php - Email Verification/Validation - Error -
i think post may appear "off" topic others. it'll great thank if me out this.
i found email verification code on web. somehow, find confusing @ first when began understand , put on code. there's error , don't know how.
problems:
- the email verification code.
- proper syntax/use of code.
code:
<?php if(isset($_post['submit'])) { $a = $_post['username']; $b = $_post['password']; $c = $_post['firstname']; $d = $_post['lastname']; $e = $_post['month']; $f = $_post['day']; $g = $_post['year']; $h = $_post['contact']; $i = $_post['email']; $j = $_post['confirm']; $code = md5(uniqid(rand())); include("dbconnect.php"); $query = "select * `users`.`info` `username`='".$a."' , `email_address`='".$i."'"; $queryquery=$con->query($query); $checker = mysqli_num_rows($queryquery); if (($a && $b && $c && $d && $h && $i && $j) == "") { print "<script type=text/javascript> alert('all fields required'); </script>"; } else { if ($checker == 0 && $b != $j) { print "<script type=text/javascript> alert('password mismatch'); </script>"; } else if($checker == 0) { //print $a,$b,$c,$d,$e,$f,$g,$h,$i; $insertquery="insert `users`.`info` (`username`,`password`,`firstname`,`lastname`,`month`,`day`,`year`,`contact_number`,`email_address`,`confirm_code`) values ('$a','$b','$c','$d','$e','$f','$g','$h','$i','$code')"; $insertqueryresult=$con->query($insertquery); if ($insertqueryresult) { // send e-mail ... $to=$i; // subject $subject="your confirmation link here"; // $header="from admins of publisita.com"; // message $message="your comfirmation link \r\n"; $message.="click on link activate account \r\n"; $message.="http://www.gmail.com/confirmation.php?passkey=$code"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { print "<script type=text/javascript> alert('not found email in our database') </script>"; } // if email succesfully sent if($sentmail) { print "<scrpit type=text/javascript> alert('your confirmation link has been sent email address') </script>"; } else { print "<script type=text/javascript> alert('cannot send confirmation link e-mail address') </script>"; } } print "<script type=text/javascript> alert('successfully registered'); </script>"; } else { print "<script type=text/javascript> alert('information been used'); </script>"; } } } ?> it'll great thing if helped me out
this line:
if (($a && $b && $c && $d && $h && $i && $j) == "") is not valid syntax. if want make sure these values aren't empty need check them individually (you want use or (||) since 1 has empty show error. current code require of them empty):
if ($a == "" || $b == "" ....) // or if (empty($a) || empty($b) ....) or come more concise way this:
$fields = array($a, $b, $c, $d, $h, $i, $j); if (count(array_filter($fields)) !== count($fields)) the code above takes of values checked puts them array. calls array_filter() remove values false (an empty string type juggled boolean false). if number of remaining elements doesn't equal starting number of elements 1 or more empty , need show error.
as pointed out @nicolasdefranoux wide open sql injections. make sure close hole before publishing code.
Comments
Post a Comment