homepage Welcome to WebmasterWorld Guest from 54.204.215.209
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
My activation.php is not activating my membership.
Scotty13




msg:4447145
 7:30 am on Apr 29, 2012 (gmt 0)

When I join, I receive the welcome message and to click on link to activate. When I click on the link, I get the message Essential data from the activation URL is missing! Close your browser (located on the bottom of this script). It worked before & I don't recall changing anything. What am I missing here?

I appreciate any help and please don't answer with to complicated replies. I'm only a rookie and as you can see this is all I could achieve.

<style type="text/css">
<!--
body
{
background-image:url('images/bgactivation.jpg');
background-position:center top;
background-repeat:no-repeat;
}
-->
</style>
<?php
// If the GET variable id is not empty, we run this script, if variable is empty we give message at bottom
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//---------------------------------------------------------------------------------------------------------------------
if (isset($_POST ['email']) && $_POST ['email'] !="") {

//Connect to the database through an include
include_once "scripts/connect_to_mysql.php";

$id = $_GET['id'];
$hashloca = $_GET['sequence'];

$id = mysql_real_escape_string($id );
$id = preg_replace("`", "", $id);

$hashloca = mysql_real_escape_string($hashloca);
$hashloca = preg_replace("`", "", $hashloca);

$sql = mysql_query("UPDATE myMembers SET email_activated='1' WHERE id='$id' AND locator='$hashloca'");

$sql_doublecheck = mysql_query("SELECT * FROM myMembers WHERE id='$id' AND locator='$hashloca' AND email_activated='1'");
$doublecheck = mysql_num_rows($sql_doublecheck);


if($doublecheck == 0){
$msgToUser = "<br /><br /><h3><strong><font color=red>Your RES could not be activated!</font></strong><h3><br />
<br />
Double check your entries & try again. If neither one of those work. Please eMail site administrator and request manual activation.
";
include 'msgToUser.php';
exit();
} elseif ($doublecheck > 0) {

$msgToUser = "<br /><br /><h3><font color=\"#0066CC\"><strong>Congratulations! Your reservation has been confirmed.<br /><br />
CHECK IN anytime up top.</strong></font></h3>";

include 'msgToUser.php';
exit();
}

} // close first if

print "Essential data from the activation URL is missing! Close your browser, go back to your eMail inbox, and please use the full URL supplied in the activation link we sent you.<br />
<br />
Sorry for any trouble. My Global PNR, LLC / admin@example.com

";
?>

Thank you, Scotty

[edited by: bill at 10:14 am (utc) on Apr 29, 2012]
[edit reason] use example.com for e-mail address [/edit]

 

cffrost2




msg:4447205
 3:07 pm on Apr 29, 2012 (gmt 0)

Have you gone back to look at the email link and verified that the variables "id" and "sequence" are included in the URL? And verify that both values match the values in the db columns. If both those senerios are ok, then double check your update is working in look and see if the values are being updated in the db.

cffrost2




msg:4447208
 3:15 pm on Apr 29, 2012 (gmt 0)

Also

if (isset($_POST ['email']) && $_POST ['email'] !="") {


Is this looking for an email in the URL? Ie: http://www.example.com/index.php?email=me@example.com&id=123&sequence=HA$HVAR

If so, you shou use $_GET. Not $_POST.

If(isset($_GET['email']).....

Scotty13




msg:4447274
 7:26 pm on Apr 29, 2012 (gmt 0)

I checked my db, I changed $_Post to $_Get still no change.

If I test activation.php from Dreamweaver to my browser I get...

http://example.com/root/activation.php

If I click on the activation link that was emailed to me I get...

http://example.com/activation.php?id=9&sequence=23d1e10df85ef805b442a922b240ce25

[edited by: engine at 8:17 am (utc) on Apr 30, 2012]
[edit reason] please use example.com [/edit]

cffrost2




msg:4447317
 1:06 am on Apr 30, 2012 (gmt 0)

http://www.example.com/activation.php?id=9&sequence=23d1e10df85ef805b442a922b240ce25

Should there be an email var in that URL?
http://www.example.com/activation.php?email=me@example.com&id=9&sequence=23d1e10df85ef805b442a922b240ce25

(i just visited your link although you are not supposed to post actual url's here and added "&email=me@web.com" at the end and it seemed to do the trick) copy the url i just used above and give it a shot. (change www.example.com to your actual site)
the line if(isset($_GET['email']) && $_GET['email'] != "")
is looking for an email var or it fails and states
Essential data from the activation URL is missing

and lastly, it seems that the "essential data" part should be enclosed in an else statement
else
{
print "Essential data........";
}

Scotty13




msg:4447386
 6:59 am on Apr 30, 2012 (gmt 0)

Getting somewhere. I got these two errors...

Warning: preg_replace() [function.preg-replace]: No ending delimiter '`' found in /home/*******/public_html/activation.php on line 26

LINE 26: $id = preg_replace("`", "", $id);
Warning: preg_replace() [function.preg-replace]: No ending delimiter '`' found in /home/********/public_html/activation.php on line 29

Line 29: $hashloca = preg_replace("`", "", $hashloca);

@cffrost2 - thanks for help & time.
Scott

cffrost2




msg:4447463
 12:26 pm on Apr 30, 2012 (gmt 0)

preg_replace utilizes a starting and ending delimiter. / or #.
So
preg_replace("/`/", "", $hashloca);
that should clear up those errors.

BTW. You're welcome. :)

rocknbil




msg:4447547
 3:49 pm on Apr 30, 2012 (gmt 0)

As mentioned URL data (link in your email) is found in get, not post. This is not a try it and see, this has to be set. You might also change it like so (no big if you don't)

if (isset($_GET['email']) && ! empty($_GET['email']) {

Also as mentioned, "Essential data" would always fire. Look:

} // close first if
print "Essential data from the activation URL is missing! Close your browser, go back to your eMail inbox, and please use the full URL supplied in the activation link we sent you.<br />

You also need to exercise the same checks on $id that you do on email. Presuming it's numeric,

if (isset($_GET['id']) and is_numeric($_GET['id']) and ($_GET['id'] > 0)) {
$id = $_GET['id'];
} else { die("ID is not numeric"); }

if (isset($_GET['sequence']) and preg_match('/^[a-z\d]+$/i',$_GET['sequence'])) {
$hashloca = $_GET['sequence'];
} else { die("Hash contains invalid characters or is not set"); }

An aside, you have str_replace [php.net] syntax here, not preg_replace, which would work fine for what you're doing.

$hashloca = str_replace("`", "", $hashloca);

For the ID, you're looking for a numeric value, right? Sub out anything not a number. Actually you won't even need to do that if you use the error trap that checks for numeric data (IMO, there shouldn't even be a backtick in these links, I'd fix it so there aren't any.)

$id = preg_replace('/[^\d]/','',$id);

Those two bits all together,

if (isset($_GET['id']) and is_numeric($_GET['id']) and ($_GET['id'] > 0)) {
$id = $_GET['id'];
} else { die("ID is not numeric"); }

if (isset($_GET['sequence']) and preg_match('/^[a-z\d]+$/i',$_GET['sequence'])) {
$hashloca = str_replace("`", "", $hashloca);
$hashloca = $_GET['sequence'];
} else { die("Hash contains invalid characters or is not set"); }

Scotty13




msg:4447682
 9:14 pm on Apr 30, 2012 (gmt 0)

This is the activation link sent to my email.

http://example.com/activation.php?email=me@example.com&id&sequence=23d1e10df85ef805b442a922b240ce25

@rocknbil I tried your way and got... ID is not numeric. So I went with cffrost2 way and got the following...

Your RES could not be activated!

Double check your entries & try again. If neither one of those work. Please eMail site administrator and request manual activation.

I also got this error message...

Notice: Undefined variable: ckinOptions in /home/********/public_html/mgpheader_template.php on line 38

From mgpheader_template.php LINE 38: <td width="187"55"><div align="center" style="margin-bottom:14px; text-align: center;"><?php echo $ckinOptions; ?>

Thanks guys,
Scott

cffrost2




msg:4447726
 11:49 pm on Apr 30, 2012 (gmt 0)

scott, rocknbil showed you a different way of writing your code and a better way of validating your vars. By you stating you used his "way" and got the error "id is not numeric", it told me right where to look. Makes things easier to troubleshoot when your code is well written.

The reason both failed is because your id var is not being passed:
http://example.com/activation.php?email=me@example.com&id&sequence=23d1e10df85ef805b442a922b240ce25

Most likely in the code that is building the URL.

This error is a perfect example of what rocknbil is teaching you:
Notice: Undefined variable: ckinOptions in /home/********/public_html/mgpheader_template.php on line 38

This is from a var trying to be used but isn't set. Line 38 is showing where the var is being used/echoed. You have to find where it's being generated and correct that issue. So the problem lies before line 38.

You're doing good. Keep up trying. Learning never comes overnight. :)

rocknbil




msg:4448035
 4:01 pm on May 1, 2012 (gmt 0)

ID is not numeric.


Perfect. Leave it in! :-) Do you see it? Look at your link. What is id equal to? :-)

Scotty13




msg:4448119
 7:31 pm on May 1, 2012 (gmt 0)

A. 23

23 What?

cffrost2




msg:4448214
 2:09 am on May 2, 2012 (gmt 0)

Scott.

A. 23

23 What?

What are you referring to?

Scotty13




msg:4448271
 6:42 am on May 2, 2012 (gmt 0)

You said look at your link. What is id equal to?

rocknbil




msg:4448536
 4:20 pm on May 2, 2012 (gmt 0)

No, that's sequence (and it's not just "23", it's 23d1e10df85ef805b442a922b240ce25). Look . . .

&id&

id doesn't even have an =, it's not even a string. It's set, but it can't be anything but null. What you should have there is

&id=12345& (or some other number)

The problem is in generating the email output. And the error trapping you added is telling you that. :-)

Scotty13




msg:4448707
 11:25 pm on May 2, 2012 (gmt 0)

I went back to an older script. Took what I had and what you all given me and now working just fine. End result (just showing the top half)....

<style type="text/css">
<!--
body
{
background-image:url('images/bgactivation.jpg');
background-position:center top;
background-repeat:no-repeat;
}
-->
</style>
<?php
// If the GET variable id is not empty, we run this script, if variable is empty we give message at bottom
if ($_GET['id'] != "") {

//Connect to the database through an include
include_once "scripts/connect_to_mysql.php";

$id = $_GET['id'];
$hashloca = $_GET['sequence'];

$id = mysql_real_escape_string($id );
$id = preg_replace("/`/", "", $id);

$hashloca = mysql_real_escape_string($hashloca);
$hashloca = preg_replace("/`/", "", $hashloca);

$sql = mysql_query("UPDATE myMembers SET email_activated='1' WHERE id='$id' AND locator='$hashloca'");

$sql_doublecheck = mysql_query("SELECT * FROM myMembers WHERE id='$id' AND locator='$hashloca' AND email_activated='1'");
$doublecheck = mysql_num_rows($sql_doublecheck);

if($doublecheck == 0){

Thanks again,
Scotty

cffrost2




msg:4448725
 1:31 am on May 3, 2012 (gmt 0)

Good to see you have it working again.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved