Ckeck if user email is listed in database

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Post Reply
Dlan
Registered User
Posts: 17
Joined: Tue Apr 17, 2018 1:25 pm

Ckeck if user email is listed in database

Post by Dlan » Fri May 11, 2018 1:56 am

I’m not sure if I’m posting this to the correct place or not, but here it is..

I’ve been using a simple membership on my site for years. I’ve just installed BB3. I’m slowly moving everyone over to BB membership. I’m looking to set it up so once people have logged in to BB they will be able to use rest of the site as before. I think I’ve most of it figured out but I’m getting stuck on checking if their email is in the BB database.

This is what I have, but it ‘just did not work’. Could someone tell me what is wrong

Code: Select all

con_db_BB3.php:
$con = mysqli_connect($dbhost, $dbusername, $dbpasswd, $db_name) or die("Couldn't connect to data base in con_db_BB3");
-----
include 'inc/con_db_BB3.php';

if (isset($_POST['email_address']))    
{    
$email_address = $_POST['email_address'];              
}  
if(!$email_address)
{
	echo "<h2 align=\"center\">Please enter your email address </h2><br>";
	exit();
}

 if (!$con) {
  	die("Connection failed : " . mysqli_error());
 }

  
$query = mysqli_query($con, "SELECT *  FROM phpbb_users WHERE user_email = ' $email_address ' ") or die ("just did not work <br>" . mysqli_error($con));
  
 if(mysqli_num_rows($query) > 0)
 {
    echo "email  exists";
	$MEMB = 1;  //is member
}else{ 
 	echo "cant find email ";
 	$MEMB = 0;  //is not member
} 
 exit();  
 ?> 
Thanks in advance, Don..

[Spam link removed]
Last edited by Mick on Fri May 11, 2018 9:42 am, edited 1 time in total.

User avatar
kinerity
Community Team Member
Community Team Member
Posts: 1751
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: Ckeck if user email is listed in database

Post by kinerity » Fri May 11, 2018 3:35 am

Maybe this?

Code: Select all

mysqli_query($con, "SELECT * FROM phpbb_users WHERE user_email = '$email_address'") or die ("just did not work <br>" . mysqli_error($con));
Kailey Truscott - Community Team

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 24493
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Ckeck if user email is listed in database

Post by Paul » Fri May 11, 2018 7:02 am

please make sure to escape $email_address as this script is curdently vulnarble to sql injection.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
AmigoJack
Registered User
Posts: 5263
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Ckeck if user email is listed in database

Post by AmigoJack » Fri May 11, 2018 7:43 am

Dlan wrote:
Fri May 11, 2018 1:56 am

Code: Select all

' $email_address '
E-mail addresses are never stored with a leading and a trailing space - remove them and be aware of user input like

Code: Select all

'; DROP DATABASE;'
The worst thing about censorship is ███████████

Dlan
Registered User
Posts: 17
Joined: Tue Apr 17, 2018 1:25 pm

Re: Ckeck if user email is listed in database

Post by Dlan » Fri May 11, 2018 1:08 pm

Yep, that fixed it..
Thanks for your help

Don...

Post Reply

Return to “phpBB Custom Coding”

Who is online

Users browsing this forum: No registered users and 2 guests