A
Anonymous
Guest
Very sorry for the long post,
but I need desperate help and sleep.
Ok here I go ,
Because I knew nothing when I started:
I have put together a simple login/registration system for my website
my first successful attempt was simply to register the user in the database
and if successful forwarded to the login page.
Since using this method i've noticed that some users are creating false usernames and accounts
which is becoming a catastrophe for me.
I decided i want to "integrate" a verification process where the user receives
an email with a link back to the website or preferably eg."verified.php"
for at least one line of defense against fake accounts.
I googled around(honestly im not a good coder or script writer)
grabbed a few useful snippets and began amending my reg system.
first I created 2 test files, "veremail.html" & "email.php"
then i modified my registration form action=register.php to action=veremail.html
so my form is now pointing to my test files.
I created a very basic test html page("veremail.html") stating "please enter email and submit".
the page has a form with 1 input field as 'email' and a submit button.
once submitted my form launches my mailer form ("form action=email.php").
I press submit and an echo msg displays "Success!" check your mail.
I open my inbox and in my spam folder is my email sent from noreply@mywebsite.com
inside are the instructions to click the verification link "http://mywebsite.com/register.php
the 2 test files are working perfectly. well so it seems.
This is where the trouble started
I assumed/guessed I could integrate my test files by simply changing the file order
example:
(original) registration form action=register.php which includes common.php(dbase), then to "protected area.php"
(amended) registration form action=veremail.php when submitted opens email.php and sends an email to the email address entered.
containing a link "http://membersonly@mywebsite.com/register.php"
In my email I click the link but 'no bananas' I get a blank page resulting registration.php i realise that my username, email and password has been forgotten
by the original registration form because my input is on my original reg form and I am NOT registered.
I instant panic because the website is LIVE.
So I've fudged this for now by (A)changing my original form action back the way it was.
so as soon as somebody registers the original method is executed and (B) in my config.php changed the header location for successful registration to "veremail.php"
and (C) changed the link in my mailer to simply http://my/website.com/home
to follow the amended path through their inbox back to my website.
I only did this to get the website back up and running without too much interference as im getting a lot of quality new registrations daily.
as i deal with bitcoin and this is a fairly new project for me I've been eagerly monitoring everything and stats so i can judge the performance of my content.
If the abusers hadn't of hit my site so hard i wouldn't have noticed except today when monitoring my transactions I notice the strange behaviour
my user is now unaware that they are already registered and the email exercise is futile.
all the user has to do is press back twice on their browser or enter my address and the user can login normally.
without even opening the email or clicking the link.
it wouldn't take long for somebody to figure this out
and i need it to work genuinely and ASAP as i'm concerned about losing new member confidence due to my inability
to code the script properly.
I really want to get this right for my members, I love them all for being involved but the abusers are gonna ruin it for everyone.
I read somewhere that i could add a row in my existing database eg. "verified_user"
that would add a unique token code to the end of my confirmation link
this is what i wanted but i found it very hard to implement the instructions into my current system(set of files)
Any help would be greatly appreciated
but I need desperate help and sleep.
Ok here I go ,
Because I knew nothing when I started:
I have put together a simple login/registration system for my website
my first successful attempt was simply to register the user in the database
and if successful forwarded to the login page.
Since using this method i've noticed that some users are creating false usernames and accounts
which is becoming a catastrophe for me.
I decided i want to "integrate" a verification process where the user receives
an email with a link back to the website or preferably eg."verified.php"
for at least one line of defense against fake accounts.
I googled around(honestly im not a good coder or script writer)
grabbed a few useful snippets and began amending my reg system.
first I created 2 test files, "veremail.html" & "email.php"
then i modified my registration form action=register.php to action=veremail.html
so my form is now pointing to my test files.
I created a very basic test html page("veremail.html") stating "please enter email and submit".
the page has a form with 1 input field as 'email' and a submit button.
once submitted my form launches my mailer form ("form action=email.php").
I press submit and an echo msg displays "Success!" check your mail.
I open my inbox and in my spam folder is my email sent from noreply@mywebsite.com
inside are the instructions to click the verification link "http://mywebsite.com/register.php
the 2 test files are working perfectly. well so it seems.
This is where the trouble started
I assumed/guessed I could integrate my test files by simply changing the file order
example:
(original) registration form action=register.php which includes common.php(dbase), then to "protected area.php"
(amended) registration form action=veremail.php when submitted opens email.php and sends an email to the email address entered.
containing a link "http://membersonly@mywebsite.com/register.php"
In my email I click the link but 'no bananas' I get a blank page resulting registration.php i realise that my username, email and password has been forgotten
by the original registration form because my input is on my original reg form and I am NOT registered.
I instant panic because the website is LIVE.
So I've fudged this for now by (A)changing my original form action back the way it was.
so as soon as somebody registers the original method is executed and (B) in my config.php changed the header location for successful registration to "veremail.php"
and (C) changed the link in my mailer to simply http://my/website.com/home
to follow the amended path through their inbox back to my website.
I only did this to get the website back up and running without too much interference as im getting a lot of quality new registrations daily.
as i deal with bitcoin and this is a fairly new project for me I've been eagerly monitoring everything and stats so i can judge the performance of my content.
If the abusers hadn't of hit my site so hard i wouldn't have noticed except today when monitoring my transactions I notice the strange behaviour
my user is now unaware that they are already registered and the email exercise is futile.
all the user has to do is press back twice on their browser or enter my address and the user can login normally.
without even opening the email or clicking the link.
it wouldn't take long for somebody to figure this out
and i need it to work genuinely and ASAP as i'm concerned about losing new member confidence due to my inability
to code the script properly.
I really want to get this right for my members, I love them all for being involved but the abusers are gonna ruin it for everyone.
I read somewhere that i could add a row in my existing database eg. "verified_user"
that would add a unique token code to the end of my confirmation link
this is what i wanted but i found it very hard to implement the instructions into my current system(set of files)
Any help would be greatly appreciated