email activation for registration form

Question

i have registration form and i want user must be activated their email once user activated their then user can login in the their account else user can't be login?

Problem

The problem is that the users can login without email activation?

Code

$email2=$_POST['email'];
$querycheck=mysql_query("select activation from students 
                         where semail='$email2'") or die ("Query Activated Problem");
$rowcheck=mysql_fetch_array($querycheck);
$act=$rowcheck['activation'];

if($act=='activated')
  {

    $email=$_POST['email'];
    $password=$_POST['password'];
    $email = stripslashes($email);
    $password= stripslashes($password);
    $email = mysql_real_escape_string($email);
    $password = mysql_real_escape_string($password);

    $querymysql=mysql_query("select * from students where semail='$email'
                             and spassword='$password'  ") or die ("query problem");
    $row=mysql_fetch_array($querymysql);


    if($row)
      {

        session_register("email");
        session_register("password"); 

        header('Location:index.php');   
      }
    else {
      $message="Please Check Your Login Details";   
      header('Location:login.php?login_error='.$message.'');    
    }

  }
else if($act=='')
  {
    $actmsg="Your Email Is Not Activated Yet";  
    header('Location:login.php?actmsg='.$actmsg.'');        
  }

Answer 1

session_register : This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

Use $_SESSION directly to set variables.

Answer 2

Double check your activation field in the students table. Then, lets convert your code from MySQL to MySQLi. MySQL is already deprecated.

/* ESTABLISH CONNECTION FIRST */

<?php

$connection=mysqli_connect("YourHost","YourUsername","YourPassword","DatabaseName");

if(mysqli_connect_errno()){

echo "Error".mysqli_connect_error();
}

$email2=mysqli_real_escape_string($con,$_POST['email']); /* LETS USE REAL ESCAPE STRING TO PREVENT A BIT OF SQL INJECTION */
$querycheck=mysqli_query($connection,"SELECT activation FROM students 
                         WHERE semail='$email2'");
while($rowcheck=mysqli_fetch_array($querycheck)){
$act=$rowcheck['activation'];
}

if($act=='activated')
{    
    $email=$_POST['email'];
    $password=$_POST['password'];
    $email = stripslashes($email);
    $password= stripslashes($password);
    $email = mysqli_real_escape_string($email);
    $password = mysqli_real_escape_string($password);

    $querymysql=mysqli_query("SELECT * FROM students WHERE semail='$email'
                             and spassword='$password'");
    $row=mysqli_num_rows($querymysql); /* I CHANGED THIS PART OF YOUR CODE */

    if($row!=0) /* SO THIS CONDITION ALSO CHANGES */
      {    
        session_register("email");
        session_register("password"); 

        header('Location:index.php');   
      }

    else {
      $message="Please Check Your Login Details";   
      header('Location:login.php?login_error='.$message.'');    
    }

}

else if($act=='')
  {
    $actmsg="Your Email Is Not Activated Yet";  
    header('Location:login.php?actmsg='.$actmsg.'');        
  }

?>

Answer 3

Add a field tinyint field called activated. Then change your select to select * from students where semail='$email' and spassword='$password' " and activated=1

You activate link should set activated to 1 for the user.