Resend Activation Code Help

Anyone able to tell me why this isn’t working? I just can’t see the problem.

The code below updates the database with a new activation code.
Then an email is sent with the correct email address and the new activation code included.

The email redirects you to the activate.php page as it should. It finds no errors. And then it tells you that you have successfully registered.

What it doesn’t do:
However, it never actually updates the database so that active = 1. Active remains 0.

The activate page works properly if the original activation email is used, but the resend activation email’s link doesn’t get updated to the database as active. Here’s the code:

Recover, Update_User, and Activate functions:

[php]
function recover($mode, $email) {
$mode = sanitize($mode);
$email = sanitize($email);

    $user_data = user_data(user_id_from_email($email), 'user_id', 'first_name', 'username');
    
    if ($mode == 'username') {
        email($email, 'Your username', "Hello " . $user_data['first_name'] . ",\n\nYour username is: " . $user_data['username'] . "\n\n~ The VE Team");
    } else if ($mode == 'password') {
        $generated_password = substr(md5(rand(999, 999999)), 0, 8);
        change_password($user_data['user_id'], $generated_password);
        
        update_user($user_data['user_id'], array('password_recover' => '1'));
                
        email($email, 'Your password', "Hello " . $user_data['first_name'] . ",\n\nYour new password is: " . $generated_password . "\n\n~ The VE Team");
    } else if ($mode == 'activation') {
        $generated_activation = substr(md5(rand(999, 999999)), 0, 32);
        change_activation($user_data['user_id'], $generated_activation);
        email($email, 'Your new Activation Code', "Hello " . $user_data['first_name'] . ", \n\nThank you for joining the Valkyrie's Embrace Home Page. Your account is currently inactive. \n Please click or copy/paste the link below in order to activate your account.\n\nhttp://valkyries.usa.cc/activate.php?email=" . $_POST['email'] . "&email_code=" . $generated_activation . "\n\n~ The VE Team :)");
    }
}
    function update_user($user_id, $update_data) {
        $update = array();
    array_walk($update_data, 'array_sanitize');
    foreach($update_data as $field=>$data) {
        $update[] = '`' . $field . '` = \'' . $data . '\'';
    }
    mysql_query("UPDATE `users` SET " . implode(', ', $update) . " WHERE `user_id` = $user_id");
}
function activate($user_id, $email, $email_code) {
    $user_id         = (int)$user_id;
    $email            = mysql_real_escape_string($email);
    $email_code        = mysql_real_escape_string($email_code);
    
    if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
        mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'");
        return true;
    } else {
        return false;
    }
}

[/php]

Activate.php:

[php]

<?php include 'core/init.php'; logged_in_redirect(); include 'includes/overall/header.php'; if (isset($_GET['success']) === true && empty($_GET['success']) === true) { ?>

<h2> Thanks, we've activated your account... </h2>
<p> You may now log in.</p>
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
        $email            = trim($_GET['email']);
        $email_code        = trim($_GET['email_code']);
        
        if (email_exists($email) === false) {
            $errors[] = 'Oops, something went wrong and we couldn\'t find that email address!';
        } else if (activate($user_id, $email, $email_code) === false) {
            $error[] = 'We had problems activating your account.';
        }
        if (empty($errors) === false) {
        ?>
        <h2>Oops...</h2>
        <?php
            echo output_errors($errors);
            } else {
                update_user($user_data['user_id'], array('active' => '1'));
                $URL="activate.php?success";
                echo '<META HTTP-EQUIV="refresh" content="0;URL=' . $URL . '">';
                exit();
        }
    
        } else {
        $URL="index.php";
        echo '<META HTTP-EQUIV="refresh" content="0;URL=' . $URL . '">';
        exit();
}
include 'includes/overall/footer.php'; ?>

[/php]

Any ideas? I’m stumped. The ONLY thing it isn’t doing right is the “update_user($user_data[‘user_id’], array(‘active’ => ‘1’));” it works for the primary registration link, but not for the resend activation link. sigh

I see a couple of things in the second block, but generally, functions need to go above where its being called from. Also, probably need to check to see what the input looks like, echo out the foreach result for $update[]. Verify that $user_data contains the necessary data.

UPDATE Queries should also end in a semi-colon ( or they will be stubborn and refuse to go through.

I feel very dumb right now. I’d never even seen PHP or CSS before a week ago and I’m afraid my education is sorely lacking although I’m watching tutorials and trying my best to learn.

I don’t understand how to fix either problem. I’m not sure where the update query is that is missing it’s semi-colon… I’m looking but I don’t see it lol

And I haven’t the first clue how to do what you suggested richei I did this along with a tutorial so it’s kind of at that stage for me where I kinda sorta see how this works and how that does that… but as for knowing how to properly re-situate the code around like that… I’m lost. I’m afraid I’ll break it worse lol

I mean… I added the else if for the ‘activation’ link part myself, just sort of copy-catting what was already done with the password recover section… and a few things like that, mostly just copying almost exactly what was already done and changing the names to suit what I’m trying to accomplish, if that makes sense.

Don’t take me wrong, but if you don’t know how to do an echo, that’s not the script to start out with. When you’re trying to do this kind of stuff, you need to have a good understanding of what’s going on, so you can troubleshoot it. Right now, i’ll just stick to the update functions since that seems to be an issue.
[php]
function update_user($user_id, $update_data) {
$update = array();
array_walk($update_data, ‘array_sanitize’);
foreach($update_data as $field=>$data) {
$update[] = ’' . $field . ' = ‘’ . $data . ‘’’;
}
mysql_query(“UPDATE users SET " . implode(’, ', $update) . " WHERE user_id = $user_id”);
}[/php]

$update = array(); - tells php that whatever $update contains will be an array. you don’t have to predefine it, but its a good idea to do it.
array_walk($update_data, ‘array_sanitize’); applies the array_sanitize function to whatever was passed along in $update_data

The foreach loop builds the query. Basically, it builds a out the list of fields of what needs to be updated so the query doesn’t take a lot of time and it updates the right stuff without having to do a lot of if…elseif statements to cover each possibility. The implode() in the query takes what’s in the update variable and combines it, so instead of having
update[] = name => rich
update[] = activate => 1
update[] = sex => male

you end up with name = ‘rich’, activate = 1, sex = ‘male’

I hope that helps out a little

You can always look up the functions at php.net or w3school. I spend a lot of time at both sites

What I’m not understanding is why does it work properly when done from one link, but not properly when done from another link that sends it to the same page, using the same code.

register.php — sends activation email with code:

http://valkyries.usa.cc/[email protected]&email_code=64aced5f103cacb165c2685cb42ea67d

Clicking that link… activate.php gives success message and updates active from 0 to 1.

using recover.php – changes the email code and sends activation email:

http://valkyries.usa.cc/[email protected]&email_code=6e0c70eb286d5c3257d456d353ec9aa7

Clicking that link… activate.php gives success message but does not update active from 0 to 1.

What I’m confused about mostly is why it works in one instance but not the other since it’s using the same update user function. If the function was wrong shouldn’t it not work for both links?

And yes I realize this is so over my head. I didn’t realize how advanced this was when I started trying to make it lol I’ve also been spending tonnnns of time at php.net and w3school

I think you’re overly complicating things personally, but its your script It looks like you need to verify that the information is being passed to the function. try
[php]
function update_user($user_id, $update_data) {
$update = array();
array_walk($update_data, ‘array_sanitize’);

echo “

”;

print_r($update_data);

echo “

”;

foreach($update_data as $field=>$data) {
$update[] = ’' . $field . ' = ‘’ . $data . ‘’’;
}
mysql_query(“UPDATE users SET " . implode(’, ', $update) . " WHERE user_id = $user_id”);
}[/php]

If should give you something like
Array (
[0] => activate
Array (
[0] => 1
)
}

If it contains activate and 1, then the information is being passed

It says:

Array
(
[active] => 1
)

However… active remains 0

I believe I have figured out what it is doing.

On the regular registration it goes through these steps:

1. Create the database entry for the new user and enter in all of the provided registration data.

2. Generate an ‘email_code’ and store it in the database.
   For our example we’ll say this is the code it generates: a8c76f51b5aea705e864dce54d9c0b5b

3. Trigger the following code which will email the user:

email ($register_data['email'], 'Activate your account', "Hello " . $register_data['first_name'] . ", \n\nThank you for joining the Valkyrie's Embrace Home Page. Your account is currently inactive. \n Please click or copy/paste the link below in order to activate your account.\n\nhttp://valkyries.usa.cc/activate.php?email=" . $register_data['email'] . "&email_code=" . $register_data['email_code'] . "\n\n~ The VE Team :)");

The user then gets an email with a link that looks like:

http://valkyries.usa.cc/[email protected]&email_code=a8c76f51b5aea705e864dce54d9c0b5b

The user clicks the email and is sent to activate.php
Activate.php checks first if the email is correct:
Database entry for email: [email protected]
email used in the link: [email protected]
They match. Return true. Check.

Activate.php then checks the email code to see if it is correct:
Database entry for email_code: a8c76f51b5aea705e864dce54d9c0b5b
email code in the link: a8c76f51b5aea705e864dce54d9c0b5b
They match. Return true. Check.

Now since both are true, set active to 1.
Done. User is registered and can now log in.

Okay so now say we’ve registered but we never got our activation code. So we do the resend activation code.

So now it goes through the same process.

1. Generate a new activation code and update the database with the new code.
   For our example we’ll say that the new ‘email_code’ is: 9554db6349a84d961064dfe685b8cde5

This is the code that enacts this step:
[php]} else if ($mode == ‘activation’) {
$generated_activation = substr(md5(rand(999, 999999)), 0, 32);
change_activation($user_data[‘user_id’], $generated_activation);[/php]

2. Trigger the following code which will email the user with his/her new link:

email($email, 'Your new Activation Code', "Hello " . $user_data['first_name'] . ", \n\nThank you for joining the Valkyrie's Embrace Home Page. Your account is currently inactive.  \n Please click or copy/paste the link below in order to activate your account.\n\nhttp://valkyries.usa.cc/activate.php?email=" . $_POST['email'] . "&email_code=" . $generated_activation . "\n\n~ The VE Team :)");

The user then gets an email with a link that looks like:

http://valkyries.usa.cc/[email protected]&email_code=434ca19f1094d7369ff239aebe0c9f3e

The user clicks the email and is sent to activate.php
Again, Activate.php checks first if the email is correct:
Database entry for email: [email protected]
email used in the link: [email protected]
They match. Return true.

Activate.php then checks the email code to see if it is correct:
The new database entry for email_code: 9554db6349a84d961064dfe685b8cde5
email code in the link: 434ca19f1094d7369ff239aebe0c9f3e
They do not match. Return false.

Just a note here: the codes and links above are from an actual test comparison I did between the working initial register and the not working resend activation code, comparing the values step by step in a successful activation and an unsuccessful resend activation so this is actually exactly what’s happening.

Now… I believe this is happening because of this line in the email code:

.\n\nhttp://valkyries.usa.cc/activate.php?email=" . $_POST['email'] . "&email_code=" . $generated_activation .

I believe that the call to $generated_activation is actually generating a new code in the email link itself, rather than using the code that was generated and updated to the database.

I expected that this could be fixed simply by doing this:

\n\nhttp://valkyries.usa.cc/activate.php?email=" . $_POST['email'] . "&email_code=" . $user_data['email_code'] . "

However for some reason the email that this returns is:

http://valkyries.usa.cc/[email protected]&email_code=
With no email code at all.

I’m guessing that this is because the user is not logged in, therefore it cannot pull their user_data but I don’t know how to fix it.

Then again I could be totally off-base here too, but that’s what’s happening. It can’t activate because the code sent doesn’t match the code that is stored in the database and the codes must match in order for active to be updated from 0 to 1.

Rather than calling the information

I'm guessing that this is because the user is not logged in, therefore it cannot pull their user_data but I don't know how to fix it. :P

Actually that can’t be right because in both emails

" . $user_data['first_name'] . "

is called and that works in both. So there goes my theory