Email Verification for users

Website URL

http://thevibezone.rf.gd/

Error Message

No error message i believe

Other Information

So i am trying to make my own way for email verification so that users have to verify their email to be able to finish the registration process and i cant quite seem to get it to work in which it will use my websites url in sending the email and such. If further info is needed please let me know

Very much so. What have you tried? What errors did you get / issues did you run into?

3 Likes
**Register.php** <?php
session_start();
require_once 'db_connect.php';

// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $confirm_password = $_POST['confirm_password'];

    // Validate input
    if (empty($username) || empty($email) || empty($password) || empty($confirm_password)) {
        $error = "All fields are required.";
    } elseif ($password !== $confirm_password) {
        $error = "Passwords do not match.";
    } else {
        // Check if username or email already exists
        $stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
        $stmt->bind_param("ss", $username, $email);
        $stmt->execute();
        $result = $stmt->get_result();

        if ($result->num_rows > 0) {
            $error = "Username or email already exists.";
        } else {
            // Hash the password
            $hashed_password = password_hash($password, PASSWORD_DEFAULT);
            
            // Generate verification token
            $verification_token = bin2hex(random_bytes(16));

            // Insert new user
            $stmt = $conn->prepare("INSERT INTO users (username, email, password, verification_token, is_verified) VALUES (?, ?, ?, ?, 0)");
            $stmt->bind_param("ssss", $username, $email, $hashed_password, $verification_token);

            if ($stmt->execute()) {
                // Send verification email
                $to = $email;
                $subject = "Verify your email for Halloween Forum";
                $verification_link = "This is setup on my end just changed for this purpose of sharing $verification_token;
                $message = "Click the following link to verify your email: $verification_link";
                $headers = "From: This is setup on my end just changed for this purpose of sharing";

                if (mail($to, $subject, $message, $headers)) {
                    $success = "Registration successful. Please check your email to verify your account.";
                } else {
                    $error = "Error sending verification email. Please try again.";
                }
            } else {
                $error = "Error registering user: " . $conn->error;
            }
        }
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Register - Halloween Forum</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>
    <?php include 'nav.php'; ?>
    <div class="container">
        <h1>Register</h1>
        <?php 
        if (isset($error)) echo "<p class='error'>$error</p>";
        if (isset($success)) echo "<p class='success'>$success</p>";
        ?>
        <form action="register.php" method="post">
            <div>
                <label for="username">Username:</label>
                <input type="text" id="username" name="username" required>
            </div>
            <div>
                <label for="email">Email:</label>
                <input type="email" id="email" name="email" required>
            </div>
            <div>
                <label for="password">Password:</label>
                <input type="password" id="password" name="password" required>
            </div>
            <div>
                <label for="confirm_password">Confirm Password:</label>
                <input type="password" id="confirm_password" name="confirm_password" required>
            </div>
            <button type="submit">Register</button>
        </form>
        <p>Already have an account? <a ="This is setup on my end just changed for this purpose of sharing">Login here</a></p>
    </div>
</body>
</html>


=================

**verify.php** <?php
session_start();
require_once 'db_connect.php';

if (isset($_GET['token'])) {
    $token = $_GET['token'];
    
    $stmt = $conn->prepare("SELECT id FROM users WHERE verification_token = ?");
    $stmt->bind_param("s", $token);
    $stmt->execute();
    $result = $stmt->get_result();
    
    if ($result->num_rows === 1) {
        $user = $result->fetch_assoc();
        
        $stmt = $conn->prepare("UPDATE users SET is_verified = 1, verification_token = NULL WHERE id = ?");
        $stmt->bind_param("i", $user['id']);
        
        if ($stmt->execute()) {
            $success = "Your email has been verified. You can now log in.";
        } else {
            $error = "Error verifying email. Please try again.";
        }
    } else {
        $error = "Invalid verification token.";
    }
} else {
    $error = "No verification token provided.";
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Verify Email - Halloween Forum</title>
    <link ="stylesheet" href="style.css">
</head>
<body>
    <?php include 'nav.php'; ?>
    <div class="container">
        <h1>Email Verification</h1>
        <?php 
        if (isset($error)) echo "<p class='error'>$error</p>";
        if (isset($success)) echo "<p class='success'>$success</p>";
        ?>
        <p><a ="This is setup on my end just changed for this purpose of sharing">Go to Login</a></p>
    </div>
</body>
</html>


==========

**login.php** <?php
session_start();
require_once 'db_connect.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $conn->prepare("SELECT id, username, password, is_verified FROM users WHERE username = ?");
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows == 1) {
        $user = $result->fetch_assoc();
        if (password_verify($password, $user['password'])) {
            if ($user['is_verified'] == 1) {
                $_SESSION['user_id'] = $user['id'];
                $_SESSION['username'] = $user['username'];
                header("Location: index.php");
                exit();
            } else {
                $error = "Please verify your email before logging in.";
            }
        } else {
            $error = "Invalid username or password";
        }
    } else {
        $error = "Invalid username or password";
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login - Halloween Forum</title>
    <link ="stylesheet" href="style.css">
</head>
<body>
    <?php include 'nav.php'; ?>
    <div class="container">
        <h1>Login</h1>
        <?php if (isset($error)) echo "<p class='error'>$error</p>"; ?>
        <form action="login.php" method="post">
            <div>
                <label for="username">Username:</label>
                <input type="text" id="username" name="username" required>
            </div>
            <div>
                <label for="password">Password:</label>
                <input type="password" id="password" name="password" required>
            </div>
            <button type="submit">Login</button>
        </form>
        <p>Don't have an account? <a="This is setup on my end just changed for this purpose of sharing">Register here</a></p>
        <p><a="This is setup on my end just changed for this purpose of sharing">Forgot Password?</a></p>
    </div>
</body>
</html>

but my issue is the fact that registration works it just registers the user but isnt sending an email for email verification before being able to login you can just login rather than being verified.

Use myBB to make a forum, anything else I don’t think forums are allowed/possible.

What do you mean by not allowed/possible i know how to make forums, also are you stating that its against the tos or something?

No, (as to my knowledge) certain forum hosts aren’t allowed to be used with IF hosting. I do not know which ones, but I’m pretty sure discourse isn’t allowed.

Oh lol anyways im making my own so i dont really need help with that XD what is bugging me is the email verification for signing up to my website it has nothing to with the forum yet once i get the verification method fixed i can then implement it for ranks and such on the forums easily

If you take a look here this is all im really working on right now http://thevibezone.rf.gd/login.php

email verification could POSSIBLY be done via smtp

There are no restrictions on what forums you can/can’t host here by the terms. The only thing that is not allowed that is somewhat related is live chats.

You can totally host other forums here, and you can totally build your own.

The PHP mail() function has been disabled here due to abuse.

You can send email via SMTP and a PHP library like PHPMailer.

For starting up, I recommend just using the free SMTP service Google offers with every free Gmail account. Otherwise, you can Google “free SMTP provider” for more options.

3 Likes

I have the smtp with phpmailer setup now however when it is sending an email to the user for verification to the website i am receiving the following error, Error Icon

Message blocked

Your message to [email protected] has been blocked. See technical details below for more information.
[LEARN MORE]

Fix bounced or rejected emails

For a number of reasons, recipients’ email servers can reject emails that you send. Gmail returns a message reflecting the response provided by the recipient’s server.

Below, find common error messages that you might encounter. Understand why your message bounced and how to fix the problem.

Try sending to a different email then the one you have configured.

3 Likes

It is a different email than what is configured.

Also make sure you have enabled two-factor authentication on your Google account and set up an app-specific password and configure it instead of your Google account password on your code (or use XOAUTH2 instead) to make the emails send successfully if you’re using Gmail SMTP.

3 Likes

These are already in place and configured correctly i already have the app password etc setup

Share the code you are using to send the email, hide the app password.

2 Likes

I tried to send and that email does not exist

image

Check, maybe you wrote the email address wrong in the configuration !

5 Likes

Uh thats a fake email lol i changed it to that, it literally states [email protected] to represent a dummy email i dont like sharing my email address but if you would like to send me a test i can private message you or something?

<?php
session_start();
require 'vendor/autoload.php';
require_once 'config.php';
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;

if (!isset($_SESSION['pending_email'])) {
    header("Location: register.php");
    exit;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $email = $_SESSION['pending_email'];
    $username = $_SESSION['pending_username'];
    $verification_token = $_SESSION['verification_token'];

    $mail = new PHPMailer(true);

    try {
        // Server settings
        $mail->SMTPDebug = SMTP::DEBUG_SERVER;
        $mail->isSMTP();
        $mail->Host       = 'smtp.gmail.com';
        $mail->SMTPAuth   = true;
        $mail->Username   = '[email protected]';
        $mail->Password   = 'setuponmyend'; // Replace with your actual app password
        $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
        $mail->Port       = 587;

        // Disable SSL certificate verification (use with caution)
        $mail->SMTPOptions = array(
            'ssl' => array(
                'verify_peer' => false,
                'verify_peer_name' => false,
                'allow_self_signed' => true
            )
        );

        // Recipients
        $mail->setFrom('[email protected]', 'The Vibe Zone Gaming');
        $mail->addAddress($email, $username);

        // Content
        $mail->isHTML(true);
        $mail->Subject = 'Verify your Vibe Zone account - ' . getCurrentFormattedDate();
        $verification_link = "https://thevibezone.rf.gd/verify.php?token=" . $verification_token;
        $mail->Body    = "
        <html>
        <body>
            <h2>Welcome to The Vibe Zone!</h2>
            <p>Thank you for registering. To complete your registration, please verify your email address by clicking the link below:</p>
            <p><a href='$verification_link'>Verify Your Email</a></p>
            <p>If the above link doesn't work, copy and paste this URL into your browser:</p>
            <p>$verification_link</p>
            <p>If you didn't register for The Vibe Zone, please ignore this email.</p>
            <p>Best regards,<br>The Vibe Zone Gaming Team</p>
        </body>
        </html>
        ";
        $mail->AltBody = "Welcome to The Vibe Zone!\n\nTo verify your email, please visit this link: $verification_link\n\nIf you didn't register for The Vibe Zone Gaming, please ignore this email.\n\nBest regards,\nThe Vibe Zone Gaming Team";

        $mail->send();
        $success = "Verification email sent. Please check your inbox and spam folder.";

        // Clear session variables
        unset($_SESSION['pending_email']);
        unset($_SESSION['pending_username']);
        unset($_SESSION['verification_token']);
    } catch (Exception $e) {
        $error = "Error sending verification email. Please try again. Mailer Error: {$mail->ErrorInfo}";
        error_log(getCurrentFormattedDate() . " - Failed to send email to $email. Error: " . $mail->ErrorInfo);
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Confirm Email - The Vibe Zone</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>
    <?php include 'nav.php'; ?>
    <div class="container">
        <h1>Confirm Your Email</h1>
        <?php 
        if (isset($error)) echo "<p class='error'>$error</p>";
        if (isset($success)) echo "<p class='success'>$success</p>";
        ?>
        <p>We're about to send a verification email to: <?php echo htmlspecialchars($_SESSION['pending_email']); ?></p>
        <form method="post">
            <button type="submit">Send Verification Email</button>
        </form>
    </div>
</body>
</html>

No need, I see it in your code

btw. Google Transparency Report



after http://thevibezone.rf.gd/register.php leads here


and there it is already visible that your code has crashed (E500)




also


4 Likes