Exit
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0

how to generate a random session variable in php

Participant ,
Oct 18, 2009 Oct 18, 2009

i want to generate a random session variable and insert the variable in a mysql record to use later to validate an account set up.

person fills out form to create account and submits; inserts form information in mysql record.

i want the random variable to be inserted from a hidden field and the page sends an email with a link to click on to compare the variable to validate the user.

Not sure how to generate a random session variable and get that to the hidden field value to be inserted with the other form information.

thanks for your help,

Jim Balthrop

TOPICS
Server side applications
805
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 18, 2009 Oct 18, 2009

To insert the key I would personally do something like...

$key = md5($username . $password . $salt);

Insert that into your MySQL database, then send them a email with it, my next code shows how to activate it.

This is to activate the account.

<?php

$key;

$errors = array();

if(isset($_GET['key']){

     $key = $_GET['key'];

     $sql = 'SELECT * FROM users WHERE key = \'' . $key '\' LIMIT 1';

     $result = mysql_query($sql) or die(mysql_error());

     if(mysql_num_rows($result)){

          $sql2 = 'UPDATE users SET active = 1 WHERE key = \'' . $key '\' LIMIT 1';

          $result2 = mysql_query($sql2) or die(mysql_error());

          if($result2){

               //successfully activated account

          }

          else{

               //Something Went Wrong!

          }

     }

     else{

          $errors[] = 'Invaild Key, Please try again!';

     }

}

else{

     $errors[] = 'Invaild Key, Please try again!';

}

?>

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 19, 2009 Oct 19, 2009
LATEST

thanks for your help.

you pointed me in the right direction

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advisor ,
Oct 18, 2009 Oct 18, 2009

Your method has holes. If the random variable is in a hidden form field then anyone (including bots) can simply get the variable and activate the account automatically without having a valid email address.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines