So i am trying to make my own way for email verification so that users have to verify their email to be able to finish the registration process and i cant quite seem to get it to work in which it will use my websites url in sending the email and such. If further info is needed please let me know
**Register.php** <?php
session_start();
require_once 'db_connect.php';
// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
// Validate input
if (empty($username) || empty($email) || empty($password) || empty($confirm_password)) {
$error = "All fields are required.";
} elseif ($password !== $confirm_password) {
$error = "Passwords do not match.";
} else {
// Check if username or email already exists
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error = "Username or email already exists.";
} else {
// Hash the password
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Generate verification token
$verification_token = bin2hex(random_bytes(16));
// Insert new user
$stmt = $conn->prepare("INSERT INTO users (username, email, password, verification_token, is_verified) VALUES (?, ?, ?, ?, 0)");
$stmt->bind_param("ssss", $username, $email, $hashed_password, $verification_token);
if ($stmt->execute()) {
// Send verification email
$to = $email;
$subject = "Verify your email for Halloween Forum";
$verification_link = "This is setup on my end just changed for this purpose of sharing $verification_token;
$message = "Click the following link to verify your email: $verification_link";
$headers = "From: This is setup on my end just changed for this purpose of sharing";
if (mail($to, $subject, $message, $headers)) {
$success = "Registration successful. Please check your email to verify your account.";
} else {
$error = "Error sending verification email. Please try again.";
}
} else {
$error = "Error registering user: " . $conn->error;
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Register - Halloween Forum</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<?php include 'nav.php'; ?>
<div class="container">
<h1>Register</h1>
<?php
if (isset($error)) echo "<p class='error'>$error</p>";
if (isset($success)) echo "<p class='success'>$success</p>";
?>
<form action="register.php" method="post">
<div>
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div>
<label for="email">Email:</label>
<input type="email" id="email" name="email" required>
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<div>
<label for="confirm_password">Confirm Password:</label>
<input type="password" id="confirm_password" name="confirm_password" required>
</div>
<button type="submit">Register</button>
</form>
<p>Already have an account? <a ="This is setup on my end just changed for this purpose of sharing">Login here</a></p>
</div>
</body>
</html>
=================
**verify.php** <?php
session_start();
require_once 'db_connect.php';
if (isset($_GET['token'])) {
$token = $_GET['token'];
$stmt = $conn->prepare("SELECT id FROM users WHERE verification_token = ?");
$stmt->bind_param("s", $token);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 1) {
$user = $result->fetch_assoc();
$stmt = $conn->prepare("UPDATE users SET is_verified = 1, verification_token = NULL WHERE id = ?");
$stmt->bind_param("i", $user['id']);
if ($stmt->execute()) {
$success = "Your email has been verified. You can now log in.";
} else {
$error = "Error verifying email. Please try again.";
}
} else {
$error = "Invalid verification token.";
}
} else {
$error = "No verification token provided.";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Verify Email - Halloween Forum</title>
<link ="stylesheet" href="style.css">
</head>
<body>
<?php include 'nav.php'; ?>
<div class="container">
<h1>Email Verification</h1>
<?php
if (isset($error)) echo "<p class='error'>$error</p>";
if (isset($success)) echo "<p class='success'>$success</p>";
?>
<p><a ="This is setup on my end just changed for this purpose of sharing">Go to Login</a></p>
</div>
</body>
</html>
==========
**login.php** <?php
session_start();
require_once 'db_connect.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $conn->prepare("SELECT id, username, password, is_verified FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
if (password_verify($password, $user['password'])) {
if ($user['is_verified'] == 1) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
header("Location: index.php");
exit();
} else {
$error = "Please verify your email before logging in.";
}
} else {
$error = "Invalid username or password";
}
} else {
$error = "Invalid username or password";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - Halloween Forum</title>
<link ="stylesheet" href="style.css">
</head>
<body>
<?php include 'nav.php'; ?>
<div class="container">
<h1>Login</h1>
<?php if (isset($error)) echo "<p class='error'>$error</p>"; ?>
<form action="login.php" method="post">
<div>
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit">Login</button>
</form>
<p>Don't have an account? <a="This is setup on my end just changed for this purpose of sharing">Register here</a></p>
<p><a="This is setup on my end just changed for this purpose of sharing">Forgot Password?</a></p>
</div>
</body>
</html>
but my issue is the fact that registration works it just registers the user but isnt sending an email for email verification before being able to login you can just login rather than being verified.
No, (as to my knowledge) certain forum hosts aren’t allowed to be used with IF hosting. I do not know which ones, but I’m pretty sure discourse isn’t allowed.
Oh lol anyways im making my own so i dont really need help with that XD what is bugging me is the email verification for signing up to my website it has nothing to with the forum yet once i get the verification method fixed i can then implement it for ranks and such on the forums easily
There are no restrictions on what forums you can/can’t host here by the terms. The only thing that is not allowed that is somewhat related is live chats.
You can totally host other forums here, and you can totally build your own.
The PHP mail() function has been disabled here due to abuse.
You can send email via SMTP and a PHP library like PHPMailer.
For starting up, I recommend just using the free SMTP service Google offers with every free Gmail account. Otherwise, you can Google “free SMTP provider” for more options.
I have the smtp with phpmailer setup now however when it is sending an email to the user for verification to the website i am receiving the following error,
Message blocked
Your message to [email protected] has been blocked. See technical details below for more information.
[LEARN MORE]
Fix bounced or rejected emails
For a number of reasons, recipients’ email servers can reject emails that you send. Gmail returns a message reflecting the response provided by the recipient’s server.
Below, find common error messages that you might encounter. Understand why your message bounced and how to fix the problem.
Also make sure you have enabled two-factor authentication on your Google account and set up an app-specific password and configure it instead of your Google account password on your code (or use XOAUTH2 instead) to make the emails send successfully if you’re using Gmail SMTP.
Uh thats a fake email lol i changed it to that, it literally states [email protected] to represent a dummy email i dont like sharing my email address but if you would like to send me a test i can private message you or something?