date:20040926

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Joseph Crawford

$_GET['activation_hash] is missing the end '


On Mon, 27 Sep 2004 03:20:22 +0800, Jason Wong <[EMAIL PROTECTED]> wrote:
> On Monday 27 September 2004 03:01, Stuart Felenstein wrote:
> > How are they any different?
> >
> > I'm seeing the same thing as your method.
> 
> These two methods are separate:
> 
> > > - Send user a system generated password with which
> > > they can login and
> > > subsequently change.
> 
> OR
> 
> > > - Send user an activation link which once clicked on
> > > would activate them and
> > > allow them to choose a password.
> 
> What is the advantage in sending someone a password AND making them click on a
> link to activate?
> 
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-db
> --
> /*
> A countryman between two lawyers is like a fish between two cats.
> -- Ben Franklin
> 
> 
> */
> 
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 



-- 
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247

For a GMail account
contact me OFF-LIST

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Jason Wong

On Monday 27 September 2004 03:01, Stuart Felenstein wrote:
> How are they any different?
>
> I'm seeing the same thing as your method.

These two methods are separate:

> > - Send user a system generated password with which
> > they can login and
> > subsequently change.

OR

> > - Send user an activation link which once clicked on
> > would activate them and
> > allow them to choose a password.

What is the advantage in sending someone a password AND making them click on a 
link to activate?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
/*
A countryman between two lawyers is like a fish between two cats.
-- Ben Franklin
*/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread M Saleh EG

Stuart... u got the logic now. check ur syntax problems urself...
this is the only way ull learn it!

a hint... if ur database query is giving u errors... try echoing it
before sending it to mysql_query. ull find out the problem yourself
then ;)

another hint... mysql_query always returns arrays so u can check it
with is_array or count() or even with isset functions before getting
it in use. Having some error preventing mechanisms are always good.

On Sun, 26 Sep 2004 11:40:17 -0700 (PDT), Stuart Felenstein
<[EMAIL PROTECTED]> wrote:
> Unknown column 'a338265f' in 'where clause' is the
> latest problem (and should be the last).  I had this
> same error earlier while just doing a straight sql to
> the database.  I corrected it then by putting
> apostrophes around the column name.  That didn't help
> here , not quotes , maybe double apostrophes?
> 
> $_GET['activate_hash])
> 
> This is where it's not picking the string correctly.
> 
> Stuart
> 
> 
> 
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
M.Saleh.E.G
97150-4779817

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

How are they any different?

I'm seeing the same thing as your method.

Stuart
--- Jason Wong <[EMAIL PROTECTED]> wrote:

> On Sunday 26 September 2004 19:45, Stuart Felenstein
> wrote:
> 
> > While I'm okay with mine, not completely
> satisfied.
> > I'd like to change it to the type where like above
> the
> > username and password is sent via email, but with
> the
> > addition of a link in the email whereby the user
> must
> > click on link to be "activated".  You probably
> have
> > seen this, but to spell it out - even though they
> have
> > the user name and password it somehow is not good
> > enough to login with until this "activation" takes
> > place.
> 
> Can someone please enlighten me on what extra
> security this method provides 
> over and above the following more simple methods:
> 
> - Send user a system generated password with which
> they can login and 
> subsequently change.
> 
> - Send user an activation link which once clicked on
> would activate them and 
> allow them to choose a password.
> 
> -- 
> Jason Wong -> Gremlins Associates ->
> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet
> Applications Development *
> --
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-db
> --
> /*
> Believe everything you hear about the world; nothing
> is too impossibly bad.
>   -- Honor'e de Balzac
> */
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

Unknown column 'a338265f' in 'where clause' is the
latest problem (and should be the last).  I had this
same error earlier while just doing a straight sql to
the database.  I corrected it then by putting
apostrophes around the column name.  That didn't help
here , not quotes , maybe double apostrophes?



$_GET['activate_hash])

This is where it's not picking the string correctly.

Stuart

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Jason Wong

On Sunday 26 September 2004 19:45, Stuart Felenstein wrote:

> While I'm okay with mine, not completely satisfied.
> I'd like to change it to the type where like above the
> username and password is sent via email, but with the
> addition of a link in the email whereby the user must
> click on link to be "activated".  You probably have
> seen this, but to spell it out - even though they have
> the user name and password it somehow is not good
> enough to login with until this "activation" takes
> place.

Can someone please enlighten me on what extra security this method provides 
over and above the following more simple methods:

- Send user a system generated password with which they can login and 
subsequently change.

- Send user an activation link which once clicked on would activate them and 
allow them to choose a password.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
--
/*
Believe everything you hear about the world; nothing is too impossibly bad.
-- Honor'e de Balzac
*/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] Question on Registration Method

2004-09-26 Thread Webmaster

> I'm getting an error using the
> "mysql_num_rows($result)"

> Warning: mysql_num_rows(): supplied argument is not a
> valid MySQL result resource in
> /home/lurkkcom/public_html/lurktivate.php on line 7

Did you happen to remember to change "fields" in the query string to your
table column names, and then "table" to your table name?

> Why am I counting the number of rows in the table? 
> Shouldn't I be looking to see if the code I was passed
> exists within the table ?

If a result is returned, i.e. the number of rows returned is greater than 0,
the page received a valid code and the user exists.

-JC

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Re: switch, if, or something to choose queries and echo formatting--PLEASE help

2004-09-26 Thread Antoine

> image
> 

I have just been testing and looking on a few fora (I know very little
about php and html still) but you have two ?'s in that url. I believe
the second one needs to be a &. I did a little test of your logic and
it seems to work if the second is replaced with the &, but not if left
as ?.
Cheers
Antoine



-- 
G System, The Evolving GUniverse - http://www.g-system.at

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

I'm getting an error using the
"mysql_num_rows($result)"

Warning: mysql_num_rows(): supplied argument is not a
valid MySQL result resource in
/home/lurkkcom/public_html/lurktivate.php on line 7

Why am I counting the number of rows in the table? 
Shouldn't I be looking to see if the code I was passed
exists within the table ?

Sorry and thank you,
Stuart




--- Joseph Crawford <[EMAIL PROTECTED]> wrote:

> no you dont need a user id or anything, here is some
> sample code to
> give you the idea
> 
> $result = mysql_query("SELECT fields FROM table
> WHERE code=".$_GET['code']);
> if(mysql_num_rows($result) > 0) {
>   // we have a match, activate the account
>   $result1 = mysql_query("UPDATE table SET
> activated=1 WHERE
> code=".$_GET['code']);
>   // show a page saying they are now activated
> } else {
>   // show an error
> }
> 
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Joseph Crawford

no you dont need a user id or anything, here is some sample code to
give you the idea

$result = mysql_query("SELECT fields FROM table WHERE code=".$_GET['code']);
if(mysql_num_rows($result) > 0) {
  // we have a match, activate the account
  $result1 = mysql_query("UPDATE table SET activated=1 WHERE
code=".$_GET['code']);
  // show a page saying they are now activated
} else {
  // show an error
}


On Sun, 26 Sep 2004 07:18:54 -0700 (PDT), Stuart Felenstein
<[EMAIL PROTECTED]> wrote:
> Nothing like sharing my pain ;) sorry!
> It seems that in order to compare the code to the one
> in the database, don't I need the userid or something?
> 
> or just that it exists in the database?
> 
> Thank you,
> 
> 
> Stuart
> --- Joseph Crawford <[EMAIL PROTECTED]> wrote:
> 
> > what i did is i used php to create a random string
> > of numbers and
> > letters about 15 chars long, then i store this in
> > the db, and in the
> > email i make the link
> > page.php?code=RandomStringHere, then on the
> > page.php i get the code and compare it to the ont in
> > the database.  If
> > they match activate the user otherwise show an
> > error.
> >
> >
> >
> >
> > On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart
> > Felenstein
> > <[EMAIL PROTECTED]> wrote:
> > > Ok , I think this is along the lines of what I've
> > > started.  I added a column called "active" with a
> > > default to 0.  It's a tiny int since I'm think
> > > 0=fales, 1=true.
> > >
> > > So can you explain a tad more about this hash
> > stuff ?
> > > Is that specific to a sql field or just a name
> > you've
> > > chose ?  I'm not sure what you mean in your last
> > > statement about the hash passing over to the
> > activate
> > > column ?
> > >
> > > Stuart
> > >
> > >
> > > --- M Saleh EG <[EMAIL PROTECTED]> wrote:
> > >
> > > > I'd do it this way...
> > > >
> > > > I'd add two column in the users table. 1-
> > activated,
> > > > 2- activation-hash
> > > >
> > > > once the registeration form is ubmited..
> > > > a-the username and user info will be saved in
> > the
> > > > users table.
> > > > b-an encrypted hash would be made n saved in
> > > > activation-hash column
> > > > and sent along with the registeration info
> > (username
> > > > & pass) in the
> > > > form of a url (eg.
> > > >
> > >
> >
> http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> > > >
> > > > if the user is activated then the login function
> > > > works for them if not
> > > > given a msg saying ur activation hasnt been done
> > > > yet
> > > >
> > > > the activatepage.php should then put 1, or on in
> > the
> > > > activated colum
> > > > in the users table on the row that has the hash
> > > > passed to it.
> > > >
> > > > simple enought aint it?
> > > >
> > > >
> > > > On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
> > > > Felenstein
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Currently there are only 2 types of users
> > planned
> > > > > Each has a basic access level.  I don't think
> > this
> > > > is
> > > > > the same as a usergroup though.
> > > > >
> > > > > If I don't have usergroups, but access levels,
> > > > then
> > > > > perhaps I should set the level to some less
> > then
> > > > what
> > > > > is required login till activated.
> > > > >
> > > > > Then it sounds like I have the system
> > autogenerate
> > > > an
> > > > > activation code.
> > > > >
> > > > > Not sure what you mean by :
> > > > > > a separate table holding information on how
> > to
> > > > > > activate (something
> > > > > > along the lines of userid, tousergroup,
> > > > > > activationcode).
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Usergroups.
> > > > > > Most likely, you're dealing with an
> > application
> > > > > > where you'll want to have
> > > > > > different kinds of users (administrators,
> > power
> > > > > > users, users).
> > > > > >
> > > > > > Just make a usergroup for accounts that
> > haven't
> > > > been
> > > > > > activated yet.
> > > > > > Also, a separate table holding information
> > on
> > > > how to
> > > > > > activate (something
> > > > > > along the lines of userid, tousergroup,
> > > > > > activationcode).
> > > > > >
> > > > > > / rylin
> > > > > >
> > > > >
> > > > > --
> > > > > PHP Database Mailing List
> > (http://www.php.net/)
> > > > > To unsubscribe, visit:
> > > > http://www.php.net/unsub.php
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > M.Saleh.E.G
> > > > 97150-4779817
> > > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit:
> > http://www.php.net/unsub.php
> > >
> > >
> >
> >
> >
> > --
> > Joseph Crawford Jr.
> > Codebowl Solutions
> > [EMAIL PROTECTED]
> > 802-558-5247
> >
> > For a GMail account
> > contact me OFF-LIST
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> 



-- 
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECT

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

Nothing like sharing my pain ;) sorry!
It seems that in order to compare the code to the one
in the database, don't I need the userid or something?

or just that it exists in the database?

Thank you,
Stuart
--- Joseph Crawford <[EMAIL PROTECTED]> wrote:

> what i did is i used php to create a random string
> of numbers and
> letters about 15 chars long, then i store this in
> the db, and in the
> email i make the link
> page.php?code=RandomStringHere, then on the
> page.php i get the code and compare it to the ont in
> the database.  If
> they match activate the user otherwise show an
> error.
> 
> 
> 
> 
> On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart
> Felenstein
> <[EMAIL PROTECTED]> wrote:
> > Ok , I think this is along the lines of what I've
> > started.  I added a column called "active" with a
> > default to 0.  It's a tiny int since I'm think
> > 0=fales, 1=true.
> > 
> > So can you explain a tad more about this hash
> stuff ?
> > Is that specific to a sql field or just a name
> you've
> > chose ?  I'm not sure what you mean in your last
> > statement about the hash passing over to the
> activate
> > column ?
> > 
> > Stuart
> > 
> > 
> > --- M Saleh EG <[EMAIL PROTECTED]> wrote:
> > 
> > > I'd do it this way...
> > >
> > > I'd add two column in the users table. 1-
> activated,
> > > 2- activation-hash
> > >
> > > once the registeration form is ubmited..
> > > a-the username and user info will be saved in
> the
> > > users table.
> > > b-an encrypted hash would be made n saved in
> > > activation-hash column
> > > and sent along with the registeration info
> (username
> > > & pass) in the
> > > form of a url (eg.
> > >
> >
>
http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> > >
> > > if the user is activated then the login function
> > > works for them if not
> > > given a msg saying ur activation hasnt been done
> > > yet
> > >
> > > the activatepage.php should then put 1, or on in
> the
> > > activated colum
> > > in the users table on the row that has the hash
> > > passed to it.
> > >
> > > simple enought aint it?
> > >
> > >
> > > On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
> > > Felenstein
> > > <[EMAIL PROTECTED]> wrote:
> > > > Currently there are only 2 types of users
> planned
> > > > Each has a basic access level.  I don't think
> this
> > > is
> > > > the same as a usergroup though.
> > > >
> > > > If I don't have usergroups, but access levels,
> > > then
> > > > perhaps I should set the level to some less
> then
> > > what
> > > > is required login till activated.
> > > >
> > > > Then it sounds like I have the system
> autogenerate
> > > an
> > > > activation code.
> > > >
> > > > Not sure what you mean by :
> > > > > a separate table holding information on how
> to
> > > > > activate (something
> > > > > along the lines of userid, tousergroup,
> > > > > activationcode).
> > > >
> > > >
> > > >
> > > >
> > > > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Usergroups.
> > > > > Most likely, you're dealing with an
> application
> > > > > where you'll want to have
> > > > > different kinds of users (administrators,
> power
> > > > > users, users).
> > > > >
> > > > > Just make a usergroup for accounts that
> haven't
> > > been
> > > > > activated yet.
> > > > > Also, a separate table holding information
> on
> > > how to
> > > > > activate (something
> > > > > along the lines of userid, tousergroup,
> > > > > activationcode).
> > > > >
> > > > > / rylin
> > > > >
> > > >
> > > > --
> > > > PHP Database Mailing List
> (http://www.php.net/)
> > > > To unsubscribe, visit:
> > > http://www.php.net/unsub.php
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > M.Saleh.E.G
> > > 97150-4779817
> > >
> > 
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit:
> http://www.php.net/unsub.php
> > 
> > 
> 
> 
> 
> -- 
> Joseph Crawford Jr.
> Codebowl Solutions
> [EMAIL PROTECTED]
> 802-558-5247
> 
> For a GMail account
> contact me OFF-LIST
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Joseph Crawford

that is done when they click the link in thier email

if they are sent to domain.com/page.php?code=X4rfkj490T

the code in page.php will $_GET['code'] and compare it to the one in
the database, if they match, flip the switch if not show an error.



On Sun, 26 Sep 2004 06:35:59 -0700 (PDT), Stuart Felenstein
<[EMAIL PROTECTED]> wrote:
> K...I've added the 2 columns, my names - activate and
> activate_hash.
> 
> Upon registration, the activate_hash has a generated
> string inserted.  activate column is default to 0.
> I can compare it to the database - but not sure how to
> flip the switch on the activate column 0->1
> Is that done through an update mechanism ?
> 
> Stuart
> 
> 
> 
> --- Joseph Crawford <[EMAIL PROTECTED]> wrote:
> 
> > what i did is i used php to create a random string
> > of numbers and
> > letters about 15 chars long, then i store this in
> > the db, and in the
> > email i make the link
> > page.php?code=RandomStringHere, then on the
> > page.php i get the code and compare it to the ont in
> > the database.  If
> > they match activate the user otherwise show an
> > error.
> >
> >
> >
> >
> > On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart
> > Felenstein
> > <[EMAIL PROTECTED]> wrote:
> > > Ok , I think this is along the lines of what I've
> > > started.  I added a column called "active" with a
> > > default to 0.  It's a tiny int since I'm think
> > > 0=fales, 1=true.
> > >
> > > So can you explain a tad more about this hash
> > stuff ?
> > > Is that specific to a sql field or just a name
> > you've
> > > chose ?  I'm not sure what you mean in your last
> > > statement about the hash passing over to the
> > activate
> > > column ?
> > >
> > > Stuart
> > >
> > >
> > > --- M Saleh EG <[EMAIL PROTECTED]> wrote:
> > >
> > > > I'd do it this way...
> > > >
> > > > I'd add two column in the users table. 1-
> > activated,
> > > > 2- activation-hash
> > > >
> > > > once the registeration form is ubmited..
> > > > a-the username and user info will be saved in
> > the
> > > > users table.
> > > > b-an encrypted hash would be made n saved in
> > > > activation-hash column
> > > > and sent along with the registeration info
> > (username
> > > > & pass) in the
> > > > form of a url (eg.
> > > >
> > >
> >
> http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> > > >
> > > > if the user is activated then the login function
> > > > works for them if not
> > > > given a msg saying ur activation hasnt been done
> > > > yet
> > > >
> > > > the activatepage.php should then put 1, or on in
> > the
> > > > activated colum
> > > > in the users table on the row that has the hash
> > > > passed to it.
> > > >
> > > > simple enought aint it?
> > > >
> > > >
> > > > On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
> > > > Felenstein
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Currently there are only 2 types of users
> > planned
> > > > > Each has a basic access level.  I don't think
> > this
> > > > is
> > > > > the same as a usergroup though.
> > > > >
> > > > > If I don't have usergroups, but access levels,
> > > > then
> > > > > perhaps I should set the level to some less
> > then
> > > > what
> > > > > is required login till activated.
> > > > >
> > > > > Then it sounds like I have the system
> > autogenerate
> > > > an
> > > > > activation code.
> > > > >
> > > > > Not sure what you mean by :
> > > > > > a separate table holding information on how
> > to
> > > > > > activate (something
> > > > > > along the lines of userid, tousergroup,
> > > > > > activationcode).
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Usergroups.
> > > > > > Most likely, you're dealing with an
> > application
> > > > > > where you'll want to have
> > > > > > different kinds of users (administrators,
> > power
> > > > > > users, users).
> > > > > >
> > > > > > Just make a usergroup for accounts that
> > haven't
> > > > been
> > > > > > activated yet.
> > > > > > Also, a separate table holding information
> > on
> > > > how to
> > > > > > activate (something
> > > > > > along the lines of userid, tousergroup,
> > > > > > activationcode).
> > > > > >
> > > > > > / rylin
> > > > > >
> > > > >
> > > > > --
> > > > > PHP Database Mailing List
> > (http://www.php.net/)
> > > > > To unsubscribe, visit:
> > > > http://www.php.net/unsub.php
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > M.Saleh.E.G
> > > > 97150-4779817
> > > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit:
> > http://www.php.net/unsub.php
> > >
> > >
> >
> >
> >
> > --
> > Joseph Crawford Jr.
> > Codebowl Solutions
> > [EMAIL PROTECTED]
> > 802-558-5247
> >
> > For a GMail account
> > contact me OFF-LIST
> > 
> > --
> 
> 
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> 



-- 
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247

For a

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

K...I've added the 2 columns, my names - activate and
activate_hash.

Upon registration, the activate_hash has a generated
string inserted.  activate column is default to 0.
I can compare it to the database - but not sure how to
flip the switch on the activate column 0->1
Is that done through an update mechanism ?

Stuart

--- Joseph Crawford <[EMAIL PROTECTED]> wrote:

> what i did is i used php to create a random string
> of numbers and
> letters about 15 chars long, then i store this in
> the db, and in the
> email i make the link
> page.php?code=RandomStringHere, then on the
> page.php i get the code and compare it to the ont in
> the database.  If
> they match activate the user otherwise show an
> error.
> 
> 
> 
> 
> On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart
> Felenstein
> <[EMAIL PROTECTED]> wrote:
> > Ok , I think this is along the lines of what I've
> > started.  I added a column called "active" with a
> > default to 0.  It's a tiny int since I'm think
> > 0=fales, 1=true.
> > 
> > So can you explain a tad more about this hash
> stuff ?
> > Is that specific to a sql field or just a name
> you've
> > chose ?  I'm not sure what you mean in your last
> > statement about the hash passing over to the
> activate
> > column ?
> > 
> > Stuart
> > 
> > 
> > --- M Saleh EG <[EMAIL PROTECTED]> wrote:
> > 
> > > I'd do it this way...
> > >
> > > I'd add two column in the users table. 1-
> activated,
> > > 2- activation-hash
> > >
> > > once the registeration form is ubmited..
> > > a-the username and user info will be saved in
> the
> > > users table.
> > > b-an encrypted hash would be made n saved in
> > > activation-hash column
> > > and sent along with the registeration info
> (username
> > > & pass) in the
> > > form of a url (eg.
> > >
> >
>
http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> > >
> > > if the user is activated then the login function
> > > works for them if not
> > > given a msg saying ur activation hasnt been done
> > > yet
> > >
> > > the activatepage.php should then put 1, or on in
> the
> > > activated colum
> > > in the users table on the row that has the hash
> > > passed to it.
> > >
> > > simple enought aint it?
> > >
> > >
> > > On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
> > > Felenstein
> > > <[EMAIL PROTECTED]> wrote:
> > > > Currently there are only 2 types of users
> planned
> > > > Each has a basic access level.  I don't think
> this
> > > is
> > > > the same as a usergroup though.
> > > >
> > > > If I don't have usergroups, but access levels,
> > > then
> > > > perhaps I should set the level to some less
> then
> > > what
> > > > is required login till activated.
> > > >
> > > > Then it sounds like I have the system
> autogenerate
> > > an
> > > > activation code.
> > > >
> > > > Not sure what you mean by :
> > > > > a separate table holding information on how
> to
> > > > > activate (something
> > > > > along the lines of userid, tousergroup,
> > > > > activationcode).
> > > >
> > > >
> > > >
> > > >
> > > > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Usergroups.
> > > > > Most likely, you're dealing with an
> application
> > > > > where you'll want to have
> > > > > different kinds of users (administrators,
> power
> > > > > users, users).
> > > > >
> > > > > Just make a usergroup for accounts that
> haven't
> > > been
> > > > > activated yet.
> > > > > Also, a separate table holding information
> on
> > > how to
> > > > > activate (something
> > > > > along the lines of userid, tousergroup,
> > > > > activationcode).
> > > > >
> > > > > / rylin
> > > > >
> > > >
> > > > --
> > > > PHP Database Mailing List
> (http://www.php.net/)
> > > > To unsubscribe, visit:
> > > http://www.php.net/unsub.php
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > M.Saleh.E.G
> > > 97150-4779817
> > >
> > 
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit:
> http://www.php.net/unsub.php
> > 
> > 
> 
> 
> 
> -- 
> Joseph Crawford Jr.
> Codebowl Solutions
> [EMAIL PROTECTED]
> 802-558-5247
> 
> For a GMail account
> contact me OFF-LIST
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Joseph Crawford

what i did is i used php to create a random string of numbers and
letters about 15 chars long, then i store this in the db, and in the
email i make the link page.php?code=RandomStringHere, then on the
page.php i get the code and compare it to the ont in the database.  If
they match activate the user otherwise show an error.




On Sun, 26 Sep 2004 05:54:14 -0700 (PDT), Stuart Felenstein
<[EMAIL PROTECTED]> wrote:
> Ok , I think this is along the lines of what I've
> started.  I added a column called "active" with a
> default to 0.  It's a tiny int since I'm think
> 0=fales, 1=true.
> 
> So can you explain a tad more about this hash stuff ?
> Is that specific to a sql field or just a name you've
> chose ?  I'm not sure what you mean in your last
> statement about the hash passing over to the activate
> column ?
> 
> Stuart
> 
> 
> --- M Saleh EG <[EMAIL PROTECTED]> wrote:
> 
> > I'd do it this way...
> >
> > I'd add two column in the users table. 1- activated,
> > 2- activation-hash
> >
> > once the registeration form is ubmited..
> > a-the username and user info will be saved in the
> > users table.
> > b-an encrypted hash would be made n saved in
> > activation-hash column
> > and sent along with the registeration info (username
> > & pass) in the
> > form of a url (eg.
> >
> http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> >
> > if the user is activated then the login function
> > works for them if not
> > given a msg saying ur activation hasnt been done
> > yet
> >
> > the activatepage.php should then put 1, or on in the
> > activated colum
> > in the users table on the row that has the hash
> > passed to it.
> >
> > simple enought aint it?
> >
> >
> > On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
> > Felenstein
> > <[EMAIL PROTECTED]> wrote:
> > > Currently there are only 2 types of users planned
> > > Each has a basic access level.  I don't think this
> > is
> > > the same as a usergroup though.
> > >
> > > If I don't have usergroups, but access levels,
> > then
> > > perhaps I should set the level to some less then
> > what
> > > is required login till activated.
> > >
> > > Then it sounds like I have the system autogenerate
> > an
> > > activation code.
> > >
> > > Not sure what you mean by :
> > > > a separate table holding information on how to
> > > > activate (something
> > > > along the lines of userid, tousergroup,
> > > > activationcode).
> > >
> > >
> > >
> > >
> > > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > >
> > > > Usergroups.
> > > > Most likely, you're dealing with an application
> > > > where you'll want to have
> > > > different kinds of users (administrators, power
> > > > users, users).
> > > >
> > > > Just make a usergroup for accounts that haven't
> > been
> > > > activated yet.
> > > > Also, a separate table holding information on
> > how to
> > > > activate (something
> > > > along the lines of userid, tousergroup,
> > > > activationcode).
> > > >
> > > > / rylin
> > > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit:
> > http://www.php.net/unsub.php
> > >
> > >
> >
> >
> >
> > --
> > M.Saleh.E.G
> > 97150-4779817
> >
> 
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 



-- 
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247

For a GMail account
contact me OFF-LIST

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

Ok , I think this is along the lines of what I've
started.  I added a column called "active" with a
default to 0.  It's a tiny int since I'm think
0=fales, 1=true.

So can you explain a tad more about this hash stuff ?
Is that specific to a sql field or just a name you've
chose ?  I'm not sure what you mean in your last
statement about the hash passing over to the activate
column ?

Stuart
--- M Saleh EG <[EMAIL PROTECTED]> wrote:

> I'd do it this way...
> 
> I'd add two column in the users table. 1- activated,
> 2- activation-hash
> 
> once the registeration form is ubmited.. 
> a-the username and user info will be saved in the
> users table.
> b-an encrypted hash would be made n saved in
> activation-hash column
> and sent along with the registeration info (username
> & pass) in the
> form of a url (eg.
>
http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> 
> if the user is activated then the login function
> works for them if not
> given a msg saying ur activation hasnt been done
> yet
> 
> the activatepage.php should then put 1, or on in the
> activated colum
> in the users table on the row that has the hash
> passed to it.
> 
> simple enought aint it?
> 
> 
> On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart
> Felenstein
> <[EMAIL PROTECTED]> wrote:
> > Currently there are only 2 types of users planned
> > Each has a basic access level.  I don't think this
> is
> > the same as a usergroup though.
> > 
> > If I don't have usergroups, but access levels,
> then
> > perhaps I should set the level to some less then
> what
> > is required login till activated.
> > 
> > Then it sounds like I have the system autogenerate
> an
> > activation code.
> > 
> > Not sure what you mean by :
> > > a separate table holding information on how to
> > > activate (something
> > > along the lines of userid, tousergroup,
> > > activationcode).
> > 
> > 
> > 
> > 
> > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > 
> > > Usergroups.
> > > Most likely, you're dealing with an application
> > > where you'll want to have
> > > different kinds of users (administrators, power
> > > users, users).
> > >
> > > Just make a usergroup for accounts that haven't
> been
> > > activated yet.
> > > Also, a separate table holding information on
> how to
> > > activate (something
> > > along the lines of userid, tousergroup,
> > > activationcode).
> > >
> > > / rylin
> > >
> > 
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit:
> http://www.php.net/unsub.php
> > 
> > 
> 
> 
> 
> -- 
> M.Saleh.E.G
> 97150-4779817
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread Joseph Crawford

currently i do it the same way M Saleh EG does it ;)

i have found that is the easiest way and works perfect.

> On Sun, 26 Sep 2004 16:34:16 +0400, M Saleh EG <[EMAIL PROTECTED]> wrote:
> > I'd do it this way...
> >
> > I'd add two column in the users table. 1- activated, 2- activation-hash
> >
> > once the registeration form is ubmited..
> > a-the username and user info will be saved in the users table.
> > b-an encrypted hash would be made n saved in activation-hash column
> > and sent along with the registeration info (username & pass) in the
> > form of a url (eg.
> > http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).
> >
> > if the user is activated then the login function works for them if not
> > given a msg saying ur activation hasnt been done yet
> >
> > the activatepage.php should then put 1, or on in the activated colum
> > in the users table on the row that has the hash passed to it.
> >
> > simple enought aint it?
> >
> > On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart Felenstein
> >
> >
> > <[EMAIL PROTECTED]> wrote:
> > > Currently there are only 2 types of users planned
> > > Each has a basic access level.  I don't think this is
> > > the same as a usergroup though.
> > >
> > > If I don't have usergroups, but access levels, then
> > > perhaps I should set the level to some less then what
> > > is required login till activated.
> > >
> > > Then it sounds like I have the system autogenerate an
> > > activation code.
> > >
> > > Not sure what you mean by :
> > > > a separate table holding information on how to
> > > > activate (something
> > > > along the lines of userid, tousergroup,
> > > > activationcode).
> > >
> > >
> > >
> > >
> > > --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> > >
> > > > Usergroups.
> > > > Most likely, you're dealing with an application
> > > > where you'll want to have
> > > > different kinds of users (administrators, power
> > > > users, users).
> > > >
> > > > Just make a usergroup for accounts that haven't been
> > > > activated yet.
> > > > Also, a separate table holding information on how to
> > > > activate (something
> > > > along the lines of userid, tousergroup,
> > > > activationcode).
> > > >
> > > > / rylin
> > > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> >
> > --
> > M.Saleh.E.G
> > 97150-4779817
> >
> >
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> 
> --
> Joseph Crawford Jr.
> Codebowl Solutions
> [EMAIL PROTECTED]
> 802-558-5247
> 
> For a GMail account
> contact me OFF-LIST
> 



-- 
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
802-558-5247

For a GMail account
contact me OFF-LIST

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

2004-09-26 Thread M Saleh EG

I'd do it this way...

I'd add two column in the users table. 1- activated, 2- activation-hash

once the registeration form is ubmited.. 
a-the username and user info will be saved in the users table.
b-an encrypted hash would be made n saved in activation-hash column
and sent along with the registeration info (username & pass) in the
form of a url (eg.
http://domain/activationpage.php?hash=ljk;lkj;lkjl;ksjfasdfa).

if the user is activated then the login function works for them if not
given a msg saying ur activation hasnt been done yet

the activatepage.php should then put 1, or on in the activated colum
in the users table on the row that has the hash passed to it.

simple enought aint it?


On Sun, 26 Sep 2004 05:02:07 -0700 (PDT), Stuart Felenstein
<[EMAIL PROTECTED]> wrote:
> Currently there are only 2 types of users planned
> Each has a basic access level.  I don't think this is
> the same as a usergroup though.
> 
> If I don't have usergroups, but access levels, then
> perhaps I should set the level to some less then what
> is required login till activated.
> 
> Then it sounds like I have the system autogenerate an
> activation code.
> 
> Not sure what you mean by :
> > a separate table holding information on how to
> > activate (something
> > along the lines of userid, tousergroup,
> > activationcode).
> 
> 
> 
> 
> --- Oscar Rylin <[EMAIL PROTECTED]> wrote:
> 
> > Usergroups.
> > Most likely, you're dealing with an application
> > where you'll want to have
> > different kinds of users (administrators, power
> > users, users).
> >
> > Just make a usergroup for accounts that haven't been
> > activated yet.
> > Also, a separate table holding information on how to
> > activate (something
> > along the lines of userid, tousergroup,
> > activationcode).
> >
> > / rylin
> >
> 
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 



-- 
M.Saleh.E.G
97150-4779817

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

Currently there are only 2 types of users planned 
Each has a basic access level.  I don't think this is
the same as a usergroup though.

If I don't have usergroups, but access levels, then
perhaps I should set the level to some less then what
is required login till activated.

Then it sounds like I have the system autogenerate an
activation code.

Not sure what you mean by :
> a separate table holding information on how to
> activate (something
> along the lines of userid, tousergroup,
> activationcode).

--- Oscar Rylin <[EMAIL PROTECTED]> wrote:

> Usergroups.
> Most likely, you're dealing with an application
> where you'll want to have
> different kinds of users (administrators, power
> users, users).
> 
> Just make a usergroup for accounts that haven't been
> activated yet.
> Also, a separate table holding information on how to
> activate (something
> along the lines of userid, tousergroup,
> activationcode).
> 
> / rylin
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] Question on Registration Method

2004-09-26 Thread Oscar Rylin

Usergroups.
Most likely, you're dealing with an application where you'll want to have
different kinds of users (administrators, power users, users).

Just make a usergroup for accounts that haven't been activated yet.
Also, a separate table holding information on how to activate (something
along the lines of userid, tousergroup, activationcode).

/ rylin

-Original Message-
From: Stuart Felenstein [mailto:[EMAIL PROTECTED] 
Sent: den 26 september 2004 13:46
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Question on Registration Method

Right now my registration / login system works like
this:

1-User goes to registration page and fills out form
2-User gets to choose username but password is
autogenerated by system
3-System encrypts password in database
4-Password is unencrypted and sent along with username
to registrant's email address
5-If email fails, insertion into registration database
is rolled back.

I have seen (as we all have) various types of reg
methods.  
While I'm okay with mine, not completely satisfied. 
I'd like to change it to the type where like above the
username and password is sent via email, but with the
addition of a link in the email whereby the user must
click on link to be "activated".  You probably have
seen this, but to spell it out - even though they have
the user name and password it somehow is not good
enough to login with until this "activation" takes
place.

Basically I'm drawing a blank on the precise method
for this system.
Couple of thoughts - 
1-Perhaps there is another table that holds all "new"
registers until they are activated and then transfers
over the record(s) to the main reg table.
2-There is a column in the table that marks someone
registered ?
3-It's just governed by programming code 
4-Combination of database and PHP to make it work.

Alright , obviously I have no clue.
Appreciate some help, guidelines, pointers, etc.

Thank you,
Stuart

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] Question on Registration Method

2004-09-26 Thread Stuart Felenstein

Right now my registration / login system works like
this:

1-User goes to registration page and fills out form
2-User gets to choose username but password is
autogenerated by system
3-System encrypts password in database
4-Password is unencrypted and sent along with username
to registrant's email address
5-If email fails, insertion into registration database
is rolled back.

I have seen (as we all have) various types of reg
methods.  
While I'm okay with mine, not completely satisfied. 
I'd like to change it to the type where like above the
username and password is sent via email, but with the
addition of a link in the email whereby the user must
click on link to be "activated".  You probably have
seen this, but to spell it out - even though they have
the user name and password it somehow is not good
enough to login with until this "activation" takes
place.

Basically I'm drawing a blank on the precise method
for this system.
Couple of thoughts - 
1-Perhaps there is another table that holds all "new"
registers until they are activated and then transfers
over the record(s) to the main reg table.
2-There is a column in the table that marks someone
registered ?
3-It's just governed by programming code 
4-Combination of database and PHP to make it work.

Alright , obviously I have no clue.
Appreciate some help, guidelines, pointers, etc.

Thank you,
Stuart

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

RE: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Re: switch, if, or something to choose queries and echo formatting--PLEASE help

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

Re: [PHP-DB] Question on Registration Method

RE: [PHP-DB] Question on Registration Method

RE: [PHP-DB] Question on Registration Method

[PHP-DB] Question on Registration Method

20 matches

Site Navigation

Mail list logo

Footer information