R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Customer Email Address Change Form PHP Script

The scripts in the two link groups below are Customer Apps for Dealing with Product Keys and Email Addresses, and Administrator Apps for Dealing with Customer Records.

In our ecommerce world, products are sold by many different methods. Amongst these are getting out demos in various ways and when people try them, some of them are very pleased and they buy what's called a key. This unlocks the full feature set of the product when they enter it. There is a need to give the product users limited access to perform a few functions such as changing their emails, retrieving their keys from our database when they misplace them, etc. There is also a need for administrative functions to manage customer records. One needs to sort them, edit them, delete them, add them, view them, search them, register to be an administrator, login as administrator, etc.

If an ecommerce company does not have any of the applications below, it is forced to perform them the 20th century ways—by hand. This means paying for people to answer phones, write emails, keep paper files of customers, etc. The 21st century way is to let software perform these tasks, let websites and videos explain the product features, and let ecommerce close the sale and send the product.

Feel free to use these free Customer Records Management scripts in your business. Note: we know they work well for us (they are well tested), but we assume no liability for how they work in your situation. Similarly, we added lots of security measures such as extensive input filtering, but we make no claims and assume no liability for how securely they work in your situation.

The best security measure to take when using the administrative part of a system like this (meaning the Administrator Apps for Dealing with Customer Records, not the Customer Apps for Dealing with Product Keys and Email Addresses in which category the script below resides) is do not have any links ANYWHERE that link to the URLs of any of the admin files on the server, so neither hackers nor Google finds them. Then use the admin CMS yourself but do not even let your momma use it. Don't even save the link to the admin login as a Favorite, just to be secure. Just stick the login username and password in Roboform and make them impossible to guess. Then use Roboform to logon. The script below, and the other Customer Apps, are included online and linked to as part of the product web pages that make life easier for everyone. Their security is mainly handled via extreme input filtering. The Admin Apps are hidden, unlinked to, and well protected with security measures, password hashes and salts, etc.

This script is called email-address-change-form.php


Customer Apps for Dealing with Product Keys and Email Addresses

Administrator Apps for Dealing with Customer Records

The form action in Customer Email Address Change Form is this script: email-address-change-form.php. This processes the data which the user enters in the form on that page. Note that in order to get a user email address changed, the user must enter not only the old and new email addresses, but also one of the following: name (first and last), business name, or product key. The PHP script will ensure that this minimum amount of data gets entered. If it does not, or if the data is faulty, the user will get a message and no changes will occur.

If a user is not sure of the email address that was used when the product key was purchased, the user may try several emails, but only one at a time. Submit the form once for each email—until something works.

First we include config.php so our connections to our MySQL database are set up and secure. Then we define a regular expression pattern ($pattern1) that will allow the characters found in first, last, and business names and ensure there are no nasties in keys as well. The replacement string ensures that all bad characters are dumped. Next we insert flags in any empty field. Empty fields are fine as long as the required criteria are met: good data MUST be found in personal names, or business names, or product key, or the email address change will not happen. And of course both old and new emails must validate and the old email address must be found in the MySQL database.

The "if" conditional ensures the correct combination of criteria has been entered, and the preg_replace() function uses the pattern to ensure the POSTed values are filtered. We added two extra lines of replacing to get rid of two hyphens in a row, since that can be a security problem, and, believe it or not, it has to be run twice to always get all the double hyphens. The mysql_real_escape_string() function is used on the data before we dare to get it near our MySQL SELECT or UPDATE statements, since it securely escapes anything scary. We strip any tags with strip_tags() and get rid of extra spaces with trim().

Then we get to the emails. We use the str_replace() function to dump all quotes or commas. Next, just to be cute we put quotes back in $N but leave them out of $NN. The latter works right for the preg_match() function and in the MySQL UPDATE statement. The $N is not needed, but if you wanted you could use the statement SET email=$N in the UPDATE statement where it now says SET email='$NN'. (Similarly, there's an unneeded $email variable—only $email2 is used.) As you can see, MySQL expects single quotes, and it does not matter if they are put into the MySQL statement or if they are stuck into the PHP variable you use for the MySQL statement.

The preg_match() function uses a regular expression that's a standard email filter pattern. Note that the $flag=1 statement happens if the email is bad, but in the conditional for doing the SELECT to find out if the user's data matches the MySQL database, the "if" includes a criterion $flag==0. Unvalidated emails do not even let the db get searched. Who knows what the user stuck in there? We won't be finding out the hard way, security-wise!

The SELECT will occur as long as the required criteria are met: good data MUST be found in personal names, or business names, or product key, or the email address change will not happen. And of course both old and new emails must validate and the old email address must be found in the MySQL database. Of course, just because the right input fields were filled does not mean that the SELECT will determine that the user is indeed in the db so his email should get changed. It has to find a record, with the data entered in the form input fields, in the db.

We use the LIKE keyword in the SELECT and UPDATE statements. This allows the old email which the user enters to be found even if the email field of his record contains more than one email—with commas to separate them. Note that we could have used the WHERE IN clause to get our SELECT to work right IF the administrator never added an email or two to the email field in the user's record, in which case our user-entered $email variable might contain a comma-separated list of emails. But the administrator may add more emails to the field since the user may buy updates after buying the original product and use a different email in the process, which the administrator is smart to keep track of. So we stuck with the LIKE keyword.

In both the SELECT and the UPDATE statement, we use lots of OR operators to deal with the criteria that must be met.

Now we must send emails to all the email addresses the user gave—both old and new. We do so using the standard form of email sending. You'll want to change words like yoursite.com, you@yoursite.com, and Product to the words that apply in your situation. Note that we use a FOR loop to send the 2 emails, so that we did not need the email code twice. Once the emails are sent, we take the user to the home page: index.html. Alter this name as needed. If the user data was insufficient or not found, the user gets a message that tells him to try other email addresses.

The links at the end of the script may need tweaking due to the word Product. It is unlikely that is the name of your product! (We hope.)

This script is called email-address-change-form.php


<?php
//email-address-change-form.php

include_once"config.php";

$pattern1 = '/[^A-Za-z0-9 \\-\\.\\_\\,]/';
$replacement = '';
$F=$_POST['First'];if(strlen($F)==0){$F="ff";}
$L=$_POST['Last'];if(strlen($L)==0){$L="ll";}
$K=$_POST['key'];if(strlen($K)==0){$K="kk";}
$N=$_POST['newemail'];
$B=$_POST['bizname'];if(strlen($B)==0){$B="bb";}
$email = $_POST['email'];
if(isset($N)&&(($F<>"ff"&&$L<>"ll")||$B<>"bb"||$K<>"kk")&&isset($email)){
$B=strip_tags($B);
$B=trim($B);
$B=preg_replace($pattern1, $replacement, $B);
$B=preg_replace('/\-\-/', $replacement, $B);
$B=preg_replace('/\-\-/', $replacement, $B);
$B=mysql_real_escape_string($B);
$F=strip_tags($F);
$F=trim($F);
$F=preg_replace($pattern1, $replacement, $F);
$F=preg_replace('/\-\-/', $replacement, $F);
$F=preg_replace('/\-\-/', $replacement, $F);
$F=mysql_real_escape_string($F);
$L=strip_tags($L);
$L=trim($L);
$L=preg_replace($pattern1, $replacement, $L);
$L=preg_replace('/\-\-/', $replacement, $L);
$L=preg_replace('/\-\-/', $replacement, $L);
$L=mysql_real_escape_string($L);
$x=$F." ".$L;$y=$L." ".$F;
$K=strip_tags($K);
$K=trim($K);
$K=preg_replace($pattern1, $replacement, $K);
$K=preg_replace('/\-\-/', $replacement, $K);
$K=preg_replace('/\-\-/', $replacement, $K);
$K=mysql_real_escape_string($K);
$N = stripslashes($N);
$N = trim($N);
$N = str_replace("'","",$N);
$N = str_replace('"','',$N);
$N = str_replace(",","",$N);
$N = "'".$N."'";
$NN=str_replace("'","",$N);$flag=0;
if (!preg_match("/([\w\-\.]+\@[\w\-]+\.[\w\-]+)/",$NN)) {
echo '<script language="javascript">alert("You submitted an invalid email address."); window.location = "email-address-change-form.html"; </script>';$flag=1;
}else{
$email = stripslashes($email);
$email = trim($email);
$email = str_replace("'","",$email);
$email = str_replace('"','',$email);
$email = str_replace(",","','",$email);
$email = "'".$email."'";
$email2=str_replace("'","",$email);
if (!preg_match("/([\w\-\.]+\@[\w\-]+\.[\w\-]+)/",$email2)) {
echo '<script language="javascript">alert("You submitted an invalid email address."); window.location = "email-address-change-form.html"; </script>';$flag=1;}}


if($flag==0&&isset($N)&&(($F<>"ff"&&$L<>"ll")||$B<>"bb"||$K<>"kk")&&isset($email)){
$check_user_data = mysql_query("SELECT * FROM product WHERE email LIKE '%$email2%' AND (name = '$x' OR name = '$y' OR name = '$B' OR product4key = '$K' OR product5key = '$K')") or die(mysql_error());
$rc = mysql_num_rows($check_user_data);
if ($rc>0){mysql_query("UPDATE product SET email='$NN' WHERE email LIKE '%$email2%' AND (name = '$x' OR name = '$y' OR name = '$B' OR product4key = '$K' OR product5key = '$K')") or die(mysql_error());
$j=array();$j[0]=$email2;$j[1]=$NN;
for ($i=0; $i<2; $i++){
$to = $j[$i];
$subject = "Product Email Address Change";
$message = "Dear customer,\n\nYour email address in our records was just changed to ".$N.". If you did NOT want it changed, please contact us immediately by replying to this email.\n\nRegards,\n\nyoursite.com\n\na website of Your Company";
$headers = "From: you@yoursite.com";
$mail_sent = mail($to, $subject, $message, $headers);}
echo '<script language="javascript">alert("Email changed."); window.location = "index.html"; </script>';
}else{
echo 'We are unable to find your data with the name and email address you provided.<BR>If you have ordered more than once using different names or email addresses, you may try the form again using additional email addresses.<BR>You may contact us (see link below) and we will do a manual search for your key(s).<BR><BR>';}
}}
else{echo '<script language="javascript">alert("Enter better data."); window.location = "email-address-change-form.html"; </script>';}
mysql_close();

?>

<a HREF="Product-Key-Retrieval-Request.html">Try Product Key Retrieval Request</a><BR>
<a HREF="we-manually-search-for-keys.html">manual search for your key(s)</a><BR>
<a HREF="email-address-change-form.html">Try email address change form again</a><BR>
<a HREF="lost-their-key-before-Monday.html">I lost my key during the week I ordered</a><BR>
<a HREF="Product.html">Product</a><BR><BR>