Access User Class - Registration Activation String

Olaf,

Thank you for creating such a great resource and allowing amateurs like me to download and play with it.

I am creating a members website that I wish to secure.  I also have some other PHP applications running to perform mailing list functions.  My plan is to use the Access User Class to control access to pages, but with a modified registration processs that updates the auc_users table, as well as some other tables in the same database.

I have created my own registration form and my own cut down version of the access_user_class.php script just for use with the registration form.  All other pages are your code, using the access_user_class.php script.

I have manged to get the registrations working with my code, but I am having issues with the validation e-mail.

I can successfully complete a registration (using my code) and when I look at my database table, I see a new row added with the same details as if I had used your registration page and the access_user_class.php script.

An e-mail is generated to the new user, with the activation link, however the md5 string in the URL that I have generated is different to what is generated when I use your native code.  The curious thing is that when I click on my URL (the one with the incorrect md5 string), I am taken to the login.php screen and I get a message saying that "Your request has been processed. Please login to continue."  An e-mail is also sent telling me that the account is now active.  However, the active column in the database has not been updated from 'n' to 'y' and it is not possible to login.

As I mentioned, the only thing that I can see that is different is the md5 string that is used in the header of the e-mail.  I thought that I understood which field you were using to create the md5 string in the URL, but I could be missing something.  Any help you could offer would be appreciated.

[Free WordPress Themes]

restore the (md5) original string

restore the (md5) original string

Olaf, thank you for your quick response, however I believe that I am using the original md5 string.

I just registered two new accounts, one with your method and one with mine.  The password entered was the same in each case.  The results are as follows below:

Code to build e-mail in access_user_class.php, $msg[29]: ...&activate=".md5($this->user_pw)."&language=...
Activation code recieved in e-mail: ...ident=19&activate=14e1b600b1fd579f47433b88e8d85291&language=en
Password string entered into the database: e10adc3949ba59abbe56e057f20f883e

My Code to build E-mail:  ...&activate=".md5($pw)."&language=...
Activation code recieved in e-mail: ...ident=20&activate=e10adc3949ba59abbe56e057f20f883e&language=en
Password string entered into the database: e10adc3949ba59abbe56e057f20f883e

Should the md5 string in the authentication e-mail be the same as the password stored in the database?  Reading your code, I was under the impression that the variable that is used to place data into the database is the same variable used when constructing the activation string in the e-mail message.  I know that the md5 variable used in other messages is calculated with the assistance of a static value found in the db_config file.

I will keep looking through your code in case I have missed something that modifies the md5 string used in the message.

The other issue that has me confused is when I click on the link generated by my code, and your code, each time the login.php page shows the message that my account has been activated.  Upon further testing, I have discovered that even if I use the following string:
...ident=21&activate=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&language=en
I still get a message and an e-mail confirming that I have successfully activated my account when in fact I haven't.  I have not modified this section of your access_user_class.php code.

I must be missing something fairly obvious here, but I will keep checking my code.

[Free WordPress Themes]

Hi,

how do you store the sessions? The default was within mysql but than you need to install that table too.

maybe you can disable this setting:

define("USE_MYSQL_SESSIONS", false); // "false" to disable thios setting

Olaf,

Thanks for the response.  I think the issue might lie with storing the session.  The code that I wrote did not store a session.

I am going back to the drawing board and modifying the way that I am using your script to remove these issues.

Thanks again for your quick assistance.

Rod.

[Guest]

[59.816]

Googlebot