I'm trying to incorporate an invitation system in VBulletin. What I'm doing is;

1. Generating a invitation code using MD5 and emailing user. Invite.php generates md5 and puts it in database.
2. When user gets the link and clicks on it, he's taken to confirm.php where the hash is checked and he's forwarded to registration page. Also the hash is deleted from database so the invitation cannot be reused.

Here's the code

PHP Code:

<?php
//confirm.php
//Check and confirm hash and redirect to registration
mysql_connect("localhost","*****","***")
or die("Failure to connect to the database");
$hash=$_GET['hash'];
$email=$_GET['email]'];
$query="SELECT hash
        FROM invite
        WHERE hash='$hash'";
$result=mysql_query($query);
if ($result = $hash ){
  echo '$result';
  //Now it's confirmed. So let's forward the user to registration page
  //First deleting the hash
  $delquery="DELETE hash
             FROM invite
             WHERE hash='$hash'";
  header("Location: http://fizz.fonzter.com/register.php");
  exit;
  }
else {
  echo "Error--Hash not found!";
  }
?>

PHP Code:

<?php
//Invite.php
//Create and insert invitation hash
mysql_connect("localhost","*******","******")
or die("Failure to connect to the database");
$supersecret_hash_padding='A string that will pad the super secrect hash making it really secret';
$name=$_POST['name'];
$email=$_POST['email'];
$encoded_email=urlencode($_POST['email']);
$hash=md5($email.$supersecret_hash_padding);
$query="INSERT INTO invite (ID,hash) VALUES(NULL,'$hash')";
$msg=<<< BODY
Hello $name,
Your friend $username has sent you an invitation to join FiZZ Club. Kindly click the link below to accept the invitation.
http://fizz.fonzter.com/confirm.php?hash=$hash&email=$encoded_email
BODY;
//Let's send the email now
  $encoded_email=urlencode($_POST['email']);
mail ($email, 'Invitation', $msg, 'invitation@fizz.in');
  //Confirmation message
  $feedback='You have successfully sent an invite';
  return $feedback;
   ?>

But this is just not working at all for me. Can someone guide me through please. I'm a newbie to PHP and MYSQL

PHP Code:

if ($result = $hash ){ 


^ This is part of your problem.
For a start, you must use == (equality test) instead of = (assignment) when comparing things, and also $result is not a string, it is a fragment of database table. (In this case the fragment probably only contains one string, but it is still a database result). In this situation, I would simply say:

PHP Code:

$count = mysql_num_rows($result);
if($count > 0) {
  echo "Hash matched";
}else {
  echo "No match.";
} 


mysql_num_rows($result) counts the rows in that table fragment I was on about. If the hash was correct, there will e one row, if it didn't there will be 0 rows. There are other mysql functions such as mysql_result() and mysql_fetch_array that retrieve the database contents themselves so you can use them as strings or numbers, but you don't need them here.

Other problems include the fact that you put three queries into strings, but only actually execute one of them with mysql_query(). You must do this for all of them or else your SQL commands just sit there in the string doing nothing.

I can't see what you do with the variable $encoded_email if anything.

There's a return statement at the end - what is this meant to do? Where are you returning to/from? This is usually used when returning from functions, and you don't define any in your scripts.

thanks for this man! also whats wrong with delete?

Ah, you mean this:

Code:

DELETE hash
             FROM invite
             WHERE hash='$hash'

?

You can't delete one field from a row, you can only delete the whole row. (You can of course set the one field to be empty, but you can't delete bits like this otherwise your database wouldn't be rectangular any more!)

Change it to

Code:

DELETE FROM invite WHERE hash='$hash'

One other thing I thought of to avoid possible confusion - in PHP, assignment is = and equality test is ==. In mySQL = is used for both, but this is OK since mySQL knows by context what you mean. In a WHERE section it is equality test, but in an update query it can be an assignment. In PHP, there are situations where you can legally use either version, but get totally different effects - as a result you need to tell PHP which one you want by using the right one.

thanks a ton!

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource
I get this error.

that just means the supplied argument is not correct in the
$count = mysql_num_rows($result);
i would imagine that you have a string without apostrophes around it but try on the line before mysql_num_rows($result); do

echo $result;
exit;

if you cannot see the problem in the output then plz post the result of the echo and the mysql_num_rows line + a few lines before it