-3
我試圖通過PHP進行用戶註冊和電子郵件驗證,一切都非常好,但是在用戶提交註冊表單後的某個時間點,然後表單被髮布到verify.php
,那麼腳本會發送激活代碼給用戶的電子郵件。PHP MYSQL用戶表格註冊
的錯誤是,激活郵件被髮送到用戶的郵箱的那一刻,頁面應顯示:
謝謝!一封電子郵件已發送至{Form.email}。要完成註冊,請單擊發送到您的電子郵件地址的電子郵件驗證鏈接。
相反,它會自動刷新頁面並將用戶重定向到registrationcomplete.php
頁面。它假定在用戶驗證後纔會出現。
我用下面的代碼:
<?php
require ('Connections.php');
$activationkey = mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$name = mysql_real_escape_string($_POST['name']);
$country = mysql_real_escape_string($_POST['country']);
$state = mysql_real_escape_string($_POST['state']);
$add = mysql_real_escape_string($_POST['add']);
$phone = mysql_real_escape_string($_POST['phone']);
$email = mysql_real_escape_string($_POST['email']);
$userid = mysql_real_escape_string($_POST['userid']);
$password = mysql_real_escape_string($_POST['password']);
$lrname = mysql_real_escape_string($_POST['lrname']);
$lraccount = mysql_real_escape_string($_POST['lraccount']);
$wmz = mysql_real_escape_string($_POST['wmz']);
$form_submitt = $_POST['button'];
if ($form_submitt == true){
$sql = "INSERT INTO customers (`activationkey`, `name`, `country`, `state`, `add`, `phone`, `email`, `lrname`, `lraccount`, `comment`, `wmz`, `okpay`, `userid`, `password`, `status`) VALUES ('$activationkey', '$name', '$country', '$state', '$add', '$phone', '$email', '$lrname', '$lraccount', '', '$wmz', '', '$userid', '$password', 'verify');";
mysql_query($sql) or die(mysql_error());
##Send activation Email
$to = $_POST['email'];
$subject = "Complete registation";
$message = "Welcome to sitename!\r\rYou, or someone using your email address, has completed registration at www.sitename.com.\r\r You can complete registration by clicking the following link:\rhttp://www.sitename.com/verify.php?$activationkey \r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\r\r www.sitename.com Team";
$headers = 'From: [email protected]' . "\r\n" .
'Reply-To: [email protected]' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
}
?>
<?php
##User isn't registering, check verify code and change activation code to null, status to activated on success
if(isset($_SERVER['QUERY_STRING'])){
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM `DBName`.`customers`";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($queryString == $row['activationkey']){
$sql = "UPDATE `DBName`.`customers` SET `activationkey` = '', `status` = 'verified' WHERE `customers`.`id` = $row[id];";
mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=registrationcomplete.php'>";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
}
}
}
?>
如果解決方案使用$ _REQUEST而不是$ _SERVER,可以嗎? –
順便說一句,在單個命令中轉義所有POST-vars:'$ _POST = array_map('mysql_real_escape_string',$ _POST);' – feeela