Tutorial
Registration With Activation!
Tutorial made by Thomas Verschoof from STVProductions.net
23 - 09 - 09.
There's NO object orientated programming in this script!
The email function will only work if you have an active email server on you localhost or if you test this script on a hosting service!
To begin this registration with activation script, you have got to setup a database.
if you have already done the tutorial "simple login script" from this website, you can edit
that database by adding 'activated' and 'activation_hash' to the end of the database, else you
could setup something like this in phpmyadmin:
database named "user-system":
create a table called "users":
`ID` - `FirstName` - `LastName` - `Username` - `Password` - `Email` - `activated` - `activation_hash`
this is NOT the query, this just shows what has to be in the database.
This is the query (if you have made the database "user-system" in phpmyadmin):
Code:
CREATE TABLE `users`(
ID INT(6) NOT NULL AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(254) NOT NULL,
lastname VARCHAR(254) NOT NULL,
username VARCHAR(254) NOT NULL,
password VARCHAR(32) NOT NULL,
email VARCHAR(254) NOT NULL,
activated INT(1) NOT NULL DEFAULT '0',
activation_hash VARCHAR(32) NOT NULL
);
First, we are going to set up an include page that has the database login credentials
Code:
<?php
// connect.inc.php
$dbhost = "localhost"; // 99% sure you don't need to change this one!
$dbuser = "youruser"; // Standard is root for localhost, could be different on hostingservices!
$dbpass = "yourpass"; // Whatever you have as password
$db = "user-system"; // The name of the database!
mysql_connect($dbhost,$dbuser,$dbpass) or die("Mysql error: " . mysql_error());
mysql_select_db($db) or die("Mysql error: " . mysql_error());
?>
That was the connect include script. So next is the Registration script!
Code:
<?php
// registration.php
// Include connect script
include("connect.inc.php");
// Creating What to do when someone Registrates:
if(isset($_POST['SubRegistration'])){
// Check if none of the fields are empty
if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['firstname']) || empty($_POST['lastname']) || empty($_POST['email'])){
$message = "You Forgot to fill in: <ul>";
// It may get a little bit big, but I think it's the most easy way of saying what's not filled in yet (without using jQuery, because with jQuery it would be like AJAX protocol. You wouldn't have to click on the submit button to check if the username exists etcetera and that would be easier for the one registrating)
if(empty($_POST['username'])){ $message .= "<li>a Username</li>"; }
if(empty($_POST['password'])){ $message .= "<li>a Password</li>"; }
if(empty($_POST['password2'])){ $message .= "<li>The Controle Password</li>"; }
if(empty($_POST['firstname'])){ $message .= "<li>Your Firstname</li>"; }
if(empty($_POST['lastname'])){ $message .= "<li>Your Lastname</li>"; }
if(empty($_POST['email'])){ $message .= "<li>Your Email Address</li>"; }
$message .= "</ul>";
// hence we are not going to build in a Email validation script with the ereg function this time, we are only checking if it's filled in and if the email already exists in the database!
}else{
// go further because all required fields are filled in
// Let's start by change the POST array to variables and checking the username!
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$email = mysql_real_escape_string($_POST['email']);
// Check the username!
$UsernameExist = mysql_query("SELECT username FROM users WHERE username='$username'");
if(mysql_num_rows($UsernameExist) == 1){
// Dont go further, the username exists!
$message = "The Username <q>$username</q> has already been used. Please choose another Username!";
}else{
// Go further by checking the email address
$EmailExist = mysql_query("SELECT email FROM users WHERE email='$email'");
if(mysql_num_rows($EmailExist) == 1){
// Dont go further, email address already in database
$message = "The Email Address <q>$email</q> has already been used. Please choose another Email Address!";
}else{
// Go Further by checking the passwords
if($password !== $password2){
// First checking if NOT identical
$message = "The Passwords dont match. Please fill in the password of choice twice!";
}else{
// Encrypt Password to md5 hash, using a "saltkey" to make it even more impossible to crack the hash!
$encrypt = md5($password . 'ThIsiSASAltKEy');
// setting up Activation Email hash and code. With the Hash below there's no way someone can have the exact same code by chance.
$hash = md5(rand(1,9999) * rand(1,9999) * rand(1,9999));
// Registrate the user!
$registrate = mysql_query("INSERT INTO users (firstname, lastname, username, password, email, activation_hash) VALUES ('$firstname', '$lastname', '$username', '$encrypt', '$email', '$hash')");
if($registrate){
// Set Up Email
$sendername = "Fill in your name";
$senderemail = "fillinyouremail@whatever.com";
$senderwebsite = "Fill in your website";
// the $to = the same as $email so I dont use $to in this script!
$subject = "Registration / Activation at $senderwebsite";
$body = "Thank you for your registration at $senderwebsite
This Email contains your Login credentials and the activation link!
-------------------------------------
Username: $username
Password: $password
-------------------------------------
Activation Link: http://linktoyourwebsite/activation.php?user=$email&hash=$hash
Hope to see you soon!
Kind regards,
$sendername";
$header = 'From: '.$sendername.' @ '.$senderwebsite.' <'.$senderemail.'>';
$mailer = mail($email, $subject, $body, $header);
if($mailer){
$message = "Registration process has been completed. An Email with your login credentials has been sent to $email";
}else{
$message = "Registration has occured, but no email has been sent. This could mean you are running this script on a localhost, or your Hosting Provider doesnt allow scripts to send emails. It could also mean something is wrong with the mailer script. But you may figure that out for yourself!";
} // End of Mailer
}else{
$message = "Registration has failed due to an unknown Error! Please contact the administrator!";
} // End of Registration
} // End of password Check
} // End of Email Check
} // End of username Check
mysql_close();
} // End of Empty Check
} // End of if post function
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Form</title>
</head>
<body>
<h3>Registration Form</h3>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
<table width="400px">
<tr>
<td align="right" width="200px">Username</td><td align="left" width="200px"><input type="text" name="username" /></td>
</tr>
<tr>
<td align="right">Password</td><td align="left"><input type="password" name="password" /></td>
</tr>
<tr>
<td align="right">Password (Checkup)</td><td align="left"><input type="password" name="password2" /></td>
</tr>
<tr>
<td align="right">Firstname</td><td align="left"><input type="text" name="firstname" /></td>
</tr>
<tr>
<td align="right">Lastname</td><td align="left"><input type="text" name="lastname" /></td>
</tr>
<tr>
<td align="right">Email Address (for activation)</td><td align="left"><input type="text" name="email" /></td>
</tr>
<tr>
<td></td><td><input type="submit" name="SubRegistration" value="Registrate your Account" /></td>
</tr>
</table>
</form>
<?php if($message){
echo "<h3>Message: </h3>";
echo "<p>$message</p>";
}
?>
</body>
</html>
!!!! READ: If the email function doesnt work because of a header problem, it's because the site doesnt let me post backslash n or backslash r, it removes the backslashes. Contact me if you have this problem!
I must say, I haven't tested the above script. I Just made it up out of scratch so I hope it works. Let's continue by creating the activation email.
Code:
<?php // activation.php
include("connect.inc.php");
if(!empty($_GET['user']) && !empty($_GET['hash'])){
$email = $_GET['user'];
$hash = $_GET['hash'];
// begin Checking if they exist
$check = mysql_query("SELECT * FROM users WHERE email='$email' AND activation_hash='$hash' AND activated='0'");
if(mysql_num_rows($check)==1){
// Go Activate the account
$update = mysql_query("UPDATE users SET activated='1' WHERE email='$email' AND activation_hash='$hash'");
if($update){
$message = "Your account has been activated. You can login (if you create a loginpanel for this script!)";
}else{
$message = "Activation has failed due to an unknown Error";
}
}else{
$message = "Or The user doesnt exists, or you have already activated your account!";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Activation of account</title>
</head>
<body>
<?php echo $message; ?>
</body>
</html>
That's all, It Works the way I have scripted it cause I tested it on the recommendings of the Admin (yeah, I made a few mistakes, I forgot a ; and I wrote users instead of user somewhere! but now it works ;) )
| « Previous | Next » |
Comments
Flamer - 2009-07-28
nice nice!
You have to be logged in to write a comment.
