CODEWITHSUNDEEP
phpwordpressconfirmationemail-confirmation
User014019
User014019

Reputation: 1247

Email confirmation link not working in PHP

I'm working on a custom page template with email confirmation. Everything works fine except when I click the link in the email, it gives me "page not found".

What's the problem in the PHP scripts?

Here's the snippet:

ob_start();
$email= '';

if(isset($_POST['submit'])){
if(!($_POST['subscriptions']=="")){
    $email= isset($_POST['subscriptions']) ? $_POST['subscriptions'] : '';

function encryptLink($stringValue){
    $key = "12345";
    $qryStr = "subscriptions=".$stringValue;
    $query = base64_encode(urlencode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $qryStr, MCRYPT_MODE_CBC, md5(md5($key)))));
    $link = 'www.example.com/testEnvironment/confirmation/'.$query;

    return $link;
    }
    $string = $email;
    $pagelink = encryptLink($string);

    //Email Details
    $mail_to = $email;
    $from_mail = "[email protected]";
    $from_name = "";
    $reply_to = "";
    $subject = "Confirmation";
    $message_body =
'Hey,

<span style="overflow-wrap: break-word; word-wrap: break-word;">'.$pagelink.'</span>';

    //Generate a boundary
    $boundary = md5(uniqid(time()));

    //Email Header
    $header = "From: ".$from_mail." \r\n";
    $header .= "Reply-To: ".$reply_to."\r\n";
    $header .= "MIME-Version: 1.0\r\n";
    $header .= "Content-Type: multipart/mixed;\r\n";
    $header .= " boundary=\"".$boundary."\"";

    //Multipart wraps the Email Content
    $message_body .= "\r\n\r\n";
    $message_body  .= "--".$boundary."\r\n";
    $message_body  .= "Content-Type: text/html; charset=\"iso-8859-1\"\r\n";
    $message_body .= "Content-Transfer-Encoding: 7bit\r\n";
    $message_body  .= "\r\n";
    $message_body .= "$message_body\r\n";
    $message_body .= "--".$boundary."\r\n";

        //Send email
        if (mail($mail_to, $subject, $message_body, $header)){
            echo "Sent";
        } else {
            echo "Error";
        }
    }
}

Confirmation page PHP snippet:

$key = "12345";

$queryString = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), urldecode(base64_decode($_SERVER['QUERY_STRING'])), MCRYPT_MODE_CBC, md5(md5($key))), "\0");

parse_str($queryString);

if(!empty($stringValue)){
  echo $stringValue;
} else{
  exit("Invalid parameters passed");
}

Upvotes: 1

Views: 273

Answers (2)

Professor Abronsius
Professor Abronsius

Reputation: 33813

I think the issue is that you are using a link for which the server is unprepared - the base64 encoded string appears to be a page or directory in the url generated and as it is random will not exist - hence the need for a rewrite rule and associated logic in php.

In the htaccess file perhaps a rule like this:

RewriteEngine On
RewriteBase /testEnvironment/   
RewriteRule ^confirmation/([a-zA-Z0-9_-]+)$ confirmation/index.php?data=$1 [NC,L]
/* this will need to be adjusted to your url - is it simply confirmation.php or other? */

Notice data!

<?php
    if( $_SERVER['REQUEST_METHOD']=='GET' && isset( $_GET['data'] ) ){

        $data=$_GET['data'];
        $key = "12345";


        $queryString = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $key ), urldecode( base64_decode( $data ) ), MCRYPT_MODE_CBC, md5( md5( $key ) ) ), "\0");


        /* there is no return value from parse_str() so you would need to manually retrieve the variables to find `subscriptions` */
        parse_str( $queryString );


        /* does this show anything ? */
        print_r( $queryString );


        /*
        if(!empty( $stringValue )){
          print_r( $stringValue );
        } else{
          exit("Invalid parameters passed");
        }
        */          
    }
?>


My test environment
-------------------

## .htaccess ##
RewriteEngine On
RewriteBase /
RewriteRule ^stackconfirm/([a-zA-Z0-9_-]+)(/)?$ /test/stackconfirm.php?data=$1 [NC,L]



/* PHP script to generate email and confirmation link*/

function encryptLink( $stringValue ){
    $key = "12345";
    $qryStr = "subscriptions=".$stringValue;
    $query = base64_encode( urlencode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( $key ), $qryStr, MCRYPT_MODE_CBC, md5( md5( $key ) ) ) ) );

    /* for my test I changed this portion to match url structure on test server */
    $link = '/stackconfirm/'.$query;
    return $link;
}


$link=encryptLink('[email protected]');
echo "<a href='$link'>Click here to confirm membership</a>";



stackconfirm.php
----------------

<?php
    if( $_SERVER['REQUEST_METHOD']=='GET' && isset( $_GET['data'] ) ){

        $data=$_GET['data'];
        $key = "12345";

        $queryString = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $key ), urldecode( base64_decode( $data ) ), MCRYPT_MODE_CBC, md5( md5( $key ) ) ), "\0");

        echo '<pre>', $data, PHP_EOL, print_r( $queryString,true ), '</pre>';
    }
?>


Result
------
[email protected]

Upvotes: 1

user1436631
user1436631

Reputation:

You are concatenating your key with the confirmation url directly. It will always lead to a 404 error page because the link doesn't exists. Instead you can get the query via get request and process it in the confirmation script as follows.

$link = 'www.example.com/confirmation/?key='.$query;

In the confirmation script get the query via get method as follows.

$key=$_GET['key'];

Let the original key will be stored as $original_key=12345; Now check whether the passed key is similar to the original key as

if($key==$original_key)
{
//confirm e-mail
}
else
{
//invalid key
}

Upvotes: 0

Related Questions