PHP Code:
<?php
if($_POST['task'] != "")
{
$task = $_POST['task'];
$username = $_POST['user'];
$password = $_POST['pass'];
$email = $_POST['email'];
}
else
{
$validationCode = $_GET['v'];
}
if($email == "")
{
$email = $_GET['emailToVerify'];
}
/*----------------------------------------------------------------------------------------------*/
//CHANGE THE INFORMATION BELOW
$service = ""; //the address of the sql server (MySQL Hostname)
$serviceUsername= ""; //the username to log in to the server (MySQL Username)
$servicePassword = ""; //the password to log into the server
$database = ""; //the name of the database to connect to
$table = ""; //the name of the table you created
$code = "Secret Code $email more Secret Code"; //code for the validation code to be hashed from (make sure $email is in there somewhere!)
$hash = "secretsalt"; //adds to the password before hashing
//continue filling in these variables, but the ones below this point are not really important.
$yourEmail = "noreply@yoursite.com"; //the email you want to display in the 'From:' part of the email for the validation code
$gameName = "Awesome Top-Down Shooter"; //the name of the game this is for (shows up in the subject of the email)
$nameToDisplay = "The $gameName Team"; //the name you want at the end of the email
$pageLocation = "d"; //the location of this page
//stop changing stuff
/* --------------------------------------------------------------------------------------------- */
//Do not change anything below this point except the echos if you want
/*ONLY CHANGE THE ECHOS IF YOU REALLY THINK YOU NEED TO! Sometimes, an incorrect echo can make the whole script fail.
eg. echo 'this won't work'; because it has the ' in the middle. Instead, do echo "this won't work"; */
//this function tests to see if domain of the email allows email --- at the same time it tests to see if the email is even formatted properly
function checkEmail($emailToCheck) {
$emailToCheck = trim($emailToCheck);
list($emailUsername,$domain)= explode('@',$emailToCheck);
if(!checkdnsrr($domain,'MX')) {
return false;
}
return true;
}
//connect to the msql server
mysql_connect($service,$serviceUsername,$servicePassword);
//select the database, and if it fails give the error
mysql_select_db($database) or die("Unable to select database");
$username = mysql_real_escape_string($username);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
//if the task is to log in
if($task == "login")
{
//select all the users with the posted name from the table
$query1 = mysql_query("SELECT * FROM $table WHERE name='$username'");
//set the result to the number of rows
$result = mysql_num_rows($query1);
//if there aren't any rows with the username, then the username hasn't been created
if($result == 0)
{
echo 'Error! The username you specified does not exist!';
}
else //if there is one row (or more which will never happen because the account won't be made)
{
$row = mysql_fetch_array($query1); //get the row
$password2 = $row['password']; //get the password from that row
$passwordHashed = substr(sha1($hash.$password), 0, 40);
if ($passwordHashed == $password2) //if the posted password and the database password match
{
if($row['validated'] == 1) //if the account has been verified
{
echo 'successful'; //success
}
else if($row['validated'] == 0) //if the account hasn't been verified
{
echo "Error! Account not validated!";
/* you can use time() to compare to see how long it's been since the user has registered:
if(time()-strtotime($row['creationtime']) => (2*60*60*24))
{
mysql_query("DELETE FROM $table WHERE name = '$username'");
}
*/
}
else //if the account is disabled
{
echo "Your account has been disabled";
}
}
else //if they don't match
{
echo "Error! Incorrect password!"; //error
}
}
}
//if the task is to create an account
else if($task == "register")
{
$result2 = mysql_num_rows(mysql_query("SELECT * FROM $table WHERE name='$username'")); //count the number of rows with the posted username
if($result2 > 0) //if there are more than 0 rows with that username, then the name has been taken
{
echo "Error! Name Taken";
}
else //else the name has not been taken
{
$result3 = mysql_num_rows(mysql_query("SELECT * FROM $table WHERE email='$email'")); //get the number of rows with the posted email
if($result3 > 0) //if there are more than 0 rows with the email, then the email has been used already
{
echo "Error! Email already been used";
}
else //else its a new email
{
if(checkEmail($email))//checks to see if the email is a real email (to a point)
{
$hashedPassword = sha1($hash.$password); //hashes the password
mysql_query("INSERT INTO $table (name, password, email, validated, creationdate) VALUES ('$username', '$hashedPassword', '$email', 0, CURRENT_TIMESTAMP)"); //insert the new user
echo 'Success -- please validate your email'; //success!
$good = substr(md5($code),8,5);//hashes the code and takes part of it
$bad = substr(md5($code),1,7);//hashes the code and takes a different part
mail($email, "Verify your account for $gameName",
"Please click the following URL to verify your email for ".$gameName.":\n\n".
$pageLocation."?v=".$good."&emailToVerify=".$email."\n\n"."Your username is as shown below:"."\n\n".
"Username: ".$username."\n\n".
"Thanks Again!"."\n".$nameToDisplay."\n\n If you received this email by mistake, you can deactivate the account by clicking the link below: \n"
.$pageLocation."?v=".$bad."&emailToVerify=".$email, "From: ".$yourEmail);//sends an email with the verification code
}
else
{
echo 'Error! Email not valid'; //the email isn't valid so display an error
}
}
}
}
else if($validationCode != "") //if the validation code is received
{
$good = substr(md5($code),8,5);//get what the code should be
$bad = substr(md5($code),1,7);//get what the deactivation code should be
if ($validationCode == $good) //if they match
{
mysql_query("UPDATE $table SET validated=1 WHERE email='$email'"); //set the account to verified
echo "Your account has been verified."; //success display
}
else if($validationCode == $bad) //if the account has been deactivated
{
mysql_query("UPDATE $table SET validated=-1 WHERE email='$email'"); //set the account to verified
echo "The account has been deactivated."; //success display
}
else //if neither
{
echo "Invalid verification code! $good =/= $validationCode"; //fail
}
}
else if($task == "resend") //if the task is to resend the information
{
$queryInfo = mysql_query("SELECT * FROM $table WHERE email='$email'");//get the row with the same email
if(mysql_numrows($queryInfo) > 0)
{
$row = mysql_fetch_array($queryInfo);//get the columns
$username = $row['name'];//get the username
for ($i=0; $i<6; $i++)
{
$d=rand(1,30)%2;
$password = $password.($d ? chr(rand(65,90)) : chr(rand(48,57)));
}
$hashedPassword = sha1($hash.$password); //hash the new password
mysql_query("UPDATE $table SET password = '$hashedPassword' WHERE email='$email'"); //change the password in the database
$bad = substr(md5($code),1,7); //get the bad code in case the email was incorrect so the receiver can deactivate the other person's account
mail($email, "Account information for $gameName",
"Your information is as shown below:"."\n\n".
"Username: ".$username."\n"."Password: ".$password."\n\n".
"Thanks Again!"."\n".$nameToDisplay."\n\n If you received this email by mistake, you can deactivate the account by clicking the link below: \n"
.$pageLocation."?v=".$bad."&emailToVerify=".$email, "From: ".$yourEmail);
echo "Your information has been sent to your email";
}
else
{
echo "Error! No user with that email";
}
}
else if($task == "update") //if the task is to change the user's data
{
$queryForChange = mysql_query("SELECT * FROM $table WHERE name='$username'");
$rows = mysql_fetch_array($queryForChange);
$password = sha1($hash.$password); //rehash it
if($password != $rows['password'] && $password != "") //if the password is different
{
mysql_query("UPDATE $table SET password = '$password' WHERE name='$username'");//update the password
$passwordHasBeenSet = true;
}
if($email != $rows['email'] && $email != "")//if the email is different
{
mysql_query("UPDATE $table SET email = '$email' WHERE name='$username'");//update the email
if($passwordHasBeenSet) //if the password has been updated too
{
echo 'Both the password and email have been changed';
}
else //if it hasn't
{
echo 'The email has been changed';
}
}
else if($passwordHasBeenSet) //if the password was set but the email wasn't
{
echo 'The password has been changed';
}
else // nothing changed
{
echo 'Nothing has been changed!';
}
}
else if($task == "delete") // if the taske is to delete
{
mysql_query("DELETE FROM $table WHERE name = '$username'"); // delete that user
echo "Your account has been deleted";//echo the success
}
?>
I edited the right part but this doesnt seem to work with my mail server. I foreworded port 25 but it still doesnt work. 
Reply With Quote
Originally Posted by danworth
