When a new user registered for the first time the account must verified. It can be done in different ways.
// REGISTER USER
if (isset($_POST['register_btn'])) {
// receive all input values from the form
$firstname = esc($_POST['firstname']);
$lastname = esc($_POST['lastname']);
$genders=esc($_POST["gender"]);
$username = esc($_POST['username']);
$email = esc($_POST['email']);
$password_1 = esc($_POST['password_1']);
$password_2 = esc($_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($firstname)) { array_push($errors, "Uhmm...You missed your First Name"); }
if (empty($lastname)) { array_push($errors, "Uhmm...You missed your Last Name"); }
if (empty($username)) { array_push($errors, "Uhmm...We gonna need your username"); }
if (empty($email)) { array_push($errors, "Oops.. Email is missing");}
if (empty($password_1)) { array_push($errors, "uh-oh you forgot the password"); }
if ($password_1 != $password_2) { array_push($errors, "The two passwords do not match");}
// Ensure that no user is registered twice.
// the email and usernames should be unique
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($conn, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "Email already exists");
}
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$vkey = md5(time().$username);
$cenvertedTime =date('Y-m-d', strtotime(' + 5 days'));
$query = "INSERT INTO users (firstname, lastname, gender, username, email, password, vkey, token_expire, created_at, updated_at)
VALUES('$firstname', '$lastname', '$genders', '$username', '$email', '$password', '$vkey', '$cenvertedTime', now(), now())";
$resultset = mysqli_query($conn, $query);
$inserted_id = mysqli_insert_id($conn);
$user_check = "SELECT token_expire FROM users WHERE id='$inserted_id' LIMIT 1";
$result = mysqli_query($conn, $user_check);
$date = mysqli_fetch_assoc($result);
$created_at = $date['token_expire'];
$created_at = date("F j, Y ", strtotime($created_at));
if($resultset){
$auto = date (Y);
$to=$email;
$sent_date = date("F j, Y ");
$subject='Please confirm your email address';
$message="
let's get thingis together, finally send then email
$message="include your custom body design/ I included message body in previous post";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: Do-Not-Reply noreply@g3techdesign.com'. "\r\n";
mail($to, $subject, $message, $headers);
$_SESSION['message'] = " Thank you for signing up in to our system. We have sent a verification email to the address you provide.
". $to . " is the email address you provide to us to activate your account.";
// redirect to public area
header('location: '. BASE_URL . 'thankyou.php?email=' . $email);
exit(0);
}
else {
$_SESSION['message'] = "Something want wrong.";
// redirect to public area
header('location: '. BASE_URL . 'signup.php');
exit(0);
}
}
}
Remove empty space from the form
// escape value from form
function esc(String $value)
{
// bring the global db connect object into function
global $conn;
$val = trim($value); // remove empty space sorrounding string
$val = mysqli_real_escape_string($conn, $value);
return $val;
}
Then when a user click on the link they have recieved the account will activate then they can able to login.
$errors = array();
if(isset($_GET['vkey'])){
$vkey = $_GET['vkey'];
$user_check = "SELECT verified,vkey, token_expire FROM users WHERE verified=0 AND vkey = '$vkey' LIMIT 1";
$result = mysqli_query($conn, $user_check);
$get_token = mysqli_fetch_assoc($result);
if($result->num_rows == 1){
$currentDateTime = date('Y-m-d H:i:s');
$token_date =$get_token['token_expire'];
if($currentDateTime < $token_date){
$sql = "UPDATE users SET verified=1 WHERE vkey='$vkey' LIMIT 1";
$results = mysqli_query($conn, $sql);
$_SESSION['message'] = " Your Acount has been verified. You may now login in to your Account.";
header('location: ' . BASE_URL . 'login.php');
exit(0);
}else{
array_push($errors, " Verification link has been expired. You may attempt to create your account again. The account you created was deleted automatically");
}
}else{
array_push($errors, " This Account is already verified or invalid. You may try to login now.");
}
}
that's.
By MEBRATU Tue, Jul 07, 2020 (4 years ago )
By GETACHEW Sat, Oct 09, 2021 (3 years ago )
By MICHAEL Fri, Aug 14, 2020 (4 years ago )