PHP Activation Page

Question

Quinncunx 0 Newbie Poster

12 Years Ago

Just a heads up this is a school project.

I have been tasked with building a login system for the "mock" company that we have been using on my college course for assignments ect.

I have built the regisration, login, logout, user management pages, however I cannot make the activation page work. The page is supposed to pass the users username and activation code from the URL into a form on the page which, when the activate button it clicked then alters a boolean value in the db.

However, when ever I click the activate button it shows the error message "You must enter a username" - this is an error message I have built in.

If anyone could show me where I am going wrong, I would be very appreciative.

The Code

<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
$username = $_SESSION['username'];
$userid = $_SESSION['userid'];


?>


<?php


    if ( $_POST['activatebtn']){
    $getuser = $_GET['user'];
    $getcode = $_GET['code'];
        if($getuser){
            if($getcode){
                require("./connect.php");
                $query= mysql_query("SELECT * FROM users WHERE username='$getuser'");
                $numrows = mysql_num_rows($query);
                    if ($numrows == 1){
                    $row = mysql_fetch_assoc($query);
                    $dbcode = $row['code'];
                    $dbactive = $row['active'];

                        if ($dbactive == 0){

                            if ($dbcode == $getcode){
                                mysql_query("UPDATE users SET activate='1' WHERE username='getusername'");
                                $query = mysql_query("UPDATE users SET activate='1' WHERE username='getusername' AND active ='1'");
                                $numrows = mysql_num_rows($query);
                                    if ($numrows == 1){
                                        $errormsg = "Your account has been activated.";
                                    }
                                    else
                                        $errormsg = "An error has occured. You have not been activated.";
                                        $getuser ='';
                                        $getcode ='';
                                }
                                else
                                $errormsg ="Your activation code is incorrect.";

                        }
                        else
                        $errormsg = "This account is already active.";
                    }
                    else
                        $errormsg = "The username was not found";


                        mysql_close();

                }
                else
                    $errormsg = "You must enter an activation code.";

            }
            else
                $errormsg = "You must enter a username."
    }
else
    $errormsg = "";
    echo "<form action ='./activate.php' method='post'>

<table>
<tr><td></td><td>$errormsg</td>


</tr>
<tr><td>Username:</td>
    <td><input type='text' name='user' value='$getuser' /></td>

</tr>
<tr><td>Code:</td>
    <td><input type='text' name='code' value='$getcode' /></td>

</tr>
</tr>
<tr><td><input type='Submit' name='activatebtn' value='Activate' /></td>

</tr>
</table></form>";


?>

At present the url being passed to the page would be localhost/twistdev/activate.php?user=Quinncunx&code=12345

I have removed all the html as I guessed it would not be affecting the script.

Thank you in advance for your time.

php

2 Contributors
1 Reply
214 Views
7 Minutes Discussion Span
Latest Post 12 Years Ago Latest Post by pritaeas

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 1 · 2012-04-13T11:51:46+00:00

pritaeas 2,194 ¯\_(ツ)_/¯

12 Years Ago

On line 15 and 16 you are using GET while you should've used POST