[Ranga]

hiya guys, ive been trying to play around with a better signup page, and i think i found one, only problem is its meant to send the validation code, but its not sending the email at all. if anyone can help it would be greatly appreciated


Validation form:

Code:

<?php
$serveur="http://".$_SERVER["www.000webhost.com"];	// Server root
$validity=7;					// Code validity, in days.
$db_host="mysql14.000webhost.com";			// DB parameters
$db_user="*******";
$db_pass="*******";
$database="a1789315_test";

//************ End of parameters

$valid2=3600*24*$validity;
$er='';

if (isset($_POST["email"]))		// If the form has been submitted
{
mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to database");
mysql_select_db($database) or die("Unable to select database");

$page=$serveur.$_SERVER["PHP_SELF"];
$nom=htmlentities(substr($_POST["nom"],0,100), ENT_QUOTES);		// we cut the entered values to 100 characters and remove any ' or "
$pass=htmlentities(substr($_POST["pass"],0,100), ENT_QUOTES);		// this is to avoid SQL insertions (or other injections), and limit the amount of code that could be executed
$pass2=htmlentities(substr($_POST["pass2"],0,100), ENT_QUOTES);		// in case an insertion should succeed
$email=htmlentities(substr($_POST["email"],0,100), ENT_QUOTES);
$IP=$_SERVER['REMOTE_ADDR'];
$heure=time();

if(!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$', $email))$er.='Please enter a valid e-mail address.<br/>';	// Once again, sth against email insertion
if(false!=strpos($nom,chr(92)) || false!=strpos($nom,":") || false!=strpos($nom,",") || false!=strpos($nom,";")) $er.='You used forbidden characters in your user name.<br/>';

do					// The code must be unique, but we don't need to tell the user ;)
{
$session=md5($heure.rand(100000,999999));
$resultat = mysql_query("SELECT * FROM w_members WHERE session ='$session'");
}
while(false!=($ligne = mysql_fetch_array ($resultat)));

if($nom=="" || $pass=="" || $email==""){$er.='One or more fields are missing.<br/>';}				// Fill in all fields, thank you
if($pass!=$pass2){$er.='Password and confirmation didn\'t match.<br/>';}					// The 2 passwords must be the same
$resultat = mysql_query("SELECT * FROM members WHERE nom ='".$nom."'"); 
if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This username ('.$nom.') is already taken.<br/>';}	// If the login is already taken (confirmed)
$resultat = mysql_query("SELECT * FROM w_members WHERE nom ='".$nom."'"); 
if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This username ('.$nom.') is already taken.<br/>';}	// If the login is already taken (not yet confirmed)
$resultat = mysql_query("SELECT * FROM blackl WHERE email ='".$email."'"); 
if(false!=($ligne = mysql_fetch_array ($resultat))){$er.='This e-mail ('.$email.') is blacklisted. You can\'t use it to sign up here.<br/>';}	// If the e-mail is in the blacklist

if($er=='')
{	//**** IF NO ERROR - START

//********* Confirmation e-mail
/* subject */
$subject = "Account confirmation";

/* message */
$message = '
<html>
<head>
 <title>Account confirmation</title>
</head>
<body>
Hello '.$nom.',<br/><br/>

You are receiving this e-mail because you or someone else used your address to sign up on our site.<br/>
To complete the sign-up process please follow <a href="'.$page.'?code='.$session.'">this link</a>.<br/><br/>

If you didn\'t sign up on our site, just ignore this message and please accept our apologies.<br/>
You can also choose to blacklist your e-mail so you won\'t hear from us anymore by following <a href="'.$page.'?code='.$session.'&BL=1">this link</a>.<br/>
Your e-mail was submitted from IP '.$IP.' on '.date("r").' (server time).<br/><br/>

Best regards,<br/>
Site Admin
</body>
</html>
';

/* To send HTML mail, you can set the Content-type header. */
$headers  = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";

/* additional headers */
$headers .= "To: ".$nom." <".$email.">\r\n";
$headers .= "From: Site <ranga@cyberdude.com>\r\n";

/* and now mail it */
if(mail($email, $subject, $message, $headers))
	{
	mysql_query("INSERT INTO w_members SET nom='".$nom."',pass='".md5($pass)."',email='".$email."',heure='".$heure."',session='".$session."',IP='".$IP."';");		// We insert the data into the waiting table

	echo 'Thank you.<br/>An e-mail was sent to '.$email.'. Please check your e-mail and confirm your membership within '.$validity.' days.';
	}
else {$er.='We weren't able to send you the confirmation e-mail. Please contact the webmaster.<br/>';}
}	//**** IF NO ERROR - END

mysql_close();
}	// If the form has been filled - END


else if(isset($_GET["code"]))					// If a code is entered
{
mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to database");
mysql_select_db($database) or die("Unable to select database");

$heure=time();
$heure2=$heure-$valid2;						// We delete outdated codes
mysql_query("DELETE FROM w_members WHERE heure<".$heure2.";");

$session=htmlentities($_GET["code"], ENT_QUOTES);
$sql = "SELECT * FROM w_members WHERE session ='".$session."'";
$resultat = mysql_query($sql);

if(false==($ligne = mysql_fetch_assoc ($resultat))){$er.='This code is wrong or has expired, please fill in the form again.<br/>';}

if($er=='')
{	//**** IF NO ERROR - START

if(!isset($_GET["BL"]))						// If the user comes to confirm, we insert them into the members table and remove them from the waiting table
{
$nom=$ligne['nom'];
mysql_query("INSERT INTO members SET nom='".$nom."',pass='".$ligne['pass']."',email='".$ligne['email']."',IP='".$ligne['IP']."',heure='".$ligne['heure']."';");
mysql_query("DELETE FROM w_members WHERE session='".$session."'");

echo 'Thank you for confirming your inscription '.$nom.'. You are now a member of the site.';
}

else if($_GET["BL"]==1)						// If the user comes to be blacklisted, we ask for a confirmation
{
echo 'Click <a href="'.$_SERVER["PHP_SELF"].'?code='.$session.'&BL=2">here</a> to blacklist your e-mail. This CANNOT be undone.';
}

else								// If the user confirms they want to be blacklisted,  we insert them into the blacklist and remove them from the waiting table
{
$email=$ligne['email'];
mysql_query("INSERT INTO blackl SET email='".$email."',IP='".$ligne['IP']."',heure='".$ligne['heure']."';");
mysql_query("DELETE FROM w_members WHERE session='".$session."'");

echo 'Your e-mail, '.$email.', has been blacklisted. You won't receive anymore e-mails from us.';
}
}	//**** IF NO ERROR - END

mysql_close();
}	// If a code is entered - END



else{show_form();}		// If there is no form submitted nor a code, we show the form

if($er!='' && isset($_POST["email"])){show_form($nom,$pass,$pass2,$email,$er);}
else if($er!='' && !isset($_POST["email"])){show_form('','','','',$er);}

//************ Form display function
function show_form($nom="",$pass="",$pass2="",$email="",$er='')
{
echo '<div style="font-weight:bold;">'.$er.'</div>
Please fill in the sign up form&nbsp;:<br/>
<form action="'.$_SERVER["PHP_SELF"].'" method="post">
<table>
<tr>
<td><label for="nom">Desired login</label>&nbsp;:</td><td><input type="text" name="nom" id="nom" size="50" maxlength="20" value="'.$nom.'" /></td>
</tr>

<tr>
<td><label for="pass">Password</label>&nbsp;:</td><td><input type="password" name="pass" id="pass" size="50" maxlength="20" value="'.$pass.'" /></td>
</tr>

<tr>
<td><label for="pass2">Confirm password</label>&nbsp;:</td><td><input type="password" name="pass2" id="pass2" size="50" maxlength="20" value="'.$pass2.'" /></td>
</tr>

<tr>
<td><label for="email">E-mail</label>&nbsp;:</td><td><input type="text" name="email" id="email" size="50" maxlength="100" value="'.$email.'" /></td>
</tr>
<tr><td colspan="2" style="text-align:center;"><input type="submit" value=" Sign Up " /></td></tr>
</table>
</form>';
}

?>

[willypt]

I never play with validation email before but maybe you haven't set the user for sending email something like that... Maybe

[Ranga]

Quote:

Originally Posted by willypt

Imaybe you haven't set the user for sending email something like that... Maybe

isnt that this part

Code:

/* and now mail it */
if(mail($email, $subject, $message, $headers))
	{
	mysql_query("INSERT INTO w_members SET nom='".$nom."',pass='".md5($pass)."',email='".$email."',heure='".$heure."',session='".$session."',IP='".$IP."';");		// We insert the data into the waiting table

	echo 'Thank you.<br/>An e-mail was sent to '.$email.'. Please check your e-mail and confirm your membership within '.$validity.' days.';
	}

[willypt]

No, I mean that the webmail should be configured or something like that... Btw, when using the feature (or maybe you found out the resolution), you have to consider the ToS

Quote:

1. No adult content of any kind (allowed if you upgrade account)

2. No warez / hacking / phishing sites

3. No mass mailers / spammers (account will be automatically suspended if you will try to send mass mail), so if your software supports such feature, disable it right now.

4. We do not allow any file sharing scripts to be run. (allowed if you upgrade account)

5. Chat, proxy, or file download scripts are not allowed. (allowed if you upgrade account)

6. Paid-to-surf, auto-surf, buxto, and any other similar scripts are banned (allowed if you upgrade account)

7. We do not allow online gaming scripts such as ogame, mafia, etc.. (allowed if you upgrade account)

8. Nulled software such as ip.board or vbulletin is not allowed to be hosted

9. Account cannot be used to store files only (allowed if you upgrade account)

10. Sites related to torrents cannot be hosted (allowed if you upgrade account)

Please consider on activating the feature because it limits you mail sending

Quote:

Originally Posted by lobrc

xmakina said this because several people have had there accounts disabled because of mass mailing. Usually, its because the forum sends automated messages all at once which triggers the mailing limit to the members without the user being aware of it.

The limit according to 000webhost is no more than 30 emails per 5 minutes and no more than 100 emails per hour.

taken from Can i Upload PHPbb it's free.and open source.

If you have a high traffic site, this would be easily broken

and the additional...

Quote:

Originally Posted by xmakina

Additional: more than 7 emails per minute will result in a suspension too.

[Ranga]

isnt the mass emailer/spammer more than so many emails a minute, besides this is only my set up server, once i have it working properly i will move it to a full server to get rid of that limitation, and when you say webmail, does that mean i have to use a email from 000webhost it self and not one from mail,yahoo or Hotmail.

[willypt]

I guess you have to use this webhost, unless you use Gmail MX record things...
Btw, why don't you try to read this thread
I'm not really experienced with these issues...
But reading related posts sure will help you..

Using Google mail with 000webhost

[Ranga]

thanks for your help, all i needed was a email from 000webhost and now it works. although it does go stright to the persons SPAM. but thanks

[Rhyfelwr]

Line 27 & 28 - no braces with if() statement - or is this a shortcut?

Line 78 - $headers .= "From: Site <ranga@cyberdude.com>\r\n"; - from Site???

Reply-To header?

Line 86 - apostrophe within single quote's

Line 131 - apostrophe within single quote's

I wasn't aware you could create functions after they are called? :S

Rich

[probannerdesigns]

ranga if u want bulk free mailing i can help its best to have more than one host these days

[Ranga]

Quote:

Originally Posted by Rhyfelwr

Line 27 & 28 - no braces with if() statement - or is this a shortcut?

Line 78 - $headers .= "From: Site <ranga@cyberdude.com>\r\n"; - from Site???

Reply-To header?

Line 86 - apostrophe within single quote's

Line 131 - apostrophe within single quote's

I wasn't aware you could create functions after they are called? :S

Rich

hmm thanks for pointing this stuff out, like i said i found this script on the net, and considering my PHP skills arnt that great, i was kind of just hoping its right. il work on fixing those errors