PHP & MySQL

system · January 26, 2016, 8:54pm

In MySQL Database I have codeNum set as 123456789

in PHP i want that code to be verified.

for example, if the user is registering in the webpage, they have to enter the code mentioned above and if that code matches, then they can continue registering however, if that code does not match, then the register is displayed with a message: Invalid code number. Please use code number that was provided to you via E-Mail.

I’ve already have these values on my functions.php

public function register($codenum)
{
try
{
$password = md5($upass);
$stmt = $this->conn->prepare(“INSERT INTO tbl_users(codeNum)
VALUES(:codenum_code)”);

		$stmt->bindparam(":codenum_code",$codenum);
		$stmt->execute();	
		return $stmt;
	}

This code is on the form.php and the changes needs to be done here:

Login

    <input type="codenum" class="input-block-level" placeholder="Code Number" name="txtcodenum" >
 	

    <button class="btn btn-large btn-primary" type="submit" name="btn-signup">Sign Up</button>
    <a href="index.php" style="float:right;" class="btn btn-large">Sign In</a>
</form>

Thanks in advance

JimL · January 27, 2016, 7:36am

This is confusing. Your form says “sign in” and “sign up”, you say you want to check if a code is in the database, however you insert it instead of trying to select it. And you create a (very insecure) hash of the password - which you don’t use.

How is this supposed to work? The user submits a code and is, registered? logged in?

And if you’re handling passwords, please store them using PHPs password_hash lib
http://php.net/manual/en/function.password-hash.php

Strider64 · January 27, 2016, 12:45pm

Why are you giving them a code (Number) for a password in the first place? It would be much easier and safer if the user chose his/her own. An like JimL state using password_hash would be much better that creating a very weak hashing script.

WildFire2000 · January 27, 2016, 8:17pm

My bad that I did not explain this more clearly since I’m a new to this PHP coding thing.

Let me explain myself:

I have a yahoo group with members who uses Paint Shop Pro, sort of like Photo Shop and with that group we share allot of tags, pictures backgrounds and fonts.

Let me explain what I am trying to accomplish:

I e-mail one of my member “Sally” a code number “123456789” to go join my website that contains a vast of public domain images and graphics for her project where she can download at no cost.

when she goes to the site to register, she is confronted with:

Enter Code number: (the one that was previously e-mailed to her)
Username
e-mail:
Password (this is encrypted as she will use this to log in later)

Once she register, Sally will get an e-mail to complete her registration

Once she complete her registration, she can normally sign in with username and password. (this portion is working fine and no code number is needed)

Now as for Mike who wants to register to my site (not a member of my yahoo group) does not have the code, he cannot register.

codenum and $codenum is what I am having trouble with.

Here is the php code to the signup.php

<?php session_start(); require_once 'class.user.php'; $reg_user = new USER(); if($reg_user->is_logged_in()!="") { $reg_user->redirect('home.php'); } if(isset($_POST['btn-signup'])) { $uname = trim($_POST['txtuname']); $email = trim($_POST['txtemail']); $upass = trim($_POST['txtpass']); $code = md5(uniqid(rand())); $codeNum = trim($_POST['txtcodenum']); $stmt = $reg_user->runQuery("SELECT * FROM tbl_users WHERE userEmail=:email_id, codeNum=:codeNum_id"); $stmt->(array(":codeNum_id"==$codenum)); $stmt->execute(array(":email_id"=>$email)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if($stmt->rowCount() > $codenum) { $msg = "

× Sorry ! Wrong Code

"; } else if($stmt->rowCount() > 0) { $msg = "

× Sorry ! email allready exists , Please Try another one

"; } else { if($reg_user->register($uname,$email,$upass,$code)) { $id = $reg_user->lasdID(); $key = base64_encode($id); $id = $key; $message = " Hello $uname,

Welcome to groupnameyahoo Group Members webpage
To complete your registration please , just click following link

Click HERE to Activate :)

Thanks,

websitename - Moderator"; $subject = "Confirm Registration"; $reg_user->send_mail($email,$message,$subject); $msg = "

× Success! We've sent an email to $email. Please click on the confirmation link in the email to create your account.

"; } else { echo "sorry , Query could no execute..."; } } } ?> Wizardpygal Tubes and Images

<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
<link href="assets/styles.css" rel="stylesheet" media="screen">
<script src="js/vendor/modernizr-2.6.2-respond-1.1.0.min.js"></script>

home
about
Contact us
Terms Of Use

	</div>
	
<div class="body">
<a href="index.html" class="logo"><img src="images/logo2.png" alt=""></a>
<p></p>
</div>

<?php if(isset($msg)) echo $msg; ?>

<form class="form-signin" method="post">
    <font size="+2"><p>Login</p></font>
	<input type="codenum" class="input-block-level" placeholder="Code Number" name="txtcodenum" required /><br>
    <input type="text" class="input-block-level" placeholder="Username" name="txtuname" required />
    <input type="email" class="input-block-level" placeholder="Email address" name="txtemail" required />
    <input type="password" class="input-block-level" placeholder="Password" name="txtpass" required />
 	<hr />
    <button class="btn btn-large btn-primary" type="submit" name="btn-signup">Sign Up</button>
    <a href="index.php" style="float:right;" class="btn btn-large">Sign In</a>
</form>
	
	

	
	
	</td>
</tr>

		<center>&copy; Copyright 2000 - 2016. websitenamel  All rights reserved. All images and contents are copyright by their respected owners.</center>
	
    <!-- </div> -->
	</td>
</tr>

Once again, I do apologize for any inconvenience and thank you for your help and positive criticism for they are greatly appreciated for without them, I cannot learn.

ErnieAlex · January 27, 2016, 9:04pm

Well, first above all else, when you post code on this site, please place it inside of the PHP tags! It saves a lot of
display space and also makes it 100% easier for us to copy it to our editors for reviewing and testing.

A few comments… First, you have a new member come to your site to register. Then, you query your DB to
see if they are in it and if they have a code number. You would first need to store the membership info into the
database. You do this in the first post you showed.

I think the logic of how this works is incorrect. The reason behind it is okay, but, the logic of how it flows is a bit
messy. First, giving out a code to allow membership is a small security issue as that can be hacked. Next, you
already have a list of members that you want to allow into the site, why do you not just keep that list in your
database and check it when someone registers? In Yahoo Groups, you can create a database of your members
and then use that to check against with your membership requests. That would be very secure as you would
already have a list of the only people who can join. No numbers sent out, no checking for them. It is very
easy to create a table of your membership list and then export it to a CSV file that can be updated to your
site’s database table. Then, just have the registration code check it when a new member requests membership.

In my opinion, this would be much more secure as you already have the list of members you want to let into
your site and really would be hard to crack. ( Since Yahoo Groups are email-based, you just have to verify the
email address during the registration process. Just my humble opinion…

JimL · January 27, 2016, 9:35pm

I agree, no need for this convoluted sign up process. Create a register form you can access only logged in as admin that allows you to create a user by submitting an email. The site then emails the user inviting them to the site with a “set password” link

WildFire2000 · January 27, 2016, 10:18pm

First, I want to apologize again on posting the codes instead of posting it in the php tag. As I said, I am totally new to this PHP and MySQL.

Second. I agree with ErnieAlex. This was my original intent but being a novice on this, I don’t know how to do this part.

I guess I have to do more research on how to mend the two together (Yahoo Group e-mail and MySQL database)

I have the list of my Yahoo Group E-mails export it to a CSV…

Thank you JimL and ErnieAlex for your feedback on this.

ErnieAlex · January 27, 2016, 10:31pm

The Yahoo part is easy: https://help.yahoo.com/kb/SLN2393.html

Installing this list into your database would be fairly simple. Depends on your hosting service. Most hosting site’s
control panel allow you to insert from a CSV file. Otherwise, you can just upload your csv file to your server and
then use the getcsv() to read it and upload to your database. I think the automated version is best. You could
create one page that allows you logged in as an ADMIN to upload your file and process it. One button…

Well, once you get further on, let us know if you have problems…

ErnieAlex · January 27, 2016, 10:40pm

After thinking about this process further, I think JimL’s idea is most likely the best for you. You can send an email
to each user asking them to become a member of your site. In that, you can use a link to your site’s hidden page
that handles the registration and use an encrypted code that links to their email address. That way, only users
you send emails to will be invited.

Either way will work for you. Just have to think out how you want to handle it and come back here when you
get stuck… Good luck!

WildFire2000 · January 27, 2016, 11:14pm

Thank you all for your reply, your help and comments.

  As for servers, this is my own server that I have setup at home using XAMPP because i wanted to learn to design webpages in HTML. That I manage to learn. 

   Now I want to go more in-depth in learning to code in PHP/HTML and MySQL so I decided to create something for my yahoo group members for them to have a website where they can create what ever they wanted with lots of public domain images, fonts, backgrounds, gradients that  I have and share it with them at no cost. 

   As for bandwidth, I have 950MB-Down/50MB-UP (unlimited) which is sufficient for my small group of elderly people.

    The Yahoo part:    I already have the list. I just now have to incorporate that into MySQL database and figure out for the register and database can:

A: database and e-mail list talk to each other
B: Be Verified
C: Allow members or Deny none-member.

Now if you guys can recommend where I can get a better “Login Registration with Email Verification, Forgot Password using PHP” code, then that too would be greatly appreciated because the one I have is simple but not the best. ;D

I will fry my brains in learning this… Failure is no excuse…

Thank you again.

ErnieAlex · January 28, 2016, 5:48pm

It sounds like you really want to learn everything! Good for you!

Now, PHP/HTML/MySQLi is all easy to use. You can learn it with the correct tools. First, it appears you have a
basic understanding of how to get started. Here is a site that might help you. I use it often when I forget how to
handle a function or process. I send many newbies to this site. I think it will help you. On the top, select PHP or
HTML, etc and then on the left side select the area you want to learn about. There are a lot of tutorials on many
different items you might find interesting.

http://www.w3schools.com/php/default.asp

On your A-B-C list, there are a lot of items involved in these processes. First, remember that a database is
a lot like a spreadsheet. There are “rows” of data and each row has “fields” across the row where you store
the real data into. So, before you start, you need to know what you want the site to do. Create a list of items
that you want to do on the site, a list of pages of what will be shown on the site, a list of data for your users
such as name, address, email, age, gender, status and any other item that you may need. You need to think
ahead and add all items you need now and as many as you might think up for the future. Things like verifying
users are all done using queries to your database. When a user comes to your site and logs in, they enter the
username or email address that identifies them and their password. You run a query to select all the info for
their user table info. Then, you verify that the password checks out. Once logged in, you flag them usually
using something like SESSION variables and that lets them into the other pages on your site. On the other
pages, you display whatever they are allowed to see. For instance, you as the ADMIN would see different items
than the other users see.

Well, get started and let us know when you get stuck. We are here to help you out! Good luck!

astonecipher · January 28, 2016, 8:19pm

PHP the Right Way