Sign Up Form and Email Activation from developPHP.com tutorial

Question

I am following Adam Khoury's "How to Build a Social Network Website" tutorial, and I am on lesson 6, "Sign Up Form and Email Activation PHP MySQL JavaScript Programming Tutorial".

Lesson and Code here: http://www.developphp.com/view.php?tid=1294

After completing this lesson, I have a new user sign up form, but I am experiencing two issues.

1. The form says the sign up is successful, it displays the proper confirmation message "OK TestUser, check your email inbox and junk mail box at whatever@gmail.com in a moment to complete the sign up process by activating your account. You will not be able to do anything on the site until you successfully activate your account.", however the user's details are not entered into the User database table where it should go.

2. A confirmation email is not sent to the user's inbox (or junk mail for that matter)

I am using bluehost.com as my server, and I have created the proper email address at bluehost (email address has been changed to "auto_responder@myserver.com" in the code below for privacy reasons).

This is my signup.php file:

<?php session_start();
// If user is logged in, header them away
if(isset($_SESSION["username"])){
    header("location: message.php?msg=NO to that weenis");
    exit();
}
?><?php if(isset($_POST["usernamecheck"])){
    include_once("php_includes/db_conx.php");
    $username = preg_replace('#[^a-z0-9]#i', '', $_POST['usernamecheck']);
    $sql = "SELECT id FROM users WHERE username='$username' LIMIT 1";
    $query = mysqli_query($db_conx, $sql); 
    $uname_check = mysqli_num_rows($query);
    if (strlen($username) < 3 || strlen($username) > 16) {
        echo '<strong style="color:#F00;">3 - 16 characters please</strong>';
        exit();
    }
    if (is_numeric($username[0])) {
        echo '<strong style="color:#F00;">Usernames must begin with a letter</strong>';
        exit();
    }
    if ($uname_check < 1) {
        echo '<strong style="color:#009900;">' . $username . ' is OK</strong>';
        exit();
    } else {
        echo '<strong style="color:#F00;">' . $username . ' is taken</strong>';
        exit();
    }
}
?><?php if(isset($_POST["u"])){
    // CONNECT TO THE DATABASE
    include_once("php_includes/db_conx.php");
    // GATHER THE POSTED DATA INTO LOCAL VARIABLES
    $u = preg_replace('#[^a-z0-9]#i', '', $_POST['u']);
    $e = mysqli_real_escape_string($db_conx, $_POST['e']);
    $p = $_POST['p'];
    $g = preg_replace('#[^a-z]#', '', $_POST['g']);
    $c = preg_replace('#[^a-z ]#i', '', $_POST['c']);
    // GET USER IP ADDRESS
    $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
    // DUPLICATE DATA CHECKS FOR USERNAME AND EMAIL
    $sql = "SELECT id FROM users WHERE username='$u' LIMIT 1";
    $query = mysqli_query($db_conx, $sql); 
    $u_check = mysqli_num_rows($query);
    // -------------------------------------------
    $sql = "SELECT id FROM users WHERE email='$e' LIMIT 1";
    $query = mysqli_query($db_conx, $sql); 
    $e_check = mysqli_num_rows($query);
    // FORM DATA ERROR HANDLING
    if($u == "" || $e == "" || $p == "" || $g == "" || $c == ""){
        echo "The form submission is missing values.";
        exit();
    } else if ($u_check > 0){ 
        echo "The username you entered is alreay taken";
        exit();
    } else if ($e_check > 0){ 
        echo "That email address is already in use in the system";
        exit();
    } else if (strlen($u) < 3 || strlen($u) > 16) {
        echo "Username must be between 3 and 16 characters";
        exit(); 
    } else if (is_numeric($u[0])) {
        echo 'Username cannot begin with a number';
        exit();
    } else {
    // END FORM DATA ERROR HANDLING
        // Begin Insertion of data into the database
        // Hash the password and apply your own mysterious unique salt

        /*$cryptpass = crypt($p);
        include_once ("php_includes/randStrGen.php");
        $p_hash = randStrGen(20)."$cryptpass".randStrGen(20);*/
        $p_hash = md5($p);//CHANGE THIS!!!!!

        // Add user info into the database table for the main site table
        $sql = "INSERT INTO users (username, email, password, gender, country, ip, signup, lastlogin, notescheck)       
                VALUES('$u','$e','$p_hash','$g','$c','$ip',now(),now(),now())";
        $query = mysqli_query($db_conx, $sql); 
        $uid = mysqli_insert_id($db_conx);
        // Establish their row in the useroptions table
        $sql = "INSERT INTO useroptions (id, username, background) VALUES ('$uid','$u','original')";
        $query = mysqli_query($db_conx, $sql);
        // Create directory(folder) to hold each user's files(pics, MP3s, etc.)
        if (!file_exists("user/$u")) {
            mkdir("user/$u", 0755);
        }
        // Email the user their activation link
        $to = "$e";                          
        $from = "auto_responder@myserver.com";
        $subject = 'yoursitename Account Activation';
        $message = '<!DOCTYPE html><html><head><meta charset="UTF-8"><title>yoursitename Message</title></head><body style="margin:0px; font-family:Tahoma, Geneva, sans-serif;"><div style="padding:10px; background:#333; font-size:24px; color:#CCC;"><a href="http://www.yoursitename.com"><img src="http://www.yoursitename.com/images/logo.png" width="36" height="30" alt="yoursitename" style="border:none; float:left;"></a>yoursitename Account Activation</div><div style="padding:24px; font-size:17px;">Hello '.$u.',<br /><br />Click the link below to activate your account when ready:<br /><br /><a href="http://www.yoursitename.com/activation.php?id='.$uid.'&u='.$u.'&e='.$e.'&p='.$p_hash.'">Click here to activate your account now</a><br /><br />Login after successful activation using your:<br />* E-mail Address: <b>'.$e.'</b></div></body></html>';
        $headers = "From: $from\n";
        $headers .= "MIME-Version: 1.0\n";
        $headers .= "Content-type: text/html; charset=iso-8859-1\n";
        mail($to, $subject, $message, $headers);
        echo "signup_success";
        exit();
    }
    exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="style/style.css">
<style type="text/css">
#signupform{
    margin-top:24px;    
}
#signupform > div {
    margin-top: 12px;   
}
#signupform > input,select {
    width: 200px;
    padding: 3px;
    background: #F3F9DD;
}
#signupbtn {
    font-size:18px;
    padding: 12px;
}
#terms {
    border:#CCC 1px solid;
    background: #F5F5F5;
    padding: 12px;
}
</style>
<script src="js/main.js"></script>
<script src="js/ajax.js"></script>
<script>
function restrict(elem){
    var tf = _(elem);
    var rx = new RegExp;
    if(elem == "email"){
        rx = /[' "]/gi;
    } else if(elem == "username"){
        rx = /[^a-z0-9]/gi;
    }
    tf.value = tf.value.replace(rx, "");
}
function emptyElement(x){
    _(x).innerHTML = "";
}
function checkusername(){
    var u = _("username").value;
    if(u != ""){
        _("unamestatus").innerHTML = 'checking ...';
        var ajax = ajaxObj("POST", "signup.php");
        ajax.onreadystatechange = function() {
            if(ajaxReturn(ajax) == true) {
                _("unamestatus").innerHTML = ajax.responseText;
            }
        }
        ajax.send("usernamecheck="+u);
    }
}
function signup(){
    var u = _("username").value;
    var e = _("email").value;
    var p1 = _("pass1").value;
    var p2 = _("pass2").value;
    var c = _("country").value;
    var g = _("gender").value;
    var status = _("status");
    if(u == "" || e == "" || p1 == "" || p2 == "" || c == "" || g == ""){
        status.innerHTML = "Fill out all of the form data";
    } else if(p1 != p2){
        status.innerHTML = "Your password fields do not match";
    } else if( _("terms").style.display == "none"){
        status.innerHTML = "Please view the terms of use";
    } else {
        _("signupbtn").style.display = "none";
        status.innerHTML = 'please wait ...';
        var ajax = ajaxObj("POST", "signup.php");
        ajax.onreadystatechange = function() {
            if(ajaxReturn(ajax) == true) {
                if(ajax.responseText.replace(/^\s+|\s+$/g, "") == "signup_success"){
                    status.innerHTML = ajax.responseText;
                    _("signupbtn").style.display = "block";
                } else {
                    window.scrollTo(0,0);
                    _("signupform").innerHTML = "OK "+u+", check your email inbox and junk mail box at <u>"+e+"</u> in a moment to complete the sign up process by activating your account. You will not be able to do anything on the site until you successfully activate your account.";
                }
            }
        }
        ajax.send("u="+u+"&e="+e+"&p="+p1+"&c="+c+"&g="+g);
    }
}
function openTerms(){
    _("terms").style.display = "block";
    emptyElement("status");
}
/* function addEvents(){
    _("elemID").addEventListener("click", func, false);
}
window.onload = addEvents; */
</script>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
  <h3>Sign Up Here</h3>
  <form name="signupform" id="signupform" onSubmit="return false;">
    <div>Username: </div>
    <input id="username" type="text" onBlur="checkusername()" onKeyUp="restrict('username')" maxlength="16">
    <span id="unamestatus"></span>
    <div>Email Address:</div>
    <input id="email" type="text" onFocus="emptyElement('status')" onKeyUp="restrict('email')" maxlength="88">
    <div>Create Password:</div>
    <input id="pass1" type="password" onFocus="emptyElement('status')" maxlength="16">
    <div>Confirm Password:</div>
    <input id="pass2" type="password" onFocus="emptyElement('status')" maxlength="16">
    <div>Gender:</div>
    <select id="gender" onFocus="emptyElement('status')">
      <option value=""></option>
      <option value="m">Male</option>
      <option value="f">Female</option>
    </select>
    <div>Country:</div>
    <select id="country" onFocus="emptyElement('status')">
      <?php include_once("template_country_list.php"); ?>
    </select>
    <div>
      <a href="#" onClick="return false" onMouseDown="openTerms()">
        View the Terms Of Use
      </a>
    </div>
    <div id="terms" style="display:none;">
      <h3>Web Intersect Terms Of Use</h3>
      <p>1. Play nice here.</p>
      <p>2. Take a bath before you visit.</p>
      <p>3. Brush your teeth before bed.</p>
    </div>
    <br /><br />
    <button id="signupbtn" onClick="signup()">Create Account</button>
    <span id="status"></span>
  </form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>

Answer 1

You should not rely on Adam Khoury's "How To Build a Social Networks" tutorial.
Half the code's just outdated, and not reliable. Too many SQL Injections can be done from that source. But the Ajax tutorials are pretty good and reliable too. It's a great way to start, BUT it should NOT be relied on.
mysql_ are way too outdated. I recommend using PDO.
But yet again, this is an old question.

Answer 2

I am not sure if you found the answer but I was also experiencing this problem.

1) make sure the email from address is correct or you will not send them an email. Now the actual name doesn't need to be correct but the @Yourdomain.com does. many companies put in a false email address what is normally noreply@yourdomain.com and this doesn't actually have a inbox or the fact it does exist but no one checks it. I personally add that email address and do not bother making it as I would rather use my emails slots for something else. Just t clarify that using my method I have never experienced junk mail problems and all emails go to there inbox.

2) My user tables were not being written (but useroptions was) and I brought it down to the fact that in this code

// Add user info into the database table for the main site table
        $sql = "INSERT INTO users (username, email, password, gender, country, ip, signup, lastlogin, notescheck)       
                VALUES('$u','$e','$p_hash','$g','$c','$ip',now(),now(),now())";

at the end it says now() well this needs to be changed to NOW() and make sure you change all the now() to NOW(). as soon as I done that the tables were getting written to also just double check to make sure your table name and rows in the data base match what you have in your code. if they do not match then just changed the names on your database I have added the names below to what your database names should be:

users (Name of table), username (name of row in users table), email (name of row in users table), password (name of row in users table), gender (name of row in users table), country, (name of row in users table), ip (name of row in users table), signup (name of row in users table), lastlogin (name of row in users table), notescheck (name of row in users table). YOU WILL FIND MORE ROWS IN THAT TABLE THAT HAVE NOT BEEN LISTED BUT DO NOT WORRY AS THEY ARE ADDED TO IN LATER VIDEOS.

I understand that this question was ask a year or so ago but I am posting so that you have the answer if you still want it and above all else anyone who has the same problem then you after I write this answer can also find the fix they need. If this doesn't fix you issue then post a reply and let me know and I will see if I can help you.