Hi,
I have a piece of code for a registration script which appears to be working fine. It inserts the name, email address and password into the database. It also forwards an email to the submitted email. However I now need to insert a character into the database from the email address to authorise the email. (quite standard)
However I am completely stuck on how to use the link on the email to activate the account. Should I do it on the page that sends the email or the link that is sent on the email?
<?php
$_SESSION['userLoggedIn'] = 0;
$_SESSION['userEmail'] = '';
$_SESSION['userID'] = '';
// Reset errors and success messages
$errors = array();
$success = array();
// Register attempt
if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
$firstname = mysql_real_escape_string(trim($_POST['firstname']));
$surname = mysql_real_escape_string(trim($_POST['surname']));
$registerEmail = trim($_POST['email']);
$registerPassword = trim($_POST['password']);
$registerConfirmPassword = trim($_POST['confirmPassword']);
if(!isset($firstname) || empty($firstname)) {
$errors['firstname'] = "Please enter your First Name.";
}
if(!isset($surname) || empty($surname)) {
$errors['surname'] = "Please enter your Surname.";
}
$email = "$registerEmail";
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$errors['falseEmail'] = "Please enter your email address in a valid format. Example: bobsmith@companyname.com";
}
if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
$errors['registerPassword'] = 'Your password must be between 6-12 characters.';
if($password != $confirmPassword && !$error) {
$error = "The passwords you entered did not match.";
}
if($registerPassword != $registerConfirmPassword)
$errors['registerConfirmPassword'] = 'Your passwords did not match.';
if(strlen($registerConfirmPassword) < 6 || strlen($registerConfirmPassword) > 12)
$errors['registerConfirmPassword'] = 'Please confirm your password.';
if(!$errors){
$registerPassword = md5($registerPassword);
$query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', '". $registerPassword ."', NOW())";
$result = mysql_query($query); // remove the or die(mysql_error()) code after you resolve the error
if($result){
$success['register'] = '
Thank you for registering with Website.com.</p>
You will soon receive a confirmation email. Please click the confirmation link.';
$query = mysql_query("SELECT * FROM users WHERE email = '". $registerEmail ."' OR email = '". $email ."'");
$emailduplicate = null;
if (mysql_num_rows($query) > 0)
{
$emailduplicate = 'Email Address is Already in Use. Please <a href="http://www.website.com/test/activation.php?userid=Y">Retrieve Your Password</a>.';
}
$message = '
<html>
<body>
<p>Welcome to Website.com</p>
<a href="http://www.website.com/test/activation.php?activation=Y">Click Here</a> to activate your account.
</body>
</html>
';
mail(mysql_real_escape_string($registerEmail), 'Website.com Confirmation', $message, 'From: info@website.com' . "\\r\
".'MIME-Version: 1.0' . "\\r\
".'Content-type: text/html; charset=iso-8859-1' . "\\r\
");
}
}
}
?>