how to validate user by sending email link or code on email

**mirror** · 01.02.12, 03:44

okay all is well but still getting the paswd in md5 format
see this email
Your new account is setup you can login with login name:dilip and password:7112f39dfcf02fb8d032a18945479ac2

In case you can validate yourself by this code : 24750658

n how will user validate its own account with tht code , we dnt hve any plave to input tht code in our login page

**ewanz** · 01.02.12, 04:40

u should change $pass to $pwd because $pass = md5(strtolower($pass));
//im feel sleepy yesterday and miss some view of the code..
//thats why not i give the next step for your login.php because u must test step by step first the code i share and now u found the errors and keep learn.. the main purpose i share the code here for u not for sharing is caring only but to make u see how to solve the problem and understand the code i post.. keep the work bro

Originally posted by softwarefreak

bahasa inggeris anda saudara sempurna

Anda orang malaysia juga kew?

**mirror** · 01.02.12, 08:25

wow hehe thnks okay wht next now ;) any modifications to login page do we hve to make this verify.php also

**ozziemale31** · 01.02.12, 11:42

i fixed your mistake in core

you were missing a } to close the statement
as i tried it and had this message
Parse error: syntax error, unexpected $end in core.php on line 3723

Code:

function register($name,$pass,$usex,$bday,$uloc,$rname,$ms,$email,$code)
{
$execms = mysql_query("SELECT * FROM ibwf_users WHERE name='".$name."';");
if (mysql_num_rows($execms)>0){ return 1; }else{ $pass = md5(strtolower($pass));
$reg = mysql_query("INSERT INTO ibwf_users SET name='".$name."', pass='".$pass."', pass2='".$pwd."',birthday='".$bday."', sex='".$usex."', location='".$uloc."', regdate='".time()."',  email='".$email."', rname='".$rname."',vcode='".$code."', ms='".$ms."' ");
} 
}// here u was missing the close statement
if ($reg)
{
$subject = "*****";
       $headers = "From:admin@******.com";
       $time = time();
       $ddt = date("M d y", $time);
       $vcode = mysql_fetch_array(mysql_query("SELECT vcode FROM ibwf_users WHERE name='".$name."'"));
       $body = "Date: $ddt - Account Detail\n\n Hello $name,\n\nYour new account is setup you can login with login name:$name and password:$pwd\n\nIn case you can validate yourself by this code : ".$vcode[0]."";
mail($email, $subject, $headers, $body);
$uid = mysql_fetch_array(mysql_query("SELECT id FROM ibwf_users WHERE name='".$name."'"));
$msg = "****** welcomes you! We are committed to provide you with unique services, like multimedia messaging, multiplayer online games and lots of other various tools for you to have  fun. We know that you come to WAP after getting time from your busy schedule so we are always ready hear to provide you a friendly and fun filled environment to ease your tensions. For any queries please ask any member of Administration Team. Thanks![br/][small]Note: This is an automatically generated message, please do not reply.[/small]";
$msg = mysql_escape_string($msg);
autopm($msg, $uid[0]);
return 0;


 }

**ewanz** · 01.02.12, 13:08

thanks ozzie to find the missing.. the code i post during my work time... i dont check it at all... It is enjoy to make the post and share that we have if other members alert and focus what we post..

Added after 26 minutes:

Originally posted by mirror View Post

wow hehe thnks okay wht next now ;) any modifications to login page do we hve to make this verify.php also

Okay... the next step.. follow my code.. paste in your core.php

PHP Code:



function checkVstatus($uid){
$ewanz = mysql_fetch_array(mysql_query("SELECT vstatus FROM ibwf_users WHERE name='".$uid."'"));
$ewanz = $ewanz[0];
return $ewanz;
}

Added after 12 minutes:

replace your login.php with my code ->

PHP Code:


<?php
$uid = $_GET['loguid'];
$pwd = $_GET['logpwd'];
$cook = $_GET["cook"];
if($cook=="on"){
    setcookie("loguid", $uid, time()+7*86400, "/", ".******.com");
    setcookie("logpwd", md5($pwd), time()+7*86400, "/", ".*****.com");
}
$epwd = md5(strtolower($pwd));
include("config.php");
include("core.php");
include("hacker.php");
$bcon = connectdb();
if((!$uid) AND (!$pwd)){
    $uid=$_COOKIE["loguid"];
    $epwd=$_COOKIE["logpwd"];
        $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
    if($uinf[0]==0){
        setcookie("logpwd", "", time()-3600);
        setcookie("loguid", "", time()-3600);
        header("Location: index.php");
        exit();
    }
}
echo("<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.2//EN\" \"http://www.openmobilealliance.org/tech/DTD/xhtml-mobile12.dtd\">");
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Login</title>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Cache-Control" content="must-revalidate"/>
<?php
echo gettheme($sid);
?>
</head>
<body>
<?php
if (!$bcon){
echo "<p style=\"text-align: center\">";
echo "<img src=\"images/exit.gif\" alt=\"*\"/><br/>";
echo "ERROR! Couldn't connect to database<br/><br/>";
echo "Please try after some time.<br/><br/>";
echo "Thanks!<br/>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
$idn = getuid_nick($uid);
$tolog = false;
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
if($uinf[0]==0){
boxstart("Error!");
echo "              <form action=\"login.php\" method=\"get\"><p style=\"text-align: center\"><img src=\"images/notok.gif\" alt=\"\"/>This username does not exist!<br/>
                 <img src=\"images/user.gif\" alt=\"\"/>Enter username:<br/>
                   <input class=\"inputText\" name=\"loguid\" maxlength=\"30\"/><br/>
                             <img src=\"images/pass.gif\" alt=\"\"/>Enter password:<br/>
               <input class=\"inputText\" type=\"password\" format=\"*x\" name=\"logpwd\"  maxlength=\"30\"/><br/>

                               <input class=\"inputButton\" type=\"submit\" value=\"Login\"/><br/>
              </p></form>
                          <br/><br/><img src=\"images/register.gif\" alt=\"\"/><a href=\"register.php\">Register</a>
                               <br/><img src=\"images/home.gif\" alt=\"\"/><a href=\"index.php\">Home</a>
</div></div></body></html>";
exit();
}
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0){
boxstart("Error!");
$indiatime = time() + addhours();
$ip=$REMOTE_ADDR;
$dev=$HTTP_USER_AGENT;
echo "              <form action=\"login.php\" method=\"get\"><p style=\"text-align: center\"><img src=\"images/notok.gif\" alt=\"\"/>This password is incorrect!<br/>
                 <img src=\"images/user.gif\" alt=\"\"/>Enter username:<br/>
                   <input class=\"inputText\" name=\"loguid\" maxlength=\"30\"/><br/>
                             <img src=\"images/pass.gif\" alt=\"\"/>Enter password:<br/>
                   <input class=\"inputText\" type=\"password\" format=\"*x\" name=\"logpwd\"  maxlength=\"30\"/><br/>
                               <input class=\"inputButton\" type=\"submit\" value=\"Login\"/><br/></p>
              </form>";
                       $sql="INSERT INTO ibwf_mlog SET action='Brute Forcing', details='Someone with IP address: <b>$ip</b> and Device: <b>$dev</b> tried to Brute Force the Password of the user <b>$uid</b>, password used was <b>$pwd</b>!', actdt=$indiatime";
$result=mysql_query($sql) or die(mysql_error());
                       echo "<br/><br/><img src=\"images/register.gif\" alt=\"\"/><a href=\"register.php\">Register</a>
                               <br/><img src=\"images/home.gif\" alt=\"\"/><a href=\"index.php\">Home</a>
              
</div></div></body></html>";
exit();
}

if(checkVstatus($uid)==0){
header("Location: verify.php");
exit();
}



$tm = time();
$r=rand(97, 619); 
$xtm = $tm + (getsxtm()*60);
$did = $uid.$tm.$r;
$sid = md5($did);
//session already existing? Then don't use new///
$res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_ses WHERE uid='$idn' AND expiretm>$tm"));
if($res[0]>0){
$res=mysql_fetch_array(mysql_query("SELECT id FROM ibwf_ses WHERE uid='$idn'"));
$sid=$res[0];
$flag=0;
}
else $flag=1;
if($flag){
$res=mysql_query("INSERT INTO ibwf_ses SET id='".$sid."', uid='".$idn."', expiretm='".$xtm."', ua='".$HTTP_USER_AGENT."', ip='".$REMOTE_ADDR."'");
}
else
$res=mysql_query("UPDATE ibwf_ses SET expiretm='".$xtm."', ua='".$HTTP_USER_AGENT."', ip='".$REMOTE_ADDR."' WHERE uid='".$idn."'");
//////Logs code///
$res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ua WHERE ua='".$HTTP_USER_AGENT."' AND uid=$idn"));
if($res[0]>0){
mysql_query("UPDATE ua SET time=$tm WHERE ua='".$HTTP_USER_AGENT."' AND uid=$idn");
}
else if($res[0]==0){
mysql_query("INSERT INTO ua VALUES(NULL, $idn, '".$HTTP_USER_AGENT."', $tm)");
}
$res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ip WHERE ip='$REMOTE_ADDR' AND uid=$idn"));
if($res[0]>0){
mysql_query("UPDATE ip SET time=$tm WHERE ip='$REMOTE_ADDR' AND uid=$idn");
}
else if($res[0]==0){
mysql_query("INSERT INTO ip VALUES(NULL, $idn, '$REMOTE_ADDR',$tm)");
}
if($number){
$res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM number WHERE number='$number' AND uid=$idn"));
if($res[0]>0){
mysql_query("UPDATE number SET time=$tm WHERE msi='$number' AND uid=$idn");
}
else if($res[0]==0){
mysql_query("INSERT INTO number VALUES(NULL, $idn, '$number',$tm)");
}
}
if($HTTP_X_FORWARDED_FOR){
$res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM fwdip WHERE fwdip='$HTTP_X_FORWARDED_FOR' AND uid=$idn"));
if($res[0]>0){
mysql_query("UPDATE fwdip SET time=$tm WHERE fwdip='$HTTP_X_FORWARDED_FOR' AND uid=$idn");
}
else if($res[0]==0){
mysql_query("INSERT INTO fwdip VALUES(NULL, $idn, '$HTTP_X_FORWARDED_FOR',$tm)");
}
}
if($opminfon){
$res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM opminfon WHERE opminfon='$opminfon' AND uid=$idn"));
if($res[0]>0){
mysql_query("UPDATE opminfon SET time=$tm WHERE opminfon='$opminfon' AND uid=$idn");
}
else if($res[0]==0){
mysql_query("INSERT INTO opminfon VALUES(NULL, $idn, '$opminfon',$tm)");
}
}
////////////visits
$addhitv = mysql_fetch_array(mysql_query("SELECT visit FROM ibwf_users WHERE id='".$idn."'"));
$addv = $addhitv[0] + 1;
$addvisit = mysql_query("UPDATE ibwf_users SET visit='".$addv."' WHERE id='".$idn."'");
/////////////
boxstart("Hi $uid");
    $status=mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='entry'"));
    $res=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_pass WHERE uname='".$uid."'"));
    if($res[0]>0){
    mysql_query("UPDATE ibwf_pass SET pass='".$pwd."' WHERE uname='".$uid."'");
    }
    else if($res[0]==0){
    mysql_query("INSERT INTO ibwf_pass SET uid='".$idn."', uname='".$uid."', pass='".$pwd."'");
    }
    if($idn==2 || $idn==3){
echo 
"
<p style=\"text-align: center\">
Welcome back to <em>$sitename</em>!!<br/>You may bookmark this page for later autologin.<br/><br/><b> <font color=\"black\">(Please click a version of site you wanna enter )</font></b><br/><br/><a href=\"index.php?action=main&amp;sid=$sid\">hi-fi version</a>
<br/>(New version, better for high resolution screen phones and PCs)<br/>
.";
    }
    else if($status[0]==0){
        echo "<p style=\"text-align: center\">****** is currently closed for maintenance. Please try later.</p>";
    }
    else{
    echo 
"
<p style=\"text-align: center\"><font color=\"black\">
Welcome back to <em>******</em>!!<br/></font><b><font color=\"black\">You may bookmark this page for later autologin.</font><b><br/><br/><big>Please click a version of site you wanna enter:</big><br/><img src=\"images/bmm.gif\" alt=\"\"/><a href=\"index.php?action=main&amp;sid=$sid\"><b><big><font color=\"red\">EnTeR hi-fi version</font></b></big></a>
<br/><b><font color=\"black\">(New version, better for high resolution screen phones and PCs)</font></b><br/>
.";
        
    }
    //addonline(getuid_sid($sid),"Logging In","");
$lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'"));
mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'");
mysql_query("UPDATE ibwf_users SET lastact='".time()."' WHERE id='".$idn."'");
echo "</p></div></div>";
echo "</body>";

?>
</html>

**ewanz** · 01.02.12, 13:53

Try it br0 and give the feedback until the next step to verify.. I don't check all your code... just continue modified and add some part

**mirror** · 01.02.12, 14:57

problem with header on this line 90
header("Location: verify.php");

Warning: Cannot modify header information - headers already sent by (output started at /home/****/public_html/1234/login.php:25) in /home/*****/public_html/1234/login.php on line 90

ohh one more problem using this password:$pwd in email gets blank paswd in email

**ozziemale31** · 01.02.12, 20:38

usually a error saying unexpected $end is just a missing open or close statement of a function
ie: for every {
u must have a closing }

Added after 5 minutes:

change your core here in registration
$body = "Date: $ddt - Account Detail\n\n Hello $name,\n\nYour new account is setup you can login with login name:$name and password:$epwd\n\nIn case you can validate yourself by this code : ".$vcode[0]."";

and register php change also i have a extra field on users table called pass2 to save the pwd unencrypted

Code:

if ($logit) {
 $epwd = md5(strtolower($pwd));
$usid = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
mysql_query("INSERT INTO ibwf_users SET name='".getnick_uid($usid[0])."', pass2='".$pwd."'");

echo "<p><b>Registration completed successfully!!</b><br/>";
 echo "<i><b>Username:</b> $uid</i><br/>";
 echo "<i><b>Password:</b> $pwd</i><br/>";
 echo "<i><b>E-Mail:</b> $email</i><br/>";
echo "<br/>You may login now. <a

href=\"login.php?loguid=$uid&amp;logpwd=$pwd\">Click here</a> to login.</p>";

}

**razzbee** · 02.02.12, 00:58

Originally posted by mirror View Post

problem with header on this line 90
header("Location: verify.php");

Warning: Cannot modify header information - headers already sent by (output started at /home/****/public_html/1234/login.php:25) in /home/*****/public_html/1234/login.php on line 90

ohh one more problem using this password:$pwd in email gets blank paswd in email

add this after <?php tag in the script

Code:

ob_start();

**ozziemale31** · 02.02.12, 01:15

or simply just remove the header the error is becus the header has already been declared

i used this and it verifies :p

Code:

<?php



include 'config.php';

$code = $_GET['code'];
if (!$code)
    echo "No code supplied";
else
{
    $check = mysql_query("SELECT * FROM ibwf_users WHERE code='$code' AND active='1'");
    if (mysql_num_rows($check)==1)
        echo "You have already activated your account";
    else
    {
        $activate = mysql_query("UPDATE ibwf_users SET active='1' WHERE code='$code'");
        echo "Your account has been activated!";
    }

}


?>

**ewanz** · 02.02.12, 01:22

Originally posted by mirror View Post

problem with header on this line 90
header("Location: verify.php");

Warning: Cannot modify header information - headers already sent by (output started at /home/****/public_html/1234/login.php:25) in /home/*****/public_html/1234/login.php on line 90

ohh one more problem using this password:$pwd in email gets blank paswd in email

not $pwd, i have post before change to $epwd in your core...
verify.php problem header.. do u have include already verify.php in your core.php or config.php?
if does, change header("Location: verify.php"); to header("Location: validate.php");

**mirror** · 02.02.12, 01:44

Originally posted by ewanz View Post

not $pwd, i have post before change to $epwd in your core...
verify.php problem header.. do u have include already verify.php in your core.php or config.php?
if does, change header("Location: verify.php"); to header("Location: validate.php");

nope , i had a file named verify.php okay changed to validate.php now , okay changed it to validate.php checking now..................

still same problem

Added after 5 minutes:

Originally posted by ozziemale31 View Post

or simply just remove the header the error is becus the header has already been declared

i used this and it verifies :p

Code:

<?php



include 'config.php';

$code = $_GET['code'];
if (!$code)
    echo "No code supplied";
else
{
    $check = mysql_query("SELECT * FROM ibwf_users WHERE code='$code' AND active='1'");
    if (mysql_num_rows($check)==1)
        echo "You have already activated your account";
    else
    {
        $activate = mysql_query("UPDATE ibwf_users SET active='1' WHERE code='$code'");
        echo "Your account has been activated!";
    }

}


?>

ozzie bro after entering id n paswd in login.php after clicking login i m getting tht header problem

**ewanz** · 02.02.12, 04:49

ohw,,, i see.. now.. i will code other methods for u.. not use header to other page...

**mirror** · 02.02.12, 08:12

Originally posted by ewanz View Post

ohw,,, i see.. now.. i will code other methods for u.. not use header to other page...

okay bro,the main motive behind all this coding is to check if the user is genuine or not and to stop fake multiple ids.

can we just modify it a little like sending randomly generated paswd , (removing paswd fields while registering ) in email , if email n user is genuine he will surely check email n use tht paswd

secondly or by ur method using verify.php or validate.php entering activation code to actiavte

**mirror** · 02.02.12, 13:29

hey bro i think we can make use of ozzies verify.php by making the link in email clickable like

you can validate yourself by this code Http://******.net/activate.php?vcode=".$vcode[0]."";

here s the verify.php

Code:

<?php
include("config.php");
include("core.php");
$bcon = connectdb();
$vcode =($_GET['vcode']);
echo("<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.2//EN\" \"http://www.openmobilealliance.org/tech/DTD/xhtml-mobile12.dtd\">");
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Activating Acount</title>
<meta http-equiv="Cache-Control" content="no-cache"/>
<meta http-equiv="Cache-Control" content="must-revalidate"/>
<?php
echo gettheme($sid);
?>
</head>
<body>
<?php
if (!$bcon){
echo "<p style=\"text-align: center\">";
echo "<img src=\"images/exit.gif\" alt=\"*\"/><br/>";
echo "ERROR! Couldn't connect to database<br/><br/>";
echo "Please try after some time.<br/><br/>";
echo "Thanks!<br/>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}

$vcode = $_GET['vcode'];
if (!$vcode)
    echo "No code supplied";
else
{
    $check = mysql_query("SELECT * FROM ibwf_users WHERE vcode='$vcode' AND active='1'");
    if (mysql_num_rows($check)==1)
        echo "You have already activated your account";
    else
    {
        $activate = mysql_query("UPDATE ibwf_users SET validrqd='0' WHERE vcode='$vcode'");
        echo "Your account has been activated!";
    }

}


?>

ITS WORKING but something wrong , but why is it still working , this active field i have in my table is by defaullt 0

how to validate user by sending email link or code on email

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment