Getting confirmation code from URL and updating database - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Getting confirmation code from URL and updating database

err.. not sure why it's not working.

mylungsarempty

1:52 am on Nov 12, 2010 (gmt 0)

10+ Year Member

<?php ###HERE IS WHERE YOU SEE IF THERE IS A CONFIRMATION CODE IN THE URL AND THEN CONFIRM THE ACCOUNT, AND LOG IN THE USER::: but what if confirm code does not match?

if (isset($_GET['confirmation']))
{
$unconfirmed_user = $_GET['username'];
$confirmation_code = $_GET['confirmation'];
$confirm_sql = "SELECT * FROM members WHERE username = '$unconfirmed_user' AND confirmation = '$confirmation_code'";
$sql_confirmed = mysql_query($confirm_sql);
$confirm_count=mysql_num_rows($sql_confirmed);

###IF THE USERNAME AND CONFIRMATION MATCH THEN YOU GET LOGGED INTO THE SESSION:::
if($confirm_count == 1)

{

$update_confirm = "UPDATE members SET confirmed = '1' WHERE username = '$unconfirmed_user' AND confirmation = '$confirmation_code'";

mysql_query($update_confirmed);

mysql_fetch_array($please);

echo $please['confirmation'];

$new_user = mysql_fetch_array($sql_confirmed);

$_SESSION['username'] = $new_user['username'];
$_SESSION['password'] = $new_user['password'];
$_SESSION['user_id'] = $new_user['user_id'];

}
}

It's like the whole thing is just getting skipped and moving on down the page. The URL has the variable in it... i'm just not sure why this isn't working. Probably something easy I'm missing. Can you see what it is? Thanks for your help :)

Matthew1980

11:16 am on Nov 12, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hi there mylungsarempty,

<?php ###HERE IS WHERE YOU SEE IF THERE IS A CONFIRMATION CODE IN THE URL AND THEN CONFIRM THE ACCOUNT, AND LOG IN THE USER::: but what if confirm code does not match?

if (isset($_GET['confirmation']) && !empty($_GET['confirmation'])){
//clean and make sql safe
$_GET = array_map('strip_tags', $_GET);
$_GET = array_map('mysql_real_escape_string', $_GET);
//assign
$unconfirmed_user = $_GET['username'];
$confirmation_code = $_GET['confirmation'];
$confirm_sql = "SELECT * FROM `members` WHERE `username` = '".$unconfirmed_user."' AND `confirmation` = '".$confirmation_code."' ";
$sql_confirmed = mysql_query($confirm_sql);

###IF THE USERNAME AND CONFIRMATION MATCH THEN YOU GET LOGGED INTO THE SESSION:::
if(mysql_num_rows($sql_confirmed) > 0){

$update_confirm = "UPDATE `members` SET `confirmed` = 1 WHERE `username` = '".$unconfirmed_user."' AND `confirmation` = '".$confirmation_code."' ";

$please = mysql_query($update_confirmed);//< you forgot to assign the var here!

$result = mysql_fetch_array($please);

print_r($result['confirmation']);

$new_user = mysql_fetch_array($sql_confirmed);

$_SESSION['username'] = $new_user['username'];
$_SESSION['password'] = $new_user['password'];
$_SESSION['user_id'] = $new_user['user_id'];

}
}
else{
echo "No matches found";
exit;
}

Try that, it might not work, but you had missed off some things, and basic sanitising is always a good idea - numerical values don't get quoted or mysql will do strange things with quoted numbers (something about turning into float's if I recall correctly)

Hope that makes it a little clearer.

Cheers,
MRb

mylungsarempty

9:20 pm on Nov 12, 2010 (gmt 0)

10+ Year Member

Hey thanks for the reply - I'm gonna look it over and see if I can improve my coding skills with it. I actually stayed up late and got the whole thing working. I found all those mistakes I had and then got some if/else sequences figured out. It's amazing what a cup of coffee can do for your eyes when you're looking at some code!

Matthew1980

3:22 pm on Nov 13, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Well its good that you have figured it out. Coffee can make you more alert, but a fresh pair of eyes is Always the better option. Have fun with the rest of your project.

Cheers,
MRb