Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 I have had good progress in web programming

views
     
meenn P
post Jan 19 2022, 08:36 PM

New Member
*
Probation
11 posts

Joined: Jan 2022
About PHP login and signup:

QUOTE
1) Login and Register.

How does blogging site (or simply any site with userbase) send activation link which would work?
How to implement it from scratch theoretically, and how to implement with the help of frameworks, if any?


I have done a activation code generation, as below, is this acceptable?

CODE
 $key = rand(100000,999999);

 $insertSQL = "INSERT INTO users(username,name, password ) values(?,?,?)";
 $stmt = $con->stmt_init();
 $stmt = $con->prepare($insertSQL);
 $stmt->bind_param("sss",$email,$key,$password);
 $stmt->execute();
 $stmt->close();

 $to      = $email;
 $subject = 'Activation Code';
 $msg = "Please click this link below to activate your account on yourdomain.com:\n\nhttps://yourdomain.com/phpdemo/activate.php?email=" . $to . "&key=" . $key;
 $msg = wordwrap($msg,70);
 mail($to, $subject, $msg);


So, I receive link in e-mail like this:

CODE
yourdoamin.com/phpdemo/activate.php?email=XXX&key=XXX


I see other platform has more complicated way used to activation link, but was my example above sufficient for small-scale application?
meenn P
post Jan 20 2022, 10:06 PM

New Member
*
Probation
11 posts

Joined: Jan 2022
And this is my activate.php (portion of it):

CODE
if (isset($_GET['email'])) {
 $unameurl= $_GET['email'];
 if (isset($_GET['key'])) {
   $keyurl= $_GET['key'];
   $uname = mysqli_real_escape_string($con, $unameurl);

   $sql_query = "select * from users where username='". $uname ."'";
   $result = mysqli_query($con,$sql_query);
   $row = mysqli_fetch_array($result);

   $key = $row['name'];

   if ($uname != $key) {
     if ($keyurl == $key) {

       $insertSQL = "UPDATE users SET name = '" . $uname . "' WHERE username = '" . $uname . "'";
       $stmt = $con->stmt_init();
       $stmt = $con->prepare($insertSQL);
       $stmt->execute();
       $stmt->close();

       alert2("Activated successfully.");
     } else {
       alert2("Invalid key.");
     }
   } else {
     alert2("User account has already been activated before.");
   }
 }
}


I think it is working anyway, but am not sure if this is the proper way of doing it.

As you can see, my "users" table has username, name and password fields.
The activation key is stored in "name" field initially, then once activated, it will replace "name" field the same value as "username" field.

If the "name" field is still random number, means it is not yet activated. Clever? biggrin.gif
meenn P
post Jan 20 2022, 11:09 PM

New Member
*
Probation
11 posts

Joined: Jan 2022
First of all, really thanks for your code review, it is a really helpful reply.

QUOTE(malleus @ Jan 20 2022, 10:19 PM)
what happens in the event where none if your if statements passes? you do need to display an error right? you only display errors for the 2 inner most if statements, but not the outer 2.
*
Yes, I just checked, if missing email or key in the URL, it displays a blank page. I was so careless....

QUOTE
one thing that I noticed is, you have up to 4 if statements nested. how about instead of checking for positive cases, check for a negative instead. and if you get a negative, return right away. this way you only need to have 1 layer nested max
*
If check for negative case with one if..then condition, means only one error message? e.g. Activation failed

QUOTE
your earlier code example makes use of parameterised statements. why don't you use that instead? instead of constructing the sql string manually?
*
Good eye. My parameterised statements yesterday was modified from online tutorial. But I wrote the code in activate.php myself (hence, don't know to apply parameterised statement here). The time I wrote my activate.php, not much online examples of e-mail activation in PHP.

QUOTE
finally, is it really a good idea to use (or misuse) the name field for something that's not supposed to go there? try to imagine when you look at this again months or years from now. will you still remember why you put the activation key in the name field?
*

You're right, it is certainly confusing to use "name" field for activation key. The problem is then everytime need to refer to source code to find out... hmm.gif


If I host my this phpdemo example (Login & signup) in local Exabytes, my activation mails were delivered successfully, but if I host it on Godaddy, my activation mails would be rejected as spam because containing activation link. Not sure if Godaddy has bad reputation for abusing PHP mail service.



 

Change to:
| Lo-Fi Version
0.0154sec    0.87    6 queries    GZIP Disabled
Time is now: 29th March 2024 - 12:56 PM