Link email confirmation

helmz · 2010-10-08 09:26:11

Hi, when I send an activation link to an user who wants newsletters it sends you to ‘confirmation.php’ to activate it in Database but looks like not doing that. Thanks in advance.

confirmation.php

<?php
echo 'hello';
//here must any error...
$query = "SELECT * FROM email WHERE activate = {$_GET['random']}";
$response = mysql_query($query);
if(mysql_fetch_assoc($response))
{
echo "Is in DB - Code to Activate = 1.. blabla";
} else {
echo "NOT found in DB";
}
// Ever says it isnt... (and it is)
?>

datadb.php

$random = uniqid();
$id = mysql_insert_id();
$mensaje = "'Hello '$id', '$random', http://mysite.com/confirmacion.php?id=$random";

—-

Btw i did ‘echo $_GET[‘id’]’ and it gets the code, so its id instead of random… but still says EVER not found

Last edited by helmz (2010-10-08 10:44:58)

MattD · 2010-10-08 16:26:17

Is this a newsletter plugin?

Hopefully it’s not this simple but in your post you say confirmation.php and in the code snippet you post it says confirmacion.php.

helmz · 2010-10-13 08:10:00

no, it isnt a pluggin. Error name is due to the translate sorry, but thanks.

els · 2010-10-13 20:14:42

Am I right in thinking that this is not Textpattern related at all? If this is an existing script, maybe it has its own forum?

helmz · 2010-10-15 09:18:02

Uhm… Im trying to find a good forum to ask this kind of questions, tryed some, and here is the only site where i get an answer, other forums look like deads…

do you know anyone?

Gocom · 2010-10-15 10:06:58

As this is Textpattern support forum, I would suggest checking out mem_postmaster if you have needs for newsletters.

Anyhow, first of all, what comes to that specific code of yours, it alone doesn’t do anything. So, it’s really hard to help at all, when it alone doesn’t do anything. What I can say about that code is, that you should never blindly trust the input that comes from the user.

Currently you are directly supplying $_GET['random'/'id'] to the query. Always remember to use mysql_real_escape_string() when using user provided data in queries.

As this is Textpattern support forum I suggest using TXP’s library, preferably TXP’s plugin functionalities, and doSlash() for optimal security and extensibility.

Last edited by Gocom (2010-10-15 10:08:23)

Textpattern CMS

Textpattern CMS support forum

#1 2010-10-08 09:26:11

Link email confirmation

#2 2010-10-08 16:26:17

Re: Link email confirmation

#3 2010-10-13 08:10:00

Re: Link email confirmation

#4 2010-10-13 20:14:42

Re: Link email confirmation

#5 2010-10-15 09:18:02

Re: Link email confirmation

#6 2010-10-15 10:06:58

Re: Link email confirmation

Board footer