1 Replies - 119 Views - Last Post: 12 May 2014 - 08:28 PM Rate Topic: -----

#1 vinson89  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 12-May 14

Allow the user immediately logged into system

Posted 12 May 2014 - 08:16 PM

How to prevent the sql injection and allow the user immediately logged into the system after activation was successful in check e-mail activation script after
echo "Congratulations. Your membership has been activated ";
?

Here is my check e-mail activation script php:

<?php
require_once('recaptchalib.php');
$privatekey = "your_private_key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
$username = $_POST['username'];
$activation_code = $_POST['activation_code'];
$db_host = "localhost";
$db_name = "databasename";
$db_use = "root";
$db_pass = "password";
$link = mysql_connect($db_host, $db_use, $db_pass);
mysql_select_db($db_name, $link);
$command = "UPDATE email_activation SET check_activation='$activation_code' WHERE username='$username' and activation='$activation_code'";
$result = mysql_query($command);
if ($result) {
echo "Congratulations. Your membership has been activated ";
}else{
echo ("You've entered an invalid username / activation code  please retry");
}
}
?>



Is This A Good Question/Topic? 0
  • +

Replies To: Allow the user immediately logged into system

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3715
  • View blog
  • Posts: 5,972
  • Joined: 08-June 10

Re: Allow the user immediately logged into system

Posted 12 May 2014 - 08:28 PM

View Postvinson89, on 13 May 2014 - 03:16 AM, said:

How to prevent the sql injection

First thing you should do is read the manual entry on the subject.

Main thing is to stop using the outdated, and now deprecated, MySQL API functions (like mysql_query), and instead start using prepared statements through the more modern PDO or MySQLi libraries.

View Postvinson89, on 13 May 2014 - 03:16 AM, said:

and allow the user immediately logged into the system after activation was successful

Just set the appropriate session variable once the user has been activated. - Do you not know what session variables are used to maintain the login in your system? It's something only the person who designed the user registration/login systems would know.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1