Email Verification/Validation - Error

Question

I think this post may appear to be as an "off" topic to others. But it'll be a great thank if you help me out with this.

I found some email verification code on the web. Somehow, I find it confusing at first but when I began to understand it and put it on my code. There's a error and I don't know how.

Problems:

The email verification code.
Proper syntax/use of the code.

Code:

  <?php

 if(isset($_POST['submit']))
    {
     $a = $_POST['username'];
     $b = $_POST['password'];
     $c = $_POST['firstname'];
     $d = $_POST['lastname'];
     $e = $_POST['month'];
     $f = $_POST['day'];
     $g = $_POST['year'];
     $h = $_POST['contact'];
     $i = $_POST['email'];
     $j = $_POST['confirm'];

     $code = md5(uniqid(rand()));

    include("dbconnect.php");
    $query = "SELECT * FROM `users`.`info` WHERE `username`='".$a."' AND `email_address`='".$i."'";
     $queryQuery=$con->query($query);

    $checker = mysqli_num_rows($queryQuery);


    if (($a && $b && $c && $d && $h && $i && $j) == "")
        {
         print "<script type=text/javascript>
        alert('All fields are required');
        </script>";
        }
    else
    {

    if ($checker == 0 && $b != $j)

        {

        print "<script type=text/javascript>
           alert('Password Mismatch');
        </script>";


        }

    else if($checker == 0)
        {

        //print $a,$b,$c,$d,$e,$f,$g,$h,$i;

                            $insertQuery="INSERT INTO `users`.`info` (`username`,`password`,`firstname`,`lastname`,`month`,`day`,`year`,`contact_number`,`email_address`,`confirm_code`) VALUES ('$a','$b','$c','$d','$e','$f','$g','$h','$i','$code')";
                            $insertQueryResult=$con->query($insertQuery);

                            if ($insertQueryResult)
                                {
                                    // send e-mail to ...
                                    $to=$i;

                                    // Your subject
                                    $subject="Your confirmation link here";

                                    // From
                                    $header="From Admins of Publisita.com";

                                    // Your message
                                    $message="Your Comfirmation link \r\n";
                                    $message.="Click on this link to activate your account \r\n";
                                    $message.="http://www.gmail.com/confirmation.php?passkey=$code";

                                    // send email
                                    $sentmail = mail($to,$subject,$message,$header);
                                }

                                    // if not found 
                            else 
                                {
                                    print "<script type=text/javascript>
                                            alert('Not found your email in our database')
                                            </script>";
                                }

                            // if your email succesfully sent
                            if($sentmail)
                            {
                                print "<scrpit type=text/javascript>
                                        alert('Your Confirmation link Has Been Sent To Your Email Address')
                                        </script>";
                            }

                            else 
                            {
                                print "<script type=text/javascript>
                                    alert('Cannot send Confirmation link to your e-mail address')
                                    </script>";
                            }

                            }





                        print "<script type=text/javascript>
                        alert('Successfully Registered');
                        </script>";

                        }

                        else
                            {
                            print "<script type=text/javascript>
                                    alert('Information are already been used');
                                </script>";
                            }

                    }
                }



        ?>

It'll be a great thing if someone helped me out

Beware with that code, it's not secure and can be used to inject SQL. E.g. what if the username is something like: ' ; DROP TABLE users; — Nicolas Defranoux, Apr 22 '14 at 17:40

score 2 · Answer 1 · edited May 23 '17 at 12:28

2

This line:

if (($a && $b && $c && $d && $h && $i && $j) == "")

is not valid syntax. If you want to make sure these values aren't empty you will need to check them individually (you also want to use or (||) since only one has to be empty for you to show your error. Your current code would require all of them to be empty):

if ($a == "" || $b == "" ....) // or if (empty($a) || empty($b) ....)

or come up with a more concise way to do this:

$fields = array($a, $b, $c, $d, $h, $i, $j);
if (count(array_filter($fields)) !== count($fields))

The code above takes all of the values to be checked an puts them into an array. It then calls array_filter() to remove any values that are false (an empty string is type juggled to be Boolean false). If the number of remaining elements doesn't equal the starting number of elements then one or more were empty and you need to show your error.

As pointed out by @NicolasDefranoux you are wide open to SQL injections. Make sure you close that hole before publishing your code.

edited May 23 '17 at 12:28

Community

1
1

answered Apr 22 '14 at 17:35

John Conde

217,595
99
455
496

Thanks for that advise. But does anybody know how to do the email verification? That's the part where I am confused the most. – user3437929 Apr 22 '14 at 18:07
Verification? Or validation? – John Conde Apr 22 '14 at 18:08
Verification. Where we can send some code to the email of the users. To verify their email address. – user3437929 Apr 22 '14 at 18:12
Just send the user an email and in that email put a link to a page on your website where they can enter a secret validation code (which is include din the email of course). If they complete that action you know their email is real and that user has access to it. – John Conde Apr 22 '14 at 18:13
That's the part that I know of. But can you please check my code for that matter? – user3437929 Apr 22 '14 at 18:15
For starters you are sending the user to gmail.com which is definitely not your website – John Conde Apr 22 '14 at 18:16
So. It'll be on our site right? But the rest of code was correct? – user3437929 Apr 22 '14 at 18:29

Email Verification/Validation - Error

1 Answers1