Forums
This topic is locked
Rego and confirm with val code
Posted 06 Dec 2004 06:18:26
1
has voted
06 Dec 2004 06:18:26 steve copelin posted:
Been working on Allan Kents 'Registration and confirmation with validation code image' and i'm stuck. The validate.php page i think is the problem, but no knowing enough php, cant be sure.From the users.php page you can click on an unconfirmed user which links to the validate page. Since the user has a valid hash code, the validate page presents the enter the valcode image to proceed and become validated. My problem is when i enter the 4 digit number and press NEXT, the page jsut reloads with a new 4 digit number.
I have redone the page about 4 times now. Has anyone been successful with this tutorial and if so able to show me the code for the validate page.
thanks in advance
Steve
Replies
Replied 10 Dec 2004 20:34:38
10 Dec 2004 20:34:38 Chris Charlton replied:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>Been working on Allan Kents 'Registration and confirmation with validation code image' and i'm stuck. ...Has anyone been successful with this tutorial and if so able to show me the code for the validate page.<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
Yes, I have, worked great for me. Keep in mind, the users.php page is an admin page, for you to test with so it's not a public page.
Your issue of the numbers just reloading might be that the $_SESSION var of the 4-digit verification must come <i>after</i> the code that checks if they entered it in correctly. You might accidentally be reseting the 4-digit numbers before it can verify them.
Reply back if you still don't crack it. <img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>
Also, all members might not know but <b>each Premium Content article has a support link to a forum to discuss that article</b>, and they're moderated by the author(s) of the article. Here's a link for <a href="www.dmxzone.com/showDetail.asp?TypeId=28&NewsId=6540"><i>PHP: Site Registration and Confirmation Completed</i></a>. You'll see the "Support..." link in the detail box.
~~~~~~~~~~~~~~~
Chris Charlton
Sr. Developer - www.fingerprintMedia.com
Yes, I have, worked great for me. Keep in mind, the users.php page is an admin page, for you to test with so it's not a public page.
Your issue of the numbers just reloading might be that the $_SESSION var of the 4-digit verification must come <i>after</i> the code that checks if they entered it in correctly. You might accidentally be reseting the 4-digit numbers before it can verify them.
Reply back if you still don't crack it. <img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>
Also, all members might not know but <b>each Premium Content article has a support link to a forum to discuss that article</b>, and they're moderated by the author(s) of the article. Here's a link for <a href="www.dmxzone.com/showDetail.asp?TypeId=28&NewsId=6540"><i>PHP: Site Registration and Confirmation Completed</i></a>. You'll see the "Support..." link in the detail box.
~~~~~~~~~~~~~~~
Chris Charlton
Sr. Developer - www.fingerprintMedia.com
Replied 16 Aug 2006 13:47:07
16 Aug 2006 13:47:07 Daniel Staves replied:
I'm having the same problem and I can't think what else to try. It looks like these forums are not that busy but my purchase will be a waste of time if I can't get any help on this.
I've checked what Chris said and it seems to be OK and I even tried to use the code supplied by Alan Kent but when I go from the users page to the validate page I get the message 'query was empty'.
My code is as follows:
<?php require_once('Connections/connect.php'); ?>
<?php
session_start();
if (!function_exists("GetSQLValueString"
) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = ""
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string" ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "" ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "" ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$_SESSION['valcode'] = sprintf("%04d",mt_rand(1,9999));
$colname_rstUser = "1";
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1") {
if ($_POST['valcode']==$_SESSION['valcode']) {
$updateSQL = sprintf("UPDATE users SET user_level=1 WHERE user_hash=%s",
GetSQLValueString($_POST['user_hash'], "text");
mysql_select_db($database_connect, $connect);
$Result1 = mysql_query($updateSQL, $connect) or die(mysql_error());
$updateGoTo = "validated.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
} else {
header(sprintf("Location: validate.php?hash=%s",$_POST['user_hash']));
}
}
$colname_rstUser = "-1";
if (isset($_GET['hash'])) {
$colname_rstUser = (get_magic_quotes_gpc()) ? $_GET['hash'] : addslashes($_GET['hash']);
}
mysql_select_db($database_connect, $connect);
$query_rstUser = sprintf("SELECT user_name, user_level FROM users WHERE user_hash = %s", GetSQLValueString($colname_rstUser, "text");
$rstUser = mysql_query($query_rstUser, $connect) or die(mysql_error());
$row_rstUser = mysql_fetch_assoc($rstUser);
$totalRows_rstUser = mysql_num_rows($rstUser);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="www.w3.org/1999/xhtml">
<?php if ($totalRows_rstUser == 0) { // Show if recordset empty ?>
<p>The hash that you provided was not found in our database. If you did not click on the link in the email but rather pasted it into the address bar of your browser, double check to make sure that you copied the entire hash code.</p>
<?php } // Show if recordset empty ?>
<?php if ($totalRows_rstUser > 0) { // Show if recordset not empty ?><br />
<?php if ($row_rstUser['user_level']==0) { // Select between validated or not ?>
<p>Welcome <strong><?php echo $row_rstUser['user_name']; ?></strong>. To continue validating your account please enter the number shown below into the box provided and click on Next to continue:</p>
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<label>
<img src="valimage.php" width="45" height="20">
<input name="valcode" type="text" id="valcode" />
</label>
<label>
<input type="submit" name="Submit" value="Next" />
</label>
<input name="user_hash" type="hidden" id="user_hash" value="<?php echo $_GET['hash']; ?>" />
<input type="hidden" name="MM_update" value="form1">
</form>
<?php } else { ?>
<p>Your account has already been validated. If you have forgotten your password, please click <a href="sendpassword.php">here</a> to have your password reset and emailed to you.</p>
<?php } // Select between validated or not ?>
<?php } // Show if recordset not empty ?>
<?php
mysql_free_result($rstUser);
?>
Your help would be really apreciated.
I've checked what Chris said and it seems to be OK and I even tried to use the code supplied by Alan Kent but when I go from the users page to the validate page I get the message 'query was empty'.
My code is as follows:
<?php require_once('Connections/connect.php'); ?>
<?php
session_start();
if (!function_exists("GetSQLValueString"
) {function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = ""
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string"
? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);switch ($theType) {
case "text":
$theValue = ($theValue != ""
? "'" . $theValue . "'" : "NULL";break;
case "long":
case "int":
$theValue = ($theValue != ""
? intval($theValue) : "NULL";break;
case "double":
$theValue = ($theValue != ""
? "'" . doubleval($theValue) . "'" : "NULL";break;
case "date":
$theValue = ($theValue != ""
? "'" . $theValue . "'" : "NULL";break;
case "defined":
$theValue = ($theValue != ""
? $theDefinedValue : $theNotDefinedValue;break;
}
return $theValue;
}
}
$_SESSION['valcode'] = sprintf("%04d",mt_rand(1,9999));
$colname_rstUser = "1";
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1"
) {if ($_POST['valcode']==$_SESSION['valcode']) {
$updateSQL = sprintf("UPDATE users SET user_level=1 WHERE user_hash=%s",
GetSQLValueString($_POST['user_hash'], "text"
);mysql_select_db($database_connect, $connect);
$Result1 = mysql_query($updateSQL, $connect) or die(mysql_error());
$updateGoTo = "validated.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
} else {
header(sprintf("Location: validate.php?hash=%s",$_POST['user_hash']));
}
}
$colname_rstUser = "-1";
if (isset($_GET['hash'])) {
$colname_rstUser = (get_magic_quotes_gpc()) ? $_GET['hash'] : addslashes($_GET['hash']);
}
mysql_select_db($database_connect, $connect);
$query_rstUser = sprintf("SELECT user_name, user_level FROM users WHERE user_hash = %s", GetSQLValueString($colname_rstUser, "text"
);$rstUser = mysql_query($query_rstUser, $connect) or die(mysql_error());
$row_rstUser = mysql_fetch_assoc($rstUser);
$totalRows_rstUser = mysql_num_rows($rstUser);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="www.w3.org/1999/xhtml">
<?php if ($totalRows_rstUser == 0) { // Show if recordset empty ?>
<p>The hash that you provided was not found in our database. If you did not click on the link in the email but rather pasted it into the address bar of your browser, double check to make sure that you copied the entire hash code.</p>
<?php } // Show if recordset empty ?>
<?php if ($totalRows_rstUser > 0) { // Show if recordset not empty ?><br />
<?php if ($row_rstUser['user_level']==0) { // Select between validated or not ?>
<p>Welcome <strong><?php echo $row_rstUser['user_name']; ?></strong>. To continue validating your account please enter the number shown below into the box provided and click on Next to continue:</p>
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<label>
<img src="valimage.php" width="45" height="20">
<input name="valcode" type="text" id="valcode" />
</label>
<label>
<input type="submit" name="Submit" value="Next" />
</label>
<input name="user_hash" type="hidden" id="user_hash" value="<?php echo $_GET['hash']; ?>" />
<input type="hidden" name="MM_update" value="form1">
</form>
<?php } else { ?>
<p>Your account has already been validated. If you have forgotten your password, please click <a href="sendpassword.php">here</a> to have your password reset and emailed to you.</p>
<?php } // Select between validated or not ?>
<?php } // Show if recordset not empty ?>
<?php
mysql_free_result($rstUser);
?>
Your help would be really apreciated.