With a great deal of thanks from the members of this forum I have been able to put together a registration system. (Yet to go through security processes) However I am struggling to get the email authorisation to work. Does anyone have any feedback or suggestions on how I can get the email code to work?
<?php
session_start();
$_SESSION['userLoggedIn'] = 0;
$_SESSION['userEmail'] = '';
$_SESSION['userID'] = '';
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
{
$loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
$loginPassword = trim($_POST['password']);
if ($loginEmail === false)
{
$errors['loginEmail'] = 'Please enter your email address in a valid format. Example:
bobsmith@companyname.com';
}
if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
{
$errors['loginPassword'] = 'Your password must be between 6-12 characters.';
}
if(count($errors) === 0)
{
$query = '
SELECT
*
FROM users
WHERE email = "' . mysql_real_escape_string($loginEmail) . '"
AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1';
$result = mysql_query($query);
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
if(mysql_num_rows($result) === 1)
{
$row = mysql_fetch_assoc($result);
$_SESSION['userLoggedIn'] = 1;
$_SESSION['userEmail'] = $loginEmail;
$_SESSION['userID'] = $row['id'];
header('Location: index.php');
exit;
} else {
$errors['login'] = 'No user was found with the details provided.';
}
}
}
/*
The rest of your login page code
*/
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
{
$loginEmail = trim($_POST['email']);
$loginPassword = trim($_POST['password']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
$error = 'Please enter your email address in a valid format. Example:
bobsmith@companyname.com';
}
if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
$errors['loginPassword'] = 'Your password must be between 6-12 characters.';
if(!$errors){
$query = 'SELECT * FROM users WHERE email =
"'mysql_real_escape_string($loginEmail)
. '" AND password = MD5("' . $loginPassword
. '") LIMIT 1';
$result = mysql_query($query);
if(mysql_num_rows($result) == 1){
$user = mysql_fetch_assoc($result);
$query = 'UPDATE users SET session_id
= "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1';
mysql_query($query);
header('Location: index.php');
exit;
} else {
$errors['login'] = 'No user was found with the details provided.';
}
}
}
// Register attempt
if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
$firstname = mysql_real_escape_string(trim($_POST['firstname']));
$surname = mysql_real_escape_string(trim($_POST['surname']));
$registerEmail = trim($_POST['email']);
$registerPassword = trim($_POST['password']);
$registerConfirmPassword = trim($_POST['confirmPassword']);
if(!isset($firstname) || empty($firstname))
{
$error = "Please enter your First Name.";
}
if(!isset($surname) || empty($surname))
{
$error = "Please enter your Surname.";
}
if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
{
$errors['registerPassword'] = 'Your password must be between 6-12 characters.';
if($password != $confirmPassword && !$error) {
$error = "The passwords you entered did not match.";
}
$emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL);
if (!$emailAddress)
{
$error = 'Please enter your email address in a valid format.
Example: bobsmith@companyname.com';
}
if($registerPassword != $registerConfirmPassword)
{
$errors['registerConfirmPassword'] = 'Your passwords did not match.';
// Check to see if we have a user registered with this email address already
if(!$errors)
{
$query = "
INSERT INTO users (firstname, surname, email, password, date_registered)
VALUES (
'" . $firstname . "'
, '" . $surname . "'
, '" . mysql_real_escape_string($registerEmail) . "'
, MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW()
)";
// remove the or die(mysql_error()) code after you resolve the error
$result = mysql_query($query) or die(mysql_error());
if($result){
$success['register'] = 'Thank you for registering. You can now log in on the left.';
}else{
$errors['register'] = 'There was a problem registering you. Please check your details and try again.';
}
}
}
$query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
if(mysql_num_rows($query) > 0 && !$error) {
$error = "Sorry, that email is already in use!";
}
if(!$error) {
$query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
if($query) {
$message = "Hello ".$_POST['email'].",\\r\
\\r\
Thanks for registering with site.com! We hope you enjoy your stay.\\r\
\\r\
Many Thanks,\\r\
.com";
$headers = "From: ".$website['name']." <".$website['email'].">\\r\
";
mail($_POST['email'], "Welcome", $message, $headers);
setcookie("user", mysql_insert_id(), $time);
setcookie("pass", mysql_real_escape_string(md5($password)), $time);
header("Location: users.php");
} else {
$error = "There was a problem with the registration. Please try again.";
}
}
?>
<link rel="stylesheet" href="/stylesheet.css" type="text/css" />
<div class="topheader">
<?php
if ($_SESSION['userLoggedIn'])
{
$row = mysql_fetch_array($query);
echo '<div class="loggedin">
You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a>
</div>
';
} else { echo
'<div class="headersignin">
<a href="/users/login.php" rel="nofollow" class="blacklink" >
Sign in
</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a>
</div>';
}
?>
<div class="headerlinkright">
<a href="/siteinfo/aboutus.php" rel="nofollow" class='bloglink' >About Us</a>
</div>
<div class="headerlinkright">
<a href="/blog/blog.php" rel="nofollow" class='bloglink' >Blog</a>
</div>
</div>
</div>
</div>
</div>
<h1>Login</h1>
<form class="box400" name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php if($errors['login']) print '<div class="invalid">' . $errors['login'] . '</div>'; ?>
<label for="email">Email Address</label>
<input type="text" name="email" value="<?php echo htmlspecialchars($loginEmail); ?>" />
<?php if($errors['loginEmail']) print '<div class="invalid">' . $errors['loginEmail'] . '</div>'; ?>
<label for="password">Password <span class="info">6-12 chars</span></label>
<input type="password" name="password" value="" />
<?php if($errors['loginPassword']) print '<div class="invalid">' . $errors['loginPassword'] . '</div>'; ?>
<label for="loginSubmit"> </label>
<input type="hidden" name="loginSubmit" id="loginSubmit" value="true" />
<div class="user-area">
<input type="submit" value="Login" class="submit-button" />
</div>
</form>
<h2>Register</h2>
<form class="box400" name="registerForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php if($success['register']) print '<div class="valid">' . $success['register'] . '</div>'; ?>
<?php if($errors['register']) print '<div class="invalid">' . $errors['register'] . '</div>'; ?>
<div class="registerinputarea">
<div class="registerinputcelltop">
<div class="registerinputleft">
<label for="email">Firstname</label>
</div>
<div class="registerinputright">
<input type="text" name="firstname" value="<?php echo htmlspecialchars($firstname); ?>" />
<?php if($errors['firstname']) print '<div class="invalid">' . $errors['firstname'] . '</div>'; ?>
</div>
<div class="registerinputcelltop">
<div class="registerinputleft">
<label for="email">Surname</label>
</div>
<div class="registerinputright">
<input type="text" name="surname" value="<?php echo htmlspecialchars($surname); ?>" />
<?php if($errors['surname']) print '<div class="invalid">' . $errors['surname'] . '</div>'; ?>
</div>
<div class="registerinputcelltop">
<div class="registerinputleft">
<label for="email">Email Address</label>
</div>
<div class="registerinputright">
<input type="text" name="email" value="<?php echo htmlspecialchars($registerEmail); ?>" />
<?php if($errors['registerEmail']) print '<div class="invalid">' . $errors['registerEmail'] . '</div>'; ?>
</div>
<div class="registerinputcelltop">
<div class="registerinputleft">
<label for="password">Password</label>
</div>
<div class="registerinputright">
<input type="password" name="password" value="" />
<?php if($errors['registerPassword']) print '<div class="invalid">' . $errors['registerPassword'] . '</div>'; ?>
</div>
<div class="registerinputcelltop">
<div class="registerinputleft">
<label for="confirmPassword">Confirm Password</label>
</div>
<div class="registerinputright">
<input type="password" name="confirmPassword" value="" />
<?php if($errors['registerConfirmPassword']) print '<div class="invalid">' . $errors['registerConfirmPassword'] . '</div>'; ?>
</div>
</div>
</div>
<div class="registerinputcelltop">
<label for="registerSubmit"> </label>
<input type="hidden" name="registerSubmit" id="registerSubmit" value="true" />
<div class="user-area">
<input type="submit" value="Register" class="submit-button" />
</div>
</form>
</div>
<div class="registerinputcelltop">
<a href="logout.php">Logout</a>
<a href="index.php">Index</a>
</div>