troubleshooting Question

Creating/Removing a temporary account into/out of SQL database. PHP

Avatar of dialeradmin
dialeradmin asked on
PHP
12 Comments1 Solution342 ViewsLast Modified:
Hi.
On my website, I currently have three user "access levels" for a user.  These user levels are determined by the administrator.  Based on who the user is, the access level allows a user to access different pages.

I was thinking this:

Currently, I have a registration page where an administrator can create an account for a user by entering a username, assigning a password, confirmed password, and email address.  After submission, an email is sent out to the user's input email address with a confirmation link to verify the account.  After verified, the account is set to active.  A user cannot login unless their account is set as active.

 What I am looking for is a way to create a 1 day temporary account.  I was thinking I could add a checkbox under the registration fields that says something like, Is this a temporary account?  If the checkbox is marked, it sets the 'Level_access' for the user to level 4 instead of the default (level 2) upon submission.  

The tricky part to this is if the account is marked as a temporary account (level 4), after submission and email authentication,  the account needs to be active for one day only.  Once a 24 hour period has passed, the account should be deleted from the database automatically.  

 I have attached the code of my registration page in case you need to see it!

I appreciate any help!!! Thanks!

Register_user.php
============================
<?php
session_start();
include_once('log.php');

if (!isset($_SESSION['logged_in'] ))
{
    header("Location: access_denied.php");
}

if ($_SESSION['Level_access'] != 1)
{
    header('Location: access_denied.php');
}

require_once('db.php');
include('functions.php');

      if(isset($_POST['register']))
      {
            if($_POST['username']!='' && $_POST['password']!='' && $_POST['password']==$_POST['password_confirmed'] && $_POST['email']!='' && valid_email($_POST['email'])==TRUE && checkUnique('Username', $_POST['username'])==TRUE && checkUnique('Email', $_POST['email'])==TRUE)
            {
            
                  $query = mysql_query("INSERT INTO users (`Username` , `Password`, `Email`, `Random_key`) VALUES ('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string(md5($_POST['password']))."', '".mysql_real_escape_string($_POST['email'])."', '".random_string('alnum', 32)."')") or die(mysql_error());
                  
                  $getUser = mysql_query("SELECT ID, Username, Email, Random_key FROM users WHERE Username = '".mysql_real_escape_string($_POST['username'])."'") or die(mysql_error());
      
                  if(mysql_num_rows($getUser)==1)
                  {                  
                        $row = mysql_fetch_assoc($getUser);
                        $headers =       "From: Dialer Secure Server";
                      $headers =      "Reply-To: something@something.com";
                        $subject = "Activation email for Dialer Secure Server";
                        $message = "Dear ".$row['Username'].", this is your activation link to be added to the Dialer Secure Server Database. In order to confirm your user account, please click on the following link: http://*.*.*.*/dialer/confirm.php?ID=".$row['ID']."&key=".$row['Random_key']." \n\n Please remember to change your password upon first login!!!\n\n Thank you for joining!";
                        if(mail($row['Email'], $subject, $message, $headers))
                        {
                              header('Location: registration_complete.php');
                        }
                        else {
                              header('Location: registration_error.php');
                        }
                  }
                  else {
                        header('Location: registration_error.php');
                  }
                                          
            }
            else {            
                  header('Location: registration_error.php');      
            }
      }
?>
<?php if(isset($error)){ echo $error;}?>
<?php if(isset($msg)){ echo $msg;} else {}//if we have a mesage we don't need this form again.?>


Here is the form, in case you need that as well:
=========================================
<form name="form1" method="post" action="">
              <table width="94%">
                <tr>
                  <td height="24"><div align="center"><font color="#000000" size="-2" face="Arial, Helvetica, sans-serif"><img src="http://*.*.*.*/dialer/graphics/logo.JPG" width="14" height="14"></font></div></td>
                  <td height="24"><font color="#000000" size="-2" face="Arial, Helvetica, sans-serif"><strong>Register
                    a member to the database</strong></font></td>
                  <td width="39%" rowspan="7"><font size="-2" face="Arial, Helvetica, sans-serif">To
                    create another user account, please enter appropriate data
                    into the data fields. This information will be stored in the
                    database.</font></td>
                </tr>
                <tr>
                  <td width="11%" height="24"> <div align="right"><font color="#FF0000" size="-2" face="Arial, Helvetica, sans-serif">Username:</font></div></td>
                  <td width="50%"><input type="text" id="username" name="username" size="32" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>" />
                    &nbsp;</td>
                </tr>
                <tr>
                  <td height="24"> <div align="right"><font color="#FF0000" size="-2" face="Arial, Helvetica, sans-serif">Password:</font></div></td>
                  <td width="50%"><input type="password" id="password" name="password" size="32" value="" />
                    &nbsp;</td>
                </tr>
                <tr>
                  <td height="26"> <div align="right"><font color="#FF0000" size="-2" face="Arial, Helvetica, sans-serif">Retype
                      Password::</font></div></td>
                  <td width="50%"><input type="password" id="password_confirmed" name="password_confirmed" size="32" value="" />
                    &nbsp;</td>
                </tr>
                <tr>
                  <td height="24"> <div align="right"><font color="#FF0000" size="-2" face="Arial, Helvetica, sans-serif">Email:</font></div></td>
                  <td width="50%"><input type="text" id="email" name="email" size="32" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>" />
                    &nbsp;</td>
                </tr>
                <tr>
                  <td height="26">&nbsp;</td>
                  <td height="26"><input type="checkbox" name="checkbox" value="checkbox">
                    <font size="-2" face="Arial, Helvetica, sans-serif">Is this
                    a temporary account?</font></td>
                </tr>
                <tr>
                  <td height="26"> <div align="center"> &nbsp;</div></td>
                  <td height="26"> <input type="submit" name="register" value="register" />
                    &nbsp;</td>
                </tr>
              </table>
            </form>
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 12 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros