PHP Message Board Pt 4

PHP Message BoardIn part 4 of my PHP Message Board tutorial I show you how to create an account activation script.

In the previous video PHP Message Board pt 3, I created a user registration script. As an added security measure it sent an email with a link to this activation script. The new user will only be able to login if they click on that link.

At that point we check that the userid and 32 character key are the same. If they are we activate the account.

Like always the code follows the video.

Please note that it is better to copy the code below. Don’t try and copy the code from the video. If you get an error from copying the code below it can be easily fixed by finding and replacing backquotes ` with regular quotes ‘. This is a WordPress error. Every line of code has been tested and it works.

Leave any questions and comments below.

Code From the Video

<?php

include(‘header.html’);

?>

 

<body>

<div id=”header”><h2>Message Board</h2></div>

 

<div id=”login”>

<p>

<?php

echo ‘<h4>Welcome’;

 

if (isset($_SESSION[‘first_name’]))

{

echo “, {$_SESSION[‘first_name’]}!”;

}

 

echo ‘</h4>’;

 

if (isset($_SESSION[‘user_id’]) AND (substr($_SERVER[‘PHP_SELF’], -10) != ‘logout.php’))

{

echo ‘<a href=”logout.php”>Logout</a><br /> <a href=”change_password.php”>Change Password</a><br />’;

} else {

echo ‘<a href=”register.php”>Register</a><br /> <a href=”login.php”>Login to your account</a><br /> <a href=”forgot_password.php”>Forgot Password</a><br />’;

}

?>

</p>

</div>

 

<div id=”lypsum”>

 

<h1>Activate Account</h1>

 

<?php

 

// Validate $_GET[‘x’] and $_GET[‘y’].

 

if (isset($_GET[‘x’])) {

 

$x = (int) $_GET[‘x’];

 

} else {

 

$x = 0;

 

}

 

if (isset($_GET[‘y’])) {

 

$y = $_GET[‘y’];

 

} else {

 

$y = 0;

 

}

 

// If $x and $y aren’t correct, redirect the user.

 

if ( ($x > 0) && (strlen($y) == 32)) {

 

$query = “UPDATE users SET active=NULL WHERE (user_id=$x AND active='” . escape_data($y) . “‘) LIMIT 1”;

 

$result = mysql_query ($query) or trigger_error(“Query: $query\n<br />MySQL Error: ” . mysql_error());

 

 

 

// Print a customized message.

 

if (mysql_affected_rows() == 1) {

 

echo “<br><br><h3>Your account is now active. You may now log in.</h3>”;

 

} else {

 

echo ‘<br><br><p><font color=”red” size=”+1″>Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>’;

 

}

 

// mysql_close();

 

} else { // Redirect.

 

// Start defining the URL.

 

$url = ‘http://’ . $_SERVER[‘HTTP_HOST’] . dirname($_SERVER[‘PHP_SELF’]);

 

// Check for a trailing slash.

 

if ((substr($url, -1) == ‘/’) OR (substr($url, -1) == ‘\\’) ) {

 

$url = substr ($url, 0, -1); // Chop off the slash.

}

 

// Add the page.

$url .= ‘/index.php’;

 

//ob_end_clean(); // Delete the buffer.

 

header(“Location: $url”);

 

// exit(); // Quit the script.

 

} // End of main IF-ELSE.

?>

 

</div>

</body>

</html>

Leave a Reply

Your email address will not be published.

Google+