I want to know if BigInt is enough in size. I have created a registration.php where the user gets emailed an account activation link to click to verify his email so his account gets activated.
Account Activation Link is in this format:
Account Activation Code is in this format:
$account_activation_code = sha1( (string) mt_rand(5, 30)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
Now, the following link got emailed: http://www.myssite.com/folder/activ...code=22d200f8670dbdb3e253a90eee5098477c95c23d
Note the account activation code that got generated by sha1: 22d200f8670dbdb3e253a90eee5098477c95c23d
But in my mysql db, in the "account_activation_code" column, I only see: "22". The rest of the activation code is missing. Why is that ? The column is set to BigInt. Is not that enough to house the Sha1 generated code ? What is your suggestion ?
I changed mysql column type to VARCHAR(40) and then VARCHAR(160) and even to BINARY(40) but no luck.
The sha1 generates the account activation code to 40 digits in the account activation link that gets emailed to the user but the account_activation_code mysql column does not hold that 40 digit value. Only holds the first 2 or 3 digits. What is wrong ?
Using php 5.
Here is the full script registration.php.
And the account_activation.php
registration.php.
activate_account.php
Thank You
Account Activation Link is in this format:
PHP:
$account_activation_link =
"http://www.".$site_domain."/".$social_network_name."/activate_account.php?primary_website_email=".$primary_website_email."&account_activation_code=".$account_activation_code."";
$account_activation_code = sha1( (string) mt_rand(5, 30)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
Now, the following link got emailed: http://www.myssite.com/folder/activ...code=22d200f8670dbdb3e253a90eee5098477c95c23d
Note the account activation code that got generated by sha1: 22d200f8670dbdb3e253a90eee5098477c95c23d
But in my mysql db, in the "account_activation_code" column, I only see: "22". The rest of the activation code is missing. Why is that ? The column is set to BigInt. Is not that enough to house the Sha1 generated code ? What is your suggestion ?
I changed mysql column type to VARCHAR(40) and then VARCHAR(160) and even to BINARY(40) but no luck.
The sha1 generates the account activation code to 40 digits in the account activation link that gets emailed to the user but the account_activation_code mysql column does not hold that 40 digit value. Only holds the first 2 or 3 digits. What is wrong ?
Using php 5.
Here is the full script registration.php.
And the account_activation.php
registration.php.
PHP:
<?php
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include 'config.php';
//Step 1: Check if User is already logged-in or not. If logged-in then do not register a 2nd account.
if (is_logged() === true) {
die("You are already logged-in to your account! No need to register again for another account! Only one account per user.");
}
//Perform following actions after REGISTER button is clicked.
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
//Step 2: Check user submitted details.
//2A. Check whether user made all the required inputs or not.
if (isset($_POST['agree_to_tos']) &&
isset($_POST["username"]) &&
isset($_POST["password"]) &&
isset($_POST["password_confirmation"]) &&
isset($_POST["primary_website_domain"]) &&
isset($_POST["primary_website_email_account"]) &&
isset($_POST["primary_website_email_account_confirmation"]) &&
isset($_POST["primary_website_email_domain"]) &&
isset($_POST["primary_website_email_domain_confirmation"]) &&
isset($_POST["first_name"]) &&
isset($_POST["middle_name"]) &&
isset($_POST["surname"]) &&
isset($_POST["gender"]) &&
isset($_POST["working_status"]))
{
//2B. Create variables based on user inputs.
$agree_to_tos = trim($_POST['agree_to_tos']);
$username = trim($_POST["username"]);
$password = $_POST["password"];
$password_confirmation = $_POST["password_confirmation"];
$primary_website_domain = trim($_POST["primary_website_domain"]);
$primary_website_email_account = trim($_POST["primary_website_email_account"]);
$primary_website_email_account_confirmation = trim($_POST["primary_website_email_account_confirmation"]);
$primary_website_email_domain = trim($_POST["primary_website_email_domain"]);
$primary_website_email_domain_confirmation = trim($_POST["primary_website_email_domain_confirmation"]);
//Combine Primary Website Email Account and Primary Website Email Domain to form Primary Email.
$primary_website_email = "$primary_website_email_account"."@"."$primary_website_email_domain";
$first_name = trim($_POST["first_name"]);
$middle_name = trim($_POST["middle_name"]);
$surname = trim($_POST["surname"]);
$gender = $_POST["gender"];
$working_status = $_POST["working_status"];
$account_activation_code = sha1( (string) mt_rand(5, 30)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
$account_activation_link = "http://www.".$site_domain."/".$social_network_name."/activate_account.php?primary_website_email=".$primary_website_email."&account_activation_code=".$account_activation_code."";
$account_activation_status = 0; // 1 = Active or Account Activated; 0 = Active or Pending Registration.
$hashed_password = password_hash($password, PASSWORD_DEFAULT); //Encrypt the password.
//2C. Check whether user inputs valid or not.
// Check if inputted Username is between the required 8 to 30 characters long or not.
if ($agree_to_tos != 'yes') {
echo "You must agree to our Terms & Conditions!<br>";
echo "Click the BACK button on your browser and try again!";
exit();
} elseif (strlen($username) < 8 || strlen($username) > 30) {
echo "Username must be between 8 to 30 characters long!<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if Password is between 8 to 30 characters long or not.
} elseif (strlen($password) < 8 || strlen($password) > 30) {
echo "Password must be between 8 to 30 characters long!<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if inputed Email is valid or not.
} elseif (!filter_var($primary_website_email, FILTER_VALIDATE_EMAIL)) {
echo "Invalid Email! Insert your real Email in order for us to email you your account activation details.<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if both inputted Passwords match or not.
} elseif ($password != $password_confirmation) {
echo "Your inputted Passwords don't match<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if both inputted Email Account match or not.
} elseif ($primary_website_email_account != $primary_website_email_account_confirmation) {
echo "Your inputted Email Accounts don't match!<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if both inputted Email Domain match or not.
} elseif ($primary_website_email_domain != $primary_website_email_domain_confirmation) {
echo "Your inputted Email Domains don't match!<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if both inputted Primary Website Email and Primary Website Domain match or not.
} elseif ($primary_website_email_domain != $primary_website_domain) {
echo "Your Primary Website Domain ($primary_website_domain) and Primary Website Email's Domain (@$primary_website_email_domain) don't match!<br>";
echo "NOTE: Your inputted Email Address must belong to your Primary Website Domain \"$primary_website_domain\".<br>";
echo "Click the BACK button on your browser and try again!<br>";
exit();
}
else
{
//2D. Check user inputs against DB.
//Select Username, Primary Domain and Primary Domain Email to check against Mysql DB if they are already registered or not.
$stmt = mysqli_prepare($conn, "SELECT username, primary_website_domain, primary_website_email FROM users WHERE username = ? OR primary_website_domain = ? OR primary_website_email = ?");
mysqli_stmt_bind_param($stmt, 'sss', $username, $primary_website_domain, $primary_website_email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_bind_result($stmt, $db_username, $db_primary_website_domain, $db_primary_website_email);
//$row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Use this line or next ?
$row = mysqli_stmt_fetch($stmt); //Use this line or previous ?
// Check if inputted Primary Website Domain Name is already registered or not.
if ($row['primary_website_domain'] == $primary_website_domain) {
echo "That domain name $primary_website_domain is already registered.<br>";
exit();
//Check if inputted Username is already registered or not.
} elseif ($row['username'] == $username) {
echo "That username $username is already registered!<br>";
echo "Click the BACK button on your browser and try again!";
exit();
// Check if inputted Email is already registered or not.
} elseif ($row['primary_website_email'] == $primary_website_email) {
echo "That email $primary_website_email is already registered.<br>";
exit();
}
else
{
//Step 3: Insert user's inputs into DB.
//Step 3A. Insert user's inputs into DB using php's sql injection prevention method "Prepared Statements".
$stmt = mysqli_prepare($conn, "INSERT INTO users(username, password, primary_website_domain, primary_website_email, first_name, middle_name, surname, gender, working_status, account_activation_status, account_activation_code) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'ssssssssssi', $username, $hashed_password, $primary_website_domain, $primary_website_email, $first_name, $middle_name, $surname, $gender, $working_status, $account_activation_status, $account_activation_code);
mysqli_stmt_execute($stmt);
//Step 3B. Check whether user's registration data was successfully submitted or not.
if (!$stmt)
{
echo "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time.";
exit();
}
else
{
$account_name = "$username";
//Step 3C. Email user their account activation link for them to click to confirm their Email Address and activate their new Account.
$headers = "From: " . $site_admin_email . "\r\n";
//More headers
//Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-9" . "\r\n";
$to = "$primary_website_email";
$subject = "Your SN account activation details!";
$body = "".$first_name." ".$surname.",
<html>
<head>
<title>Activation Link</title>
</head>
<body>
You need to click on the following link <a href=".$account_activation_link.">.$account_activation_link.</a> to activate your account.
</body>
</html>";
if (!mail($to,$subject,$body,$headers))
{
//Alert user System Error. System unable to email the Account Activation Link.
echo "Sorry! We have failed to email you your account activation details. Please contact the website administrator!";
exit();
}
else
{
//Alert user System Success. System was able to email the Account Activation Link.
echo "<h3 style='text-align:center'>Thank you for your registration!</h3><br>";
echo "Now, check your email \"$primary_website_email\" for details on how to activate your new account \"$account_name\" which you just registered.";
exit();
}
}
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php $social_network_name ?> Signup Page</title>
</head>
<body>
<div class ="container">
<?php
// Error Messages.
if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}
?>
<?php
//Session Messages.
if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}
?>
<?php
//Clear Registration Session.
function clear_registration_session()
{
//Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
unset($_SESSION['message']);
unset($_SESSION['error']);
unset($_POST);
exit();
}
?>
<p align="left"><font color="red" size="3"><b>Already have an account ? </b><a href="login.php">Login here!</a></font></p>
<form method="post" action="">
<p align="left"><h2>Signup Form</h2></p>
<fieldset>
<div class="form-group">
<p align="left"><label>* Username:</label>
<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* Password:</label>
<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></p>
</div>
<div class="form-group">
<p align="left"><label>* Repeat Password:</label>
<input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></p>
</div>
<div class="form-group">
<p align="left"><label>* Primary Website Domain:</label>
<input type="primary_domain" placeholder="Enter your Primary Website Domain" name="primary_website_domain" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_domain'])) { echo htmlentities($_POST['primary_website_domain']); }?>">
<font color="red" size="1"><b> Don't have a Domain ? </b><a href="domain_register.php">Register one here!</a></font></p>
</div>
<div class="form-group">
<p align="left"><label>* Email Account:</label>
<input type="text" placeholder="Enter your Email Account name (first part before @)" name="primary_website_email_account" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_account'])) { echo htmlentities($_POST['primary_website_email_account']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* Repeat Email Account:</label>
<input type="text" placeholder="Repeat your Email Account name (first part before @)" name="primary_website_email_account_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_account_confirmation'])) { echo htmlentities($_POST['primary_website_email_account_confirmation']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* Email Address Domain:</label>
<input type="text" placeholder="Enter your Email Account Domain (last part after @)" name="primary_website_email_domain" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_domain'])) { echo htmlentities($_POST['primary_website_email_domain']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* Repeat Email Address Domain:</label>
<input type="text" placeholder="Repeat your Email Account Domain (last part after @)" name="primary_website_email_domain_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['primary_website_email_domain_confirmation'])) { echo htmlentities($_POST['primary_website_email_domain_confirmation']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* First Name:</label>
<input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>Middle Name:</label>
<input type="text" placeholder="Enter your Middle Name" name="middle_name" required [A-Za-z] value="<?php if(isset($_POST['middle_name'])) { echo htmlentities($_POST['middle_name']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* Surname:</label>
<input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></p>
</div>
<div class="form-group">
<p align="left"><label>* Gender:</label>
<input type="radio" name="gender" value="Male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="Female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</p>
</div>
<div class="form-group">
<p align="left"><label>* Working Status:</label>
<input type="radio" name="working_status" value="Selfemployed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Selfemployed<input type="radio" name="working_status" value="Employed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Employed<input type="radio" name="working_status" value="Unemployed" <?php if(isset($_POST['working_status'])) { echo 'checked'; }?> required>Unemployed</p>
</div>
<div class="form-group">
<p align="left"><label>* Agree to Terms & Conditions ?:</label>
<input type="radio" name="agree_to_tos" value="yes" <?php if(isset($_POST['tos'])) { echo 'checked'; }?> required>Yes
<input type="radio" name="agree_to_tos" value="no" <?php if(isset($_POST['tos'])) { echo 'checked'; }?> required>No
</div>
</fieldset>
<p align="left"><button type="submit" class="btn btn-default" name="submit">Register!</button></p>
</form>
<p align="left"><font color="red" size="3"><b>Already have an account ? </b><a href="login.php">Login here!</a></font></p>
</body>
</html>
PHP:
<?php
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include 'config.php';
//Step 1: Check whether URL is in the GET Method or not.
//Perform following actions if Url is not in the GET Method and does not contain user Email and Account Activation Code.
if (!isset($_GET["primary_website_email"], $_GET["account_activation_code"]) === TRUE)
{
$primary_website_email = htmlspecialchars($_GET['primary_website_email']);
$account_activation_code = htmlspecialchars($_GET['account_activation_code']);
//Give user alert the Account Activation Link is Invalid.
echo "Invalid Account Activation Link! Try registering for an account if you do not already have one! <a href=\"http://myssite.com/sn/register.php\">Register here!</a>";
exit();
}
else
{
//Step 2: Check user submitted details.
//2A. Check user inputs against DB.
//Select Username, Primary Domain and Primary Domain Email to check against DB if they are pending registration or not.
$stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?");
mysqli_stmt_bind_param($stmt, 'si', $_GET["primary_website_email"], $_GET["account_activation_code"]);
mysqli_stmt_bind_result($stmt, $username, $account_activation_status);
//Perform following if Account Activation Link was valid (Correctly had the registered email and Account Activation Code associated with it).
if (mysqli_stmt_execute($stmt) && mysqli_stmt_fetch($stmt))
{
//Perform following if Account Activation Status is not on "0" (Account Activation Pending) on DB.
if ($account_activation_status != 0)
{
//Give user alert Account already activated.
echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
exit;
}
else
{
//Set Account Activation Status to 1 (1 = "Account Activated" and 0 = "Activation Pending") on DB.
$account_activation_status = 1;
$stmt = mysqli_prepare($conn, "UPDATE users SET account_activation_status = ? WHERE username = ?");
mysqli_stmt_bind_param($stmt, 'is', $account_activation_status, $username);
if (mysqli_stmt_execute($stmt))
{
//Give user alert Account has now been activated.
echo "<h3 style='text-align:center'>Thank you for confirming your email \"$primary_website_email\" and activating your account $username.<br /> Redirecting you to the login page ...</h3>";
exit;
}
}
}
else
{
//Perform following if Primary Website Email and/or Account Activation Code is not Pending Registration.
$primary_website_email = htmlspecialchars($_GET['primary_website_email']);
$account_activation_code = htmlspecialchars($_GET['account_activation_code']);
//Give user alert the Email Address and/or the Account Activation Code in the Account Activation Link is Invalid or the Account Activation Link is out of date (Email no longer registered).
echo "Either this Email Address $primary_website_email was not pending registration with this Account Activation Code $account_activation_code or one or both of them are invalid! Or, the Account Activation Link is out of date (Email no longer registered)
Try registering an account if you have not already done so! <a href=\"http://myssite.com/sn/register.php\">Register here!</a>";
exit;
}
}
Last edited: