);
$email = mysql_real_escape_string($_POST['email']);
$userid = mysql_real_escape_string($_POST['userid']);
$password = mysql_real_escape_string($_POST['password']);
$lrname = mysql_real_escape_string($_POST['lrname']);
$lraccount = mysql_real_escape_string($_POST['lraccount']);
$wmz = mysql_real_escape_string($_POST['wmz']);
$form_submitt = $_POST['button'];
if ($form_submitt == true){
$sql = "INSERT INTO customers (`activationkey`, `name`, `country`, `state`, `add`, `phone`, `email`, `lrname`, `lraccount`, `comment`, `wmz`, `okpay`, `userid`, `password`, `status`) VALUES ('$activationkey', '$name', '$country', '$state', '$add', '$phone', '$email', '$lrname', '$lraccount', '', '$wmz', '', '$userid', '$password', 'verify');";
mysql_query($sql) or die(mysql_error());
##Send activation Email
$to = $_POST['email'];
$subject = "Complete registation";
$message = "Welcome to sitename!\r\rYou, or someone using your email address, has completed registration at www.sitename.com.\r\r You can complete registration by clicking the following link:\rhttp://www.sitename.com/verify.php?$activationkey \r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\r\r www.sitename.com Team";
$headers = 'From: noreply#sitename.com' . "\r\n" .
'Reply-To: noreply#sitename.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
}
?>
<?php
##User isn't registering, check verify code and change activation code to null, status to activated on success
if(isset($_SERVER['QUERY_STRING'])){
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM `DBName`.`customers`";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($queryString == $row['activationkey']){
$sql = "UPDATE `DBName`.`customers` SET `activationkey` = '', `status` = 'verified' WHERE `customers`.`id` = $row[id];";
mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=registrationcomplete.php'>";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
}
}
}
?>
Replace,
echo "<meta http-equiv='refresh' content='0;url=registrationcomplete.php'>";
to
header('location:verify.php?action=success');
exit();
Now using the action variable you can display the message
if(isset($_GET['action']) && $_GET['action'] == "success"){
echo 'Thank you message........';
}
Related
When submit contact form it sends email but does not insert entry in database. I have basic knowledge of php but I am not very good at php so please be clear. I have created db, db user and table in db and created all fields which I am trying to put values in, but it does not insert entry in the db. Also it does not show any error message when submit the form. Thank you in advance.
<?php
$errors = '';
$myemail = 'myEmailaddress#hotmail.com';
if(empty($_POST['cname']) ||
empty($_POST['email']) ||
empty($_POST['website']) ||
empty($_POST['subject']) ||
empty($_POST['message']))
{
$errors .= "\n Error: all fields are required";
}
$name = $_POST['cname'];
$email_address = $_POST['email'];
$website = $_POST['website'];
$subject = $_POST['subject'];
$message = $_POST['message'];
if (!preg_match(
"/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i",
$email_address))
{
$errors .= "\n Error: Invalid email address";
}
if( empty($errors))
{
$to = $myemail;
$email_subject = "Contact form submission: $name";
$email_body = "You have received a new message. ".
" Here are the details:\n Name: $name \n Email: $email_address \n Subject: $subject \n Website: $website \n Message: $message";
$headers = "From: $myemail\n";
$headers .= "Reply-To: $email_address";
mail($to,$email_subject,$email_body,$headers);
//starting sql query code here
if( $_POST )
{
$con = mysql_connect("localhost","db-username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db-name", $con);
$name = mysql_real_escape_string($name);
$email_address = mysql_real_escape_string($email_address);
$website = mysql_real_escape_string($website);
$subject = mysql_real_escape_string($subject);
$message = mysql_real_escape_string($message);
$query = "
INSERT INTO `db_name`.`table_name` (`id`, `cname`, `email`, `website`,
`subject`, `message`, `timestamp`) VALUES (NULL, '$name',
'$email_address', '$website', '$subject', '$message',
CURRENT_TIMESTAMP);";
mysql_query($query);
// echo "<h2>Thank you for your Comment!</h2>";
mysql_close($con);
}
//ending sql query code here
//redirect to the 'thank you' page
header('Location: thankyou.html');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Contact form handler</title>
</head>
<body>
<!-- This page is displayed only if there is some error -->
<?php
echo nl2br($errors);
?>
</body>
</html>
Change CURRENT_TIMESTAMP to NOW().
change your query to
$query = "
INSERT INTO `db_name`.`table_name` (`cname`, `email`, `website`,
`subject`, `message`, `timestamp`) VALUES ('$name',
'$email_address', '$website', '$subject', '$message',
NOW());";
No need to send id(if autoincrement). also CURRENT_TIMESTAMP is a constant so use NOW() to get current time.
Note :- mysql_* has been deprecated use mysqli_* or PDO
I am working on a membership signup/join form. The form data is submitted to another page called join.php on pressing submit button I am getting Internal Server Error message. Can anybody help me find the reason/mistake in my coding? Though the data is successfully entered into database.
<?php
// file name : join.php
$con = mysqli_connect("$DBHOST", "$DBUSER", "$DBPASS","$DBNAME");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$city = $_POST['city'];
$state = $_POST['state'];
$ip = $_SERVER['REMOTE_ADDR'];
$name = mysqli_real_escape_string($con,$name);
$email = mysqli_real_escape_string($con,$email);
$phone = mysqli_real_escape_string($con,$phone);
$city = mysqli_real_escape_string($con,$city);
$state = mysqli_real_escape_string($con,$state);
$check = "SELECT COUNT(*) FROM `members` WHERE phone=".$phone."
OR email=".$email." Limit 1";
if (mysqli_query($con,$check)>=1){
echo ("The phone number <strong>".$phone."</strong> or email <strong>
".$email." </strong> address is already registered with us.");
}else{
$query = mysqli_query($con,"INSERT INTO `members`
(`name`,`email`, `phone`, `city`, `state`,`ip`, `regdate`)
VALUES('".$name."','".$email."','".$phone."','".$city."',
'".$state."','".$ip."', NOW('') )")
or die("MYSQL ERROR :".mysqli_error($con));
/* PREPARE MESSAGE FOR EMAIL TO NEW MEMBER */
header("Refresh=07;URL=./index.php");
$headers4 = "<join#mydomain.com>";
$headers = "Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
$headers .= "Content-Type: text/html; charset=utf-8\n";
$message = "<br>Dear ".$name." <br><br>";
$message .= "Thanks for joining.<br> Your details are";
$message .= "<br>Name - ".$name." <br>Mobile No. - ".$phone."<br>";
$message .= "Email - ".$email."<br>City, State - ".$city.",".$state."<br>";
$message .= "<br>Regards,<br>Name";
mail("".$email."", "Thanks for Joining", "".$message."", "".$headers."");
echo "<p>Congratulations!<br>IP-".$ip."<br>Your data has been added
into our membership database.<br><strong>Thank you for joining.</strong>";
}
mysqli_close($con);
?>
So many mistakes in it.. Improve your code style to give its quality a boost.
Start by fixing the quotes, very missleading:
mail("".$email."", "Thanks for Joining", "".$message."", "".$headers."");
Should be
mail($email, 'Thanks for Joining', $message, $headers);
$check = "SELECT COUNT(*) FROM `members` WHERE phone=".$phone."
OR email=".$email." Limit 1";
Has missing quotes too, I don't thinkg email and phone are numbers.
$check = "SELECT COUNT(*) FROM `members` WHERE phone='".$phone."'
OR email='".$email."' Limit 1";
There is no header called Refresh, this is kinda Javascript style, but you need HTTP:
header("Refresh=07;URL=./index.php");
Fixed:
header("Location: index.php");
Finally enable error reporting to see what's really wrong.
I currently have the below email/db script that works fine but the redirect doesn't seem to be working. Instead of redirecting to the url its just showing the blank php page. How can I fix this?
<?php
$con = mysql_connect("localhost","user","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("register", $con);
$sql="INSERT INTO register_interest (Name, Email, Message, Website)
VALUES ('$_POST[Name]', '$_POST[Email]', '$_POST[Message]', '$_POST[Website]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
$to = "email";
$subject = "Interest";
$email = $_POST['Email'] ;
$message = $_POST['Message'] ;
$headers = "From: $email";
$sent = mail($to, $subject, $message, $headers) ;
if ($sent) {
header("Location: http://www.url.co.uk");
exit();
} else {
print "We encountered an error sending your email";
}
?>
<?php
$con = mysqli_connect("localhost","user","pass","register");
if (mysqli_connect_errno())
{
die('Could not connect: ' . mysqli_connect_error());
}
$name = mysqli_real_escape_string($con, $_POST['Name']);
$email = mysqli_real_escape_string($con, $_POST['Email']);
$message = mysqli_real_escape_string($con, $_POST['Message']);
$website = mysqli_real_escape_string($con, $_POST['Website']);
$sql = "INSERT INTO register_interest (Name, Email, Message, Website)
VALUES ('$name', '$email', '$message', '$website')";
if (!mysqli_query($con, $sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
$to = "email#address.com";
$subject = "Interest";
$email = $_POST['Email'] ;
$message = $_POST['Message'] ;
$headers = "From: $email\n";
$sent = mail($to, $subject, $message, $headers) ;
if ($sent) {
header("Location: http://www.url.co.uk");
exit();
} else {
print "We encountered an error sending your email";
}
?>
Try this code :
if(!$sent){
print "We encountered an error sending your email";
exit;
}
header("Location: http://www.url.co.uk");
Check if you have any blank lines before the opening PHP tags), then the header directive will not work.
I am having a major problem with the PHP mail() function. I have a user sign-up page that generates an email for verification of their email address. Unfortunately and bizarrely, the function sends anywhere from 6 or 7 to 90+ emails to the same user. I do not understand how or why this is occurring, even after looking through others' posts on here.
Can someone help me debug this?
This is the code:
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$email = mysql_real_escape_string($_POST['email']);
$username = strtoupper(mysql_real_escape_string($_POST['username']));
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$termsofuse = mysql_real_escape_string($_POST['termsofuse']);
$status = mysql_real_escape_string($_POST['status']);
$approved = mysql_real_escape_string($_POST['approved']);
$acctype = mysql_real_escape_string($_POST['acctype']);
$industry = mysql_real_escape_string($_POST['industry']);
$newsletter = mysql_real_escape_string($_POST['newsletter']);
$contactname = mysql_real_escape_string($_POST['contactname']);
$contactnumber = mysql_real_escape_string($_POST['contactnumber']);
// Hashing of $password1
$password1 = sha256($password1);
$password2 = sha256($password2);
$hash = hash('sha256', $username);
// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$username2 = $row['username'];
// If $username doesn't equal $username2 (meaning there isn't an existing username, and both passwords match, write to database
if($username <> $username2 && $password1 === $password2){
$sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
$result = mysql_query($sql) or die ("Can't insert".mysql_error());
$to = $email; // Send email to user
$subject = 'Signup Verification'; //Subject line in email
$message = 'Welcome ' . $first_name . ','
. "\r\n\r\n"
. 'Thanks for signing up!'
. "\r\n\r\n"
. 'Your account has been created. To activate your account, click on the link below to get started!'
. "\r\n\r\n"
. 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
$headers = 'From: xxxx' . "\r\n" .
'Reply-To: same xxxx as above' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-fxxxx same as above'); //Send the email
header("location:new_member_sucess.php"); //yes, i know i spelled success wrong, but i also spelled it wrong in the page filename lol
} else {
echo "<style type='text/css'>A{text-decoration:none}</style>";
echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
echo "Passwords do not match or that username is already taken, please try again!<br>";
echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
}
?>
Thanks!
Your problem lies with the SQL to check for duplicate usernames.
// Check for existing username
$sql = "SELECT * FROM `members`";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$username2 = $row['username'];
...
}}
I have taken your code, and made some minor changes. I have changed your SQL query to retrieve a count of users with the same username, instead of returning every username to check individually.
I have also taken the code around the mail() function out of a loop. If no duplicate usernames have been found, the $duplicateUsername variable is set to false, otherwise its set to true.
If $duplicateUsername is false, then the mail function is called... once, otherwise the error is displayed.
Please everything from // Check for existing username with the following:
// Check for existing username
$username = mysql_real_escape_string($username);
$duplicateUsername = false;
$sql = "SELECT COUNT(username) AS usernameCount FROM members WHERE username = '{$username}'";
$result2=mysql_query($sql);
while($row=mysql_fetch_array($result2)){
$duplicateUsername = $row['usernameCount']>0 ? true : false;
}
if(!$duplicateUsername){
$sql = "INSERT INTO `members` (`id`, `first_name`, `last_name`, `email`, `username`, `password`, `termsofuse`, `status`, `approved`, `acctype`, `industry`, `newsletter`, `contactnumber`, `hash`, `since`) VALUES (NULL, '$first_name' , '$last_name' , '$email' , '$username' , '$password1' , '$termsofuse', 'Reg', '$approved', '$acctype', '$industry', '$newsletter', '$contactnumber', '$hash', NOW())";
$result = mysql_query($sql) or die ("Can't insert".mysql_error());
$to = $email; // Send email to user
$subject = 'Signup Verification'; //Subject line in email
$message = 'Welcome ' . $first_name . ','
. "\r\n\r\n"
. 'Thanks for signing up!'
. "\r\n\r\n"
. 'Your account has been created. To activate your account, click on the link below to get started!'
. "\r\n\r\n"
. 'http://www.radioman911.com/pages/CAD/verify.php?email=' . $email . '&hash=' . $hash . '';
$headers = 'From: xxxx' . "\r\n" .
'Reply-To: same xxxx as above' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers, '-fxxxx same as above');
header("location:new_member_sucess.php");
} else {
echo "<style type='text/css'>A{text-decoration:none}</style>";
echo "<body bgcolor='black'><font color='white' style='font-family:trebuchet ms;'>";
echo "Passwords do not match or that username is already taken, please try again!<br>";
echo "<a href='javascript: history.go(-1)'><font color='red'>Go back</a></font>";
}
Your while loop doesn't make any sense.
You actually loop over all users (all rows in your db) and every time the new user doesn't match the current row in your while loop you add the new user to the database and send the email each time.
This is what you should do:
Your query
$sql = "SELECT * FROM members";
is way to generic.
Use MySql for what it's good for and let the database find the match not your php script by iterating over the result set.
Use a query like this:
$sql = "SELECT count(*) as count FROM members WHERE username LIKE '$username'";
$result = mysql_query($sql);
and then check if the $result['count'] equals 0. If that's the case the new user doesn't exist yet and you can create the new user and send your email.
You are executing mail() in a while() loop that includes all of the users in your database.
Based the if statement in that condition, you are doing an insert and sending the email every time the user-supplied username doesn't match the current row and the password matches. Presumably, several of your users a lot of the same passwords.
You will need to update your query to include conditions to excludes non-matching users from the result set.
You're looping though all of your members if if the usernames don't match, but the passwords do, you add a user and send an e-mail. Usernames will almost never be identical and passwords might...
You should change your query to only query the database for that particular user, e.g.
$sql = "SELECT * FROMmembersWHERE username LIKE \"" . $username . \"";
Not an answer to your question, but you can shorten the first lines of your code to this:
foreach($_POST AS $k => $v){
$$k = mysql_real_escape_string($v);
}
$username = strtoupper($username);
A lot shorter.
Your mail function is within while loop, so it's sending so many emails. please cut that code and place it above or below loop. Second, query is wrong, $sql = "SELECT * FROM members"; will select all members, use $sql = "SELECT * FROM members where ....."; i don't know column names. read, http://www.w3schools.com/php/php_mysql_where.asp
I am trying to create an email validation form for my database but am having a number of issues. When i try and run the code below i get the error no database selected.
I also get an undefined variable error. I want the put the name of the user into my database under the username field, but apparently $name is an undefined variable. error on line xx undefined variablemysql_query("INSERT INTO registrations (username, password, email, hash) VALUES( '". mysql_real_escape_string($name) ."',.
I am using WAMP server. The name of the database is sitememberdetails, and the name of the
table i need the information put into is registrations. I am pretty new to this - Could anyone tell me how i would define the variable and how i select the db( even though it already appears to be selected?)
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx#xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die
("Error: ".mysql_error());
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-
z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to
your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,
email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or
die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from
headers
mail($to, $subject, $message, $headers); // Send our email
?>
try changing this code
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
to this
mysql_select_db($databasename) or die(mysql_error());
EOL;
if (database_connection) {
unset($undefined_variable_error)
} else {
echo $undefined_variable_error;
}
// Because mysql_real_escape_string needs an open mysql connection
check out this modified code:
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx#xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die ("Error: ".mysql_error());
mysql_select_db($databasename) or die(mysql_error());
$name = "";
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.'; }
else {
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = ' Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from
mail($to, $subject, $message, $headers); // Send our email
?>
and i advise you to use PDO instead of mysql_ functions
Seems like the $name value isn't getting posted to the form. You're mysql_escaping the name variable if it is set and isn't empty, but what happens if the name variable isn't set at all? There are no checks for this so it continues until it gets to the INSERT statement and causes an error.
Look at example #1 here to select the db. You have a semicolon after ($databasename); which doesn't make sense.
Here's some revised code, using PDO instead of mysql_*. Let me know if this one works and we can address any issues from there.
<?php
$host = 'localhost';
$dbname = 'sitememberdetails';
$user = '';
$pass = '';
try
{
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']))
{
$name = $_POST['name'];
$email = $_POST['email'];
}
else
{
$name = 'No Name';
$email = 'No Email';
}
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email))
{
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
$query = "INSERT INTO registrations (username, password, email, hash) VALUES('?', '?', '?', '?')";
$sth = $DB->prepare($query);
//By using ?'s and prepare/execute, PDO will prevent SQL Injection for you!
$sth->execute(array($name, md5($password), $email, $hash));
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = 'Thanks for signing up! Your account has been created,
you can login with the following credentials after you
have activated your account by pressing the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash;
$headers = 'From:noreply#yourwebsite.com' . "\r\n"; // Set from header
mail($to, $subject, $message, $headers); // Send our email
?>