hi guys, second last thing I need to figure out (last is just sanitizing all my input correctly :)).
I tried searching the site but couldn’t find anything.
I want to send an email to the successfully registered user that contains a link that they must click to activate the account - the account will not work until the link is clicked.
I have a few very rough guesses…
have an ‘activated’ (0 or 1) and a ‘code’ field in the users table
create activate.php
create a random string, insert it into the ‘code’ field.
send an email with link to activate.php?code=the-random-code
check the-random-code in the users db
activate that user if it is there
is that about right? if so, how do you send an email in php! hah.
$activated = mysqli_query($link, "SELECT activated FROM members WHERE username = '$username');
$result = mysqli_fetch_assoc($activated);
if ($result != 1) {
$error = 'Error.';
include 'error.php';
exit();
}
I know that is the wrong way to go about it… can someone please explain to me the correct way to check if the result of a query is either 0 or 1 (activated is stored as either 0 or 1 in the db).
$activated = mysqli_query($link, "SELECT * FROM members WHERE username = '$username' AND password = '$password' AND activated='1'");
$result = mysqli_num_rows($activated);
if ($result != 1) {
$error = 'You are not activated.';
include 'error.php';
exit();
}
else
login is fine etc
seems to work, but something tells me it isn’t the best way. if anyone can give their opinion that would be wonderful.
A side note: NULLify the activation code field once it has been used. One good reason for doing so is that for example you ban a user and set the “activated” field to 0. The user goes through his emails and click the activation link again and your script would activate the account.
$activated = mysqli_query($link, "SELECT activated FROM members WHERE username = '$username'");
$result = mysqli_fetch_assoc($activated);
if ($result === false || $result["activated"] == 0) {
// if no record found OR activated field was 0 (or NULL)
$error = 'Error.';
include 'error.php';
exit();
}
Honestly didn’t think of that, implementing right away. Thank you!
And thanks again, I didn’t know how to do the $result[“activated”] part at all, and definitely good to check if it’s empty too heh. Thanks, I greatly appreciate it… I can now move on to sanitizing all my code.