I am trying to implement an invitation only registration system for a small business website.Where the administrator can type in an employee's personal email and have a verification code sent to him/her.
When the employee clicks on the link in the email he will be redirected to the registration page. (used switch to determine what shows)
The thing is I made the registration page earlier on and I am having trouble implementing it to this invitation code. The invitation code uses "echo" to display text while the original registration page has a form within a table created using php, html, and css. My question is how can I modify the code so that they are compatible.
Please see below for the code:
INVITE.php
mysql_select_db($database_connSQL, $connSQL);
$query_RecInvite = "SELECT * FROM invite_codes";
$RecInvite = mysql_query($query_RecInvite, $connSQL) or die(mysql_error());
$row_RecInvite = mysql_fetch_assoc($RecInvite);
$totalRows_RecInvite = mysql_num_rows($RecInvite);
/*
This script assumes you already have a database setup, with a connection string in place.
First, we'll need to create our table...
Copy/paste the following SQL code into the database you'll be using.
CREATE TABLE `invite_codes` (
`id` int(11) NOT NULL auto_increment,
`invite_code` varchar(35) NOT NULL default '',
`time_stored` int(11) NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
*/
function genRandomString($length) {
$chars = "0123456789abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$string .= $chars[mt_rand(0, strlen($chars))];
}
return $string;
}
function clean($str) {
$value = mysql_escape_string(stripslashes(htmlspecialchars($str)));
return $value;
}
function sendEmail($mailto,$mailsubject,$mailcontent,$mailfrom) {
if($mailto == '' || $mailsubject == '' || $mailcontent == '' || $mailfrom == '') {
return false;
} else {
$headers = 'From: '.$mailfrom."\r\n".
'Reply-To: '.$mailfrom."\r\n" .
'X-Mailer: PHP/'.phpversion();
if(mail($mailto, $mailsubject, $mailcontent, $headers)) {
return true;
} else {
return false;
}
}
}
function checkEmail($email) {
if(!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { return false; }
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for($i = 0; $i < sizeof($local_array); $i++) {
if(!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if(!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) { return false; }
for($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
(empty($_GET['go']))?($go = 'home'):($go = $_GET['go']);
switch($go) {
case 'home':
echo 'This is an invite code example..<br />Generate a new invite code:<br />
<form action="?go=generate" method="post">
<input name="submit" type="submit" value="Generate" />
</form>';
break;
case 'generate':
$invite_code = genRandomString(25); // genRandomString( INT )
echo 'This is a random invite code: <b>'.$invite_code.'</b><br />Let's go ahead and toss this into our database...';
if(mysql_query("INSERT INTO invite_codes (id,invite_code,time_stored) VALUES ('','".$invite_code."','".mktime()."')")) {
echo '<br />Insertion successful<br /><br />Use code to invite a friend:<br />';
echo '<p><form action="?go=invite" method="post">
<input type="text" name="email" id="email" value="" />
<input type="hidden" name="code" id="code" value="'.$invite_code.'" />
<input name="submit" type="submit" value="Invite" />
</form></p>';
} else { echo 'Whoops! Something went horribly wrong, and we couldn't store the code :('; }
break;
case 'invite':
if(!empty($_POST['email'])) {
if(checkEmail($_POST['email'])) {
$thisDomain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$mailcont = "Someone has invited you to an invite only website!\nYour invite code is: ".$_POST['code'].".\n\nYou can use it at http://www.".$thisDomain."/newTATCS/login/invite.php?go=register&hash=".$_POST['code'];
if(sendEmail($_POST['email'],'You have been invited!',$mailcont,'noreply@'.$thisDomain)) {
echo 'Your invite was dispatched to '.$_POST['email'].'<br /><br />Go back <a href="?go=home">home</a>';
} else { echo 'Whoops! Something went horribly wrong, and we couldn't send the email :('; }
} else { 'Whoops! Looks like the email address you selected is invalid :('; }
} else { 'Whoops! It looks like you didn't actually add an email address...'; }
break;
case 'register':
if(!empty($_POST['code'])) {
$code = clean($_POST['code']); // Because SQL injections are annoying :)
$query = mysql_query("SELECT id FROM invite_codes WHERE invite_code = '".$code."'");
if(mysql_num_rows($query) == 1) {
$fetch = mysql_fetch_object($query);
echo 'Congratulations, the invite code was found!<br />We're going to remove it from the database now...';
if(mysql_query("DELETE FROM invite_codes WHERE id = '".$fetch->id."'")) {
echo '<br />Code removed!';
} else { echo 'Whoops! Something went horribly wrong, and we couldn't remove the code :('; }
} else { echo 'Sorry, that code is invalid.'; }
} else {
echo 'This website is closed to the public. You will need an invite code to continue registration.
<p><form action="?go=register" method="post">
<input type="text" name="code" id="code" value="'.$_GET['hash'].'" />
<input name="submit" type="submit" value="Check" />
</form></p>';
}
break;
}
?>
REGISTER.php
<form id="register" name="register" method="POST" action="<?php echo $editFormAction; ?><?php echo $loginFormAction; ?>">
<div class="leftRegister">
<table width="278" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="278">Saultation<br />
<select name="salutation" id="salutation">
<option selected="selected">Mr.</option>
<option>Mrs.</option>
<option>Ms.</option>
<option>Dr.</option>
<option>Prof.</option>
</select></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><table width="278" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="138">Name<br /></td>
<td width="140"> </td>
</tr>
<tr>
<td valign="top"><span id="sprytextfield1">
<input name="firstname" class="regFirstname" type="text" id="firstname" />
<br />
<span class="textfieldRequiredMsg">Enter your First name .</span></span></td>
<td width="140" valign="top"><span id="sprytextfield2">
<input type="text" class="regLastname" name="lastname" id="lastname" />
<br />
<span class="textfieldRequiredMsg">Enter your Last name.</span></span></td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Personal Email<br />
<span id="sprytextfield9">
<input type="text" name="email" id="email" />
<br />
<span class="textfieldRequiredMsg">Please enter your personal email.</span></span></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Create a password<br />
<span id="sprypassword1">
<input type="password" name="password" id="password" />
<br />
<span class="passwordRequiredMsg">Please choose a password that contain at least<br />
1 letter and 1 number for maximum security.</span><span class="passwordMinCharsMsg">Minimum number of characters not met.<br />
Password must contain at least 5 characters.</span><span class="passwordInvalidStrengthMsg">Password must contain at least 1 letter and 1 number.</span></span></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Confirm your password<br />
<span id="spryconfirm1">
<input type="password" name="passwordcheck" id="passwordcheck" />
<span class="confirmRequiredMsg"><br />
Please make sure your password matches</span><span class="confirmInvalidMsg"><br />
The values don't match.</span></span></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Birthday<br />
<select name="BirthMonth">
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="BirthDay">
<?php
for ($i=1; $i<=31; $i++)
{
echo "<option value='$i'>$i</option>";
}
?>
</select>
<select name="BirthYear">
<?php
for ($i=2006; $i>=1900; $i=$i-1)
{
echo "<option value='$i'>$i</option>";
}
?>
</select></td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</div>
<div class ="rightRegister">
<table width="280" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2">Address
<br />
<span id="sprytextfield3">
<input type="text" name="address" id="address" />
<br />
<span class="textfieldRequiredMsg">Please enter your address</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">City<br />
<span id="sprytextfield4">
<input type="text" name="city" id="city" />
<br />
<span class="textfieldRequiredMsg">Please enter your city.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td width="108" valign="top">State/Province<br />
<span id="sprytextfield5">
<input type="text" name="state" id="state" class="regState" />
<span class="textfieldRequiredMsg">State required.</span></span></td>
<td width="144" valign="top">Zip/Postal Code<br />
<span id="sprytextfield6">
<input type="text" name="postalcode" id="postalcode" class="regPostalcode" />
<span class="textfieldRequiredMsg"><br />
Zip Code required.</span><span class="textfieldMaxCharsMsg"><br />
Enter 5-digit Zip code.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">Homephone
<span id="sprytextfield7"><br />
<input type="text" name="homephone" id="homephone" />
<br />
<span class="textfieldRequiredMsg">Please enter phone number.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">Cellphone<br />
<span id="sprytextfield8">
<input type="text" name="cellphone" id="cellphone" />
<br />
<span class="textfieldRequiredMsg">Please enter your cellphone number.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2" align="right"><span class="submit">
<input type="submit" value="Submit" />
</span></td>
</tr>
<tr>
<td colspan="2" align="right"> </td>
</tr>
</table>
<p> </p>
</div>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<input type="hidden" name="MM_insert" value="register" />
</form>
</div>
On your registration page, pull the invitation code from the query string (site.php?code=ajiofdjasoiej39048). Then, check if a row exists in the database with that invitation code. If it does, then display the registration form. Otherwise display an error message. Check the code again on submission, and after the user is registered successfully, delete the invite code from the DB.
Also, php_mysql is deprecated. Please use MySQLi or PDO instead.