Okay guys, I need a little help - I have a php based website that I am building and I have the user membership / registration working. Meaning when someone registers it inserts the email, name, and password (md5) into the database, along with the randomly generated activation code that I have the registration script cook up. Now, They receive the e-mail and click the link for activation. I need to be able to when they click the link to activate the account have them type in their e-mail and/or activation code from the e-mail and then have the database update the table 'confirm_activation' to 1 instead of 0 this should allow the user's to actually get to the dashboard and use the site. I have everything working up until the point of the confirm_activation being able to switch from 0 to 1 upon successful activation. I am using mysqli as my DB connection. Here is the code: register-auth.php <?php require 'connection.php'; $chars = array("1","2","3","4","5","6","7","8","9"); $length = 6; $textstr = " "; for ($i=0; $i<$length; $i++) { $textstr .= $chars[rand(0, count($chars)-1)]; } if(count($_POST) !== 3) { echo 'Please fill all the fields.'; } if (!($stmt = $link->prepare("INSERT INTO users (name, email, password, activation) VALUES (?, ?, ?, ?)"))) { echo "Prepare failed: (" . $link->errno . ") " . $link->error; } $stmt->bind_param("sssi", $_POST['fullName'], $_POST['email'], md5($_POST['password']), $textstr); if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; } echo "Activation Email Sent."; $mail_to= $_POST['email']; $mail_subject="Email Activation - ISE"; $mail_body.="This email will activate your account with ISE.<br>\r\n"; $mail_body.="Your Activation Code is: $textstr <br> \r\n"; $mail_body.="Click the following link to activate now.<br> \r\n"; $mail_body.="<a href='http://steelcitydevstudios.com/dev/ise/activation-form.php?username=$username&activation=$textstr'>Click Here</a>"; $sent = mail($mail_to,$mail_subject,$mail_body, 'MIME-Version: 1.0' . "\r\n" . 'Content-type: text/html; charset=UTF-8' . "\r\n" . 'From: ise@steelcitydevstudios.com' . "\r\n" . 'Reply-To: ise@steelcitydevstudios.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion()); //} else { // echo "Failed to send activation code, please contact support."; //} ?> PHP: acivation-form.php <?php include_once('functions.php'); displayHeader('Activation'); ?> <div class="row register"> <div class="col-md-7"> <div class="reg-box"> <form class="register" name="reg-form" method="post" action="check-activation-script.php"> <div id="reg-logo"> <p class="reg">Finish Activation</p> <img class="login-logo" src="/dev/ise/images/logo.png" alt="Information Security Education" width="296px" height="62px"> </div> <hr> <label class="login">Email:</label> <input type="text" name="email" id="email" placeholder="" required autocomplete="off" > <label class="login">Activation Code:</label> <input type="text" name="activation_code" id="activation_code" placeholder="" required autocomplete="off" > <input type="submit" id="continue" value="Activate"> </form> <hr class="registerbox-btm"> <p>Already have an account? <a href="login.php">Login</a></p> </div> </div> <div class="col-md-5"> <h1 class="register">Welcome To ISE!</h1> <h2 class="register-content">Here you’ll find the most advanced, efficient and fun employee training portal online!</h2> <br> <h1 class="register"> Scheduling, Training, Communication</h1> <h2 class="register-content">Use our dashboard and communication portal to establish training sessions for your employee’s or set your training times and collaborate ith your employer.</h2> <br> <h1 class="register">Train, Quiz, Get Certified!</h1> <h2 class="register-content">View our premium training videos, while answering our test questions as a popup inside the video! Get a passing mark and receive a ISE certification!</h2> </div> </div> <?php displayFooter(); ?> PHP: check-activation.php <?php require 'connection.php'; $email = $_POST['email']; $activation_code = $_POST['activation_code']; //$command = "UPDATE users SET check_activation='1' WHERE email='$email' AND activation='$activation_code'"; if (!($stmt = $link->prepare("UPDATE users SET check_verification VALUE (?) WHERE email='$email' AND activation='$activation'"))); $stmt->bind_param('i', $activation_status); $activation_status = 1; $stmt->execute(); $result = mysql_query($command); if ($result) { echo "Congratulations, Your account has been successfully activated! You may now begin using our site."; } else { echo "Youve entered an invalid activation code / email. - Please try again."; } ?> PHP: database table (users) CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `name` varchar(255) COLLATE utf8_unicode_ci NOT NULL COMMENT 'user''s name', `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL COMMENT 'will be case-sensitive', `active` enum('N','Y') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'N' COMMENT 'is this user active?', `deleted` enum('N','Y') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'N' COMMENT 'is the user deleted?', `is_god` enum('N','Y') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'N', `accountType` int(11) NOT NULL COMMENT '0=Employee, 1=Company, 2=Site_Admin', `activation` int(6) NOT NULL DEFAULT '0', `check_activation` int(6) NOT NULL DEFAULT '0', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci COMMENT='The backend users' AUTO_INCREMENT=16 ; Code (SQL): the url is http://steelcitydevstudios.com/dev/ise/register.php
Why are you using enum('N','Y') on the active and deleted columns? Why not just use tinyint (boolean) 1/0? Second, if you have sent a user a link, then all you need to do is use that link - there's no reason for the user to fill out even more forms? Send the user a link containing the user's email, and the unique activation code, something like this: http://www.example.com?page=activate&email=something@example.com&activationcode=asbd4w798347sase Then you check if that activation code matches the one in the DB for the user with that email-address, and if it does, you flip the value to 1.