i wrote an email activation script, but getting blank page...so close...

[drbyday]

i wrote an email activation script, but getting blank page...so close...

I think it has to do with passing the $_GET variables and zencart is cleaning it up or blocking it thinking it is malicious or something.

I created a page using Define Generator v0.1 (not sure if that is the problem) and this is my header_php.php file.

Any ideas?

PHP Code:

<?php
/**
* @package page
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: Define Generator v0.1 $
*/

// DEFINTELY DON'T EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
    // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started)
if ($session_started == false) {
  zen_redirect(zen_href_link(FILENAME_COOKIE_USAGE));
}

// if the customer is logged in already, redirect them to the My account page
if (isset($_SESSION['customer_id']) and $_SESSION['customer_id'] != '') {
  zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
}

    $_SESSION['navigation']->remove_current_page();
    require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php'));

    // include template specific file name defines
    $define_page = zen_get_file_directory(DIR_WS_LANGUAGES . $_SESSION['language'] . '/html_includes/', FILENAME_DEFINE_ACTIVATION_EMAIL, 'false');
    $breadcrumb->add(NAVBAR_TITLE);
    
        ### START MANUAL EDIT ###
        if (!isset($_POST['action'])) {

    if( isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']) ) {
        // Verify data
        $email = zen_db_prepare_input($_GET['email']); // Set email variable
        $hash = zen_db_prepare_input($_GET['hash']); // Set hash variable
        
        global $db;
        $sql = "SELECT customers_email_address, customers_hash, customers_authorization FROM zen_customers WHERE customers_email_address=:email: AND customers_hash=:hash:";
        $sql = $db->bindVars($sql, ':email:', $email, 'string');
        $sql = $db->bindVars($sql, ':hash:', $hash, 'string');
        $result = $db->Execute($sql);
        
        if ( $result->RecordCount() > 0 && $result->fields['customers_authorization'] == '1' ) { 
            // We have a match, activate the account
            $sql = "UPDATE zen_customers SET customers_authorization='0' WHERE customers_email_address=:email: AND customers_hash=:hash: AND customers_authorization='1'";
            $sql = $db->bindVars($sql, ':email:', $email, 'string');
            $sql = $db->bindVars($sql, ':hash:', $hash, 'string');
            $result = $db->Execute($sql);
            echo '<div style="color: #4F8A10; background-color: #DFF2BF; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">Your account has been activated, you can now <a href="index.php?main_page=login">login</a>.</div>';
        }
        elseif ($result->RecordCount() > 0 && $result->fields['customers_authorization'] == '0') {
            // Found email, but account is already at 0 or activated
            echo '<div style="color: #9F6000; background-color: #FEEFB3; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">This account has already been activated. Please try <a href="index.php?main_page=login">loggin in</a>.</div>';
        }
        elseif ($result->RecordCount() <= 0) {
            // No account found
            echo '<div style="color: #9F6000; background-color: #FEEFB3; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">There was no match for that email and hash combination. Please use the link that has been sent to your email.<br /><br />If you continue to experience issues, try using the "Re-Send Activation Email" form below. Please add <strong>[email protected]</strong> to your email address book in order to guarantee the delivery of our emails to your inbox. Check your Spam, Junk and Trash folder!</div>';
        }
        else {
            // Something went wrong
            echo '<div style="color: #9F6000; background-color: #FEEFB3; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">Oops! Something went wrong. Please use the link that has been sent to your email.<br /><br />If you continue to experience issues, try using the "Re-Send Activation Email" form below. Please add <strong>[email protected]</strong> to your email address book in order to guarantee the delivery of our emails to your inbox. Check your Spam, Junk and Trash folder!.</div>';
        }
    }
    else {
    // Invalid approach
    echo '<div style="border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px; color: #D8000C; background-color: #FFBABA;">Invalid approach, please use the link that has been sent to your email.<br /><br />If you continue to experience issues, try using the "Re-Send Activation Email" form below. Please add <strong>[email protected]</strong> to your email address book in order to guarantee the delivery of our emails to your inbox. Check your Spam, Junk and Trash folder!</div>';
    }
}

$errors = array();

#if resend validation email has been sent...
if (isset($_POST['action']) && ($_POST['action'] == 'send')) {

    $email = zen_db_prepare_input($_POST['email']);
    
    #validate email
    if(empty($email)) {
    $errors[] = "Please enter your email";
    }
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $errors[] = "Please enter your email in a valid email format";
    }
    
    #no errors..
    if (count($errors) == 0) {
        
        global $db;
        $sql = "SELECT customers_email_address, customers_hash, customers_authorization FROM zen_customers WHERE customers_email_address=:email:";
        $sql = $db->bindVars($sql, ':email:', $email, 'string');
        $result = $db->Execute($sql);
        
        // if customer found and account is disabled (red)
        if ( $result->RecordCount() > 0 && $result->fields['customers_authorization'] == '1' ) {
            
            ## SEND VERIFICATION EMAIL
            $to      = $result->fields['customers_email_address']; // Send email to our user
            $subject = 'Signup | Verification'; // Give the email a subject
            $message = '
            Thanks for signing up!
            Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.
            ------------------------
            Username: '.$result->fields['customers_email_address'].'
            ------------------------
            Please click this link to activate your account:
            https://www.domain.com/index.php?main_page=activation_email&action=verify&email='.$result->fields['customers_email_address'].'&hash='.$result->fields['customers_hash'].'
            If you forgot your password, click this link to reset your password:
            https://www.domain.com/index.php?main_page=password_forgotten
            '; // Our message above including the link
            $headers = 'From:[email protected]' . "\r\n"; // Set from headers
            mail($to, $subject, $message, $headers); // Send our email
            // Success Msg
            echo '<div style="color: #4F8A10; background-color: #DFF2BF; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">Verification Email Sent! Please add <strong>[email protected]</strong> to your email address book in order to guarantee the delivery of our emails to your inbox. Check your Spam, Junk and Trash folder!</div>';
        }
        elseif ($result->RecordCount() > 0 && $result->fields['customers_authorization'] == '0') {
        // Found email, but account is already at 0 or activated
            echo '<div style="color: #9F6000; background-color: #FEEFB3; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">This account has already been activated. Please try <a href="index.php?main_page=login">loggin in</a>.</div>';
        }
        elseif ($result->RecordCount() <= 0) {
        // No account found
            echo '<div style="color: #9F6000; background-color: #FEEFB3; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">The email was not found. Please <a href="index.php?main_page=login">register</a>.</div>';
        }
        else {
        // Something went wrong
            echo '<div style="color: #9F6000; background-color: #FEEFB3; border: 1px solid; margin: 10px 0px; padding:15px 10px 15px 10px;">Oops! Something went wrong. Please use the link that has been sent to your email.<br /><br />If you continue to experience issues, try using the "Re-Send Activation Email" form. Please add <strong>[email protected]</strong> to your email address book in order to guarantee the delivery of our emails to your inbox. Check your Spam, Junk and Trash folder!</div>';
        }
    }
}
# Display error conditions, if there are any
if (count($errors) > 0) {
    echo '<div style="border: 1px solid; margin: 10px 0px; padding:5px; color: #D8000C; background-color: #FFBABA;">The following errors must be corrected:<ul><li>';
    echo implode("</li><li>", $errors);
    echo "</ul></div>";
}
?>

[DrByte]

- What kind of blank page are you getting? Is it triggering a 406 error response? Or a 200 response?
- Is any PHP error being logged? http://www.zen-cart.com/content.php?124-blank-page
- How long is your customers_hash? Can you make it less than 40 characters so it doesn't get trapped in sanitizers?
- Is your hosting company's webserver croaking because you're passing an email address as a GET parameter? Some will prevent that because spammers often use that maliciously.
- Is it really even necessary to send the email address at all? Why not just use the hash alone? Isn't it unique enough to prevent misuse and duplication?

FYI, "loggin in" should probably really be "logging in".

I also recommend using the TABLE_CUSTOMERS syntax instead of hard-coding tablenames as "zen_customers", since the "zen_" prefix isn't used by everyone. Of course, if you're not sharing then I suppose it's moot. But why not share? :)