Struggling With Email Authorisation Code

justlukeyou · September 29, 2012, 1:04pm

With a great deal of thanks from the members of this forum I have been able to put together a registration system. (Yet to go through security processes) However I am struggling to get the email authorisation to work. Does anyone have any feedback or suggestions on how I can get the email code to work?


<?php
  session_start();
  $_SESSION['userLoggedIn'] = 0;
  $_SESSION['userEmail'] = '';
  $_SESSION['userID'] = '';
   
  // Reset errors and success messages
  $errors = array();
  $success = array();
   
  // Login attempt
  if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
  {
    $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
    $loginPassword  = trim($_POST['password']);
     if ($loginEmail === false)
     {
        $errors['loginEmail'] = 'Please enter your email address in a valid format.   Example:  
          bobsmith@companyname.com';
      }
      if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
      {
         $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
       }
       if(count($errors) === 0)
       {
         $query  = '
            SELECT 
              * 
            FROM users 
            WHERE email = "' . mysql_real_escape_string($loginEmail) . '" 
            AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; 
         $result = mysql_query($query);
          if (!$result)
          {
             die('Invalid query: ' . mysql_error());
          }
          if(mysql_num_rows($result) === 1)
          {
             $row = mysql_fetch_assoc($result);
             $_SESSION['userLoggedIn'] = 1;
             $_SESSION['userEmail'] = $loginEmail;
             $_SESSION['userID'] = $row['id'];
              header('Location: index.php');
              exit;
            } else {
               $errors['login'] = 'No user was found with the details provided.';
            }
        }
   }
/*
  The rest of your login page code
*/
// Reset errors and success messages 
  $errors = array(); 
  $success = array(); 
  // Login attempt 
 if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
 { 
    $loginEmail = trim($_POST['email']); 
    $loginPassword  = trim($_POST['password']);                 
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    if (!$email)
    {
          $error = 'Please enter your email address in a valid format.  Example: 
            bobsmith@companyname.com';
    }       
     if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) 
        $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; 
                if(!$errors){ 
                   $query  = 'SELECT * FROM users WHERE email =     
                                    "'mysql_real_escape_string($loginEmail) 
                                  . '" AND password = MD5("' . $loginPassword 
                                    . '") LIMIT 1'; 
                   $result = mysql_query($query); 
                   if(mysql_num_rows($result) == 1){ 
                      $user = mysql_fetch_assoc($result); 
                      $query = 'UPDATE users SET session_id 
                                        = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; 
                      mysql_query($query); 
                          header('Location: index.php'); 
                           exit; 
                    } else { 
                      $errors['login'] = 'No user was found with the details provided.'; 
                    } 
                } 
        } 
         
  // Register attempt 
  if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
    $firstname = mysql_real_escape_string(trim($_POST['firstname']));
    $surname = mysql_real_escape_string(trim($_POST['surname']));
    $registerEmail = trim($_POST['email']); 
    $registerPassword = trim($_POST['password']); 
    $registerConfirmPassword        = trim($_POST['confirmPassword']);                         
    if(!isset($firstname) || empty($firstname)) 
    {
       $error = "Please enter your First Name.";
    }
    if(!isset($surname) || empty($surname)) 
    {
       $error = "Please enter your Surname.";
    }
    if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
    {   
      $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; 
      if($password != $confirmPassword && !$error) {
          $error = "The passwords you entered did not match.";
     }
     $emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL);
     if (!$emailAddress)
     {
       $error = 'Please enter your email address in a valid format.  
                     Example:   bobsmith@companyname.com';
     }
     if($registerPassword != $registerConfirmPassword) 
     {
        $errors['registerConfirmPassword'] = 'Your passwords did not match.'; 
        // Check to see if we have a user registered with this email address already 
       if(!$errors)
       {
          $query = "
             INSERT INTO users (firstname, surname, email, password, date_registered) 
            VALUES (
                             '" . $firstname . "'
                             , '" . $surname . "'
                             , '" . mysql_real_escape_string($registerEmail) . "'
                             , MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW()
             )";   
           // remove the or die(mysql_error()) code after you resolve the error                                 
         $result = mysql_query($query) or die(mysql_error());
         if($result){
                  $success['register'] = 'Thank you for registering. You can now log in on the left.';
          }else{
                  $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
         }
} 
                           }
   
   

        $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
        if(mysql_num_rows($query) > 0 && !$error) {
                $error = "Sorry, that email is already in use!";
        }
 
        if(!$error) {
                $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
                if($query) {
                        $message = "Hello ".$_POST['email'].",\\r\
\\r\
Thanks for registering with site.com! We hope you enjoy your stay.\\r\
\\r\
 Many Thanks,\\r\
.com";
                        $headers = "From: ".$website['name']." <".$website['email'].">\\r\
";
                        mail($_POST['email'], "Welcome", $message, $headers);
                        setcookie("user", mysql_insert_id(), $time);
                        setcookie("pass", mysql_real_escape_string(md5($password)), $time);
                        header("Location: users.php");
                } else {
                        $error = "There was a problem with the registration. Please try again.";
                }
        }

   
        ?>   


<link rel="stylesheet" href="/stylesheet.css" type="text/css" />  
   
           <div class="topheader">        
<?php
        if ($_SESSION['userLoggedIn'])
{
  $row = mysql_fetch_array($query);
  echo '<div class="loggedin">
You are sucessfully logged in as ' . $_SESSION['userEmail'] . ' <a href="/index.php">Logout</a>
  </div>
  ';
} else { echo
'<div class="headersignin">
<a href="/users/login.php"   rel="nofollow" class="blacklink"   >
Sign in
</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink"   > Join free</a>
</div>';
}
?>

          <div class="headerlinkright">
  <a href="/siteinfo/aboutus.php"   rel="nofollow" class='bloglink'   >About Us</a>
</div>
          <div class="headerlinkright">
<a href="/blog/blog.php"   rel="nofollow" class='bloglink'   >Blog</a>
</div>
          </div>
</div>
</div>
  </div>   
   
                <h1>Login</h1>
                <form class="box400" name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
   
                        <?php if($errors['login']) print '<div class="invalid">' . $errors['login'] . '</div>'; ?> 
                         
                        <label for="email">Email Address</label> 
                        <input type="text" name="email" value="<?php echo htmlspecialchars($loginEmail); ?>" /> 
                        <?php if($errors['loginEmail']) print '<div class="invalid">' . $errors['loginEmail'] . '</div>'; ?> 
                         
                        <label for="password">Password <span class="info">6-12 chars</span></label> 
                        <input type="password" name="password" value="" /> 
                        <?php if($errors['loginPassword']) print '<div class="invalid">' . $errors['loginPassword'] . '</div>';  ?> 
                         
                        <label for="loginSubmit">&nbsp;</label> 
                        <input type="hidden" name="loginSubmit" id="loginSubmit" value="true" /> 
           <div class="user-area">
<input type="submit" value="Login" class="submit-button" />
  </div>   
        


                </form> 
 
 
                        <h2>Register</h2>
                <form class="box400" name="registerForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
                 
                        <?php if($success['register']) print '<div class="valid">' . $success['register'] . '</div>'; ?> 
                        <?php if($errors['register']) print '<div class="invalid">' . $errors['register'] . '</div>'; ?> 
                                 <div class="registerinputarea">
         
         
         
         
           <div class="registerinputcelltop">
         <div class="registerinputleft">
                        <label for="email">Firstname</label>
  </div>
   <div class="registerinputright"> 
                        <input type="text" name="firstname" value="<?php echo htmlspecialchars($firstname); ?>" /> 
                        <?php if($errors['firstname']) print '<div class="invalid">' . $errors['firstname'] . '</div>'; ?> 
                          </div>        
         
                        <div class="registerinputcelltop">
         <div class="registerinputleft">
                        <label for="email">Surname</label>
  </div>
   <div class="registerinputright"> 
                        <input type="text" name="surname" value="<?php echo htmlspecialchars($surname); ?>" /> 
                        <?php if($errors['surname']) print '<div class="invalid">' . $errors['surname'] . '</div>'; ?> 
                          </div>
         
         
         
         
         
         
         
           <div class="registerinputcelltop">
         <div class="registerinputleft">
                        <label for="email">Email Address</label>
  </div>
   <div class="registerinputright"> 
                        <input type="text" name="email" value="<?php echo htmlspecialchars($registerEmail); ?>" /> 
                        <?php if($errors['registerEmail']) print '<div class="invalid">' . $errors['registerEmail'] . '</div>'; ?> 
                          </div>
   
           <div class="registerinputcelltop">
         <div class="registerinputleft">
                        <label for="password">Password</label> 
   </div>
         <div class="registerinputright">
                        <input type="password" name="password" value="" /> 
                        <?php if($errors['registerPassword']) print '<div class="invalid">' . $errors['registerPassword'] . '</div>'; ?> 
                                </div>
 
   
                  <div class="registerinputcelltop">
         <div class="registerinputleft">
                        <label for="confirmPassword">Confirm Password</label> 
                 </div>
                 <div class="registerinputright">
                        <input type="password" name="confirmPassword" value="" /> 
                        <?php if($errors['registerConfirmPassword']) print '<div class="invalid">' . $errors['registerConfirmPassword'] . '</div>'; ?> 
                                   </div>
                   </div>
                   </div>
           
                <div class="registerinputcelltop">
                        <label for="registerSubmit">&nbsp;</label> 
                        <input type="hidden" name="registerSubmit" id="registerSubmit" value="true" /> 
        <div class="user-area">
                         <input type="submit" value="Register" class="submit-button" />
         </div>
                </form>
   
        </div>
  <div class="registerinputcelltop">
<a href="logout.php">Logout</a>
<a href="index.php">Index</a>
</div>

Cups · September 29, 2012, 2:07pm

What errors are being given out?
How do you know it is not working?
Where do you think the problem lies?
What action have you taken to identify the problem?
Did you read “how to ask questions the smart way”?, if you did not, then I suggest you do.

justlukeyou · September 29, 2012, 8:54pm

Hi,

No email is sent and there are no error messages.

I had the code working on another registration system however it was poor registation script. I am trying to transfer it to this registration script but the email no longer works.

No idea what so ever where the problem lies to be honest.

justlukeyou · September 30, 2012, 7:32pm

Hi,

Does anyone have any suggestions please on what I can try?

justlukeyou · October 3, 2012, 8:30pm

Is there anyway I can develop the email section. Is there a standard way to introduce an email authorisation?