1. 首頁
  2. 問答
  3. 如何發送激活鏈接給註冊用戶?

如何發送激活鏈接給註冊用戶?

2013-01-17 44 views
3

我已經問過這個,但我似乎從來沒有得到它的工作原理(我嘗試了很多,但沒有成功)有人能告訴我如何發送一個激活鏈接到註冊用戶的電子郵件地址,不要允許用戶直到他們按照電子郵件地址中的鏈接激活他們的帳戶?我該怎麼辦?我沒有得到它了......請幫我..如何發送激活鏈接給註冊用戶?

我有一個表users數據庫什麼:

1 id   int(11)  AUTO_INCREMENT  
2 username varchar(255)   
3 password char(64)  
4 salt  char(16)  
5 email  varchar(255)

register.php

// First we execute our common code to connection to the database and start the session 
require("common.php"); 

// This if statement checks to determine whether the registration form has been submitted 
// If it has, then the registration code is run, otherwise the form is displayed 
if(!empty($_POST)) 
{ 
// Ensure that the user has entered a non-empty username 
if(empty($_POST['username'])) 
{ 
    echo "Please enter a username."; 
} 

// Ensure that the user has entered a non-empty password 
if(empty($_POST['password'])) 
{ 
    die("Please enter a password."); 
} 

// Make sure the user entered a valid E-Mail address 
// filter_var is a useful PHP function for validating form input, see: 
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
{ 
    die("Invalid E-Mail Address"); 
} 

$query = " 
    SELECT 
     1 
    FROM users 
    WHERE 
     username = :username 
"; 

$query_params = array( 
    ':username' => $_POST['username'] 
); 

try 
{ 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
    // Note: On a production website, you should not output $ex->getMessage(). 
    // It may provide an attacker with helpful information about your code. 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$row = $stmt->fetch(); 


if($row) 
{ 
    die("This username is already in use"); 
} 

// Now we perform the same type of check for the email address, in order 
// to ensure that it is unique. 
$query = " 
    SELECT 
     1 
    FROM users 
    WHERE 
     email = :email 
"; 

$query_params = array( 
    ':email' => $_POST['email'] 
); 

try 
{ 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$row = $stmt->fetch(); 

if($row) 
{ 
    die("This email address is already registered"); 
} 

// An INSERT query is used to add new rows to a database table. 
// Again, we are using special tokens (technically called parameters) to 
// protect against SQL injection attacks. 
$query = " 
    INSERT INTO users ( 
     username, 
     password, 
     salt, 
     email 
    ) VALUES ( 
     :username, 
     :password, 
     :salt, 
     :email 
    ) 
"; 

$to = "email"; 
$subject = "Your Account Information!"; 
$body = <<<EMAIL 
Hello {'email'}, here is your account information! 

Username:{'username'} 
Password:{'password'} 

Please activate your account by clicking the following activation link: 
http://www.mywebsite.com/activate.php?aid={$aid} 

EMAIL; 

$headers = 'From: [email protected]' . "\r\n" . 
'Reply-To: [email protected]' . "\r\n" . 
'X-Mailer: PHP/' . phpversion(); 

if(mail($to, $subject, $body, $headers)){ 
echo("<p>Your account information was successfully sent to your email - ('email')! <br><br>Please open your email and click the activation link to activate your account.</p><br><p>If you do not see your account information in your inbox within 60 seconds please check your spam/junk folder.</p>"); 
} else { 
    echo("<p> Unfortunately, your account information was <u>unsuccessfully</u> sent to your email - ('email'). </p>"); 
} 

$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 

$password = hash('sha256', $_POST['password'] . $salt); 

for($round = 0; $round < 65536; $round++) 
{ 
    $password = hash('sha256', $password . $salt); 
} 


$query_params = array( 
    ':username' => $_POST['username'], 
    ':password' => $password, 
    ':salt' => $salt, 
    ':email' => $_POST['email'] 
); 

try 
{ 
    // Execute the query to create the user 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 

} 
header("Location: login.php"); 
die("Redirecting to login.php"); 
} 
?> 
<h1>Register</h1> 
<form action="" method="post"> 
Username:<br /> 
<input type="text" name="username" required value="" /> 
<br /><br /> 
E-Mail:<br /> 
<input type="text" name="email" required value="" /> 
<br /><br /> 
Password:<br /> 
<input type="password" required name="password" value="" /> 
<br /><br /> 
<input type="submit" value="Register" /> 
</form>

login.php

<?php 

// First we execute our common code to connection to the database and start the session 
require("common.php"); 

$submitted_username = ''; 
if(!empty($_POST)) 
{ 
$query = " 
    SELECT 
     id, 
     username, 
     password, 
     salt, 
     email 
    FROM users 
    WHERE 
     username = :username 
"; 

// The parameter values 
$query_params = array( 
    ':username' => $_POST['username'] 
); 

try 
{ 
    // Execute the query against the database 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$login_ok = false; 

$row = $stmt->fetch(); 
if($row) 
{ 

    $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
    for($round = 0; $round < 65536; $round++) 
    { 
     $check_password = hash('sha256', $check_password . $row['salt']); 
    } 

    if($check_password === $row['password']) 
    { 
     $login_ok = true; 
    } 
} 

if($login_ok) 
{ 

    unset($row['salt']); 
    unset($row['password']); 

    $_SESSION['user'] = $row; 

    // Redirect the user to the private members-only page. 
    header("Location: private.php"); 
    die("Redirecting to: private.php"); 
} 
else 
{ 
    // Tell the user they failed 
    print("The Username/Password is invalid."); 

    $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
} 
} 

    ?> 
    <h1>Login</h1> 
    <form action="login.php" method="post"> 
Username:<br /> 
<input type="text" name="username" required value="<?php echo $submitted_username; ?>" /> 
<br /><br /> 
Password:<br /> 
<input type="password" name="password" value="" required /> 
<br /><br /> 
<input type="submit" value="Login" /> 
</form> 
<a href="register.php">Register</a>

來源

2013-01-17 Magna

+1

您可以請嘗試更具體地瞭解您遇到的問題嗎?你在這裏發佈的是大量的代碼,沒有任何跡象表明什麼不工作或你不明白。 –

+0

除非你能更加關注這個問題,否則這個問題很可能會被解決(特別是因爲它主要是你早期問題的副本) –

回答

7

對於其中一個,您不會通過此腳本向用戶發送任何電子郵件。你應該做的是創建一個註冊表並將其中的值與令牌和日期時間一起存儲。一些基於URL的標識符。電子郵件和時間戳concat的簡單md5可以正常工作。

$token = md5($_POST['email'].time());

然後向用戶發送電子郵件的鏈接 - 是這樣的: http://www.yoursite.com/register/confirm?token=yourmd5token

這個腳本會從該令牌獲取存儲的用戶信息,確保日期時間是一個小時內左右,然後按下數據只有在確認後才進入用戶表,所以您不會不必要地填寫表格。

根據您提供的代碼,您不是真正的PHP初學者。所以你應該沒有問題谷歌搜索提到的事情的例子。由於SO通常用於快速幫助和基本質量保證,因此涉及到的內容太多了。你的更多是一個完整的項目。

來源

2013-01-17 02:27:51

+0

我的回答並不像凱青的回答那麼「安全」。我會建議他爲我的代幣的安全。 +1 –

0

您有一些選項,您可以添加一個名爲「active」的新列,並默認爲0,直到用戶點擊生成的鏈接(例如,yoursite.com/activate.php?key=)

有關鍵=類似用戶的電子郵件地址。

一旦用戶點擊該鏈接,進入他們的文件從預先登記的密碼,你可以設置爲有效欄爲1

第二個選項是生成一個隨機密碼,並要求用戶從他/她的電子郵件中獲取密碼。因此需要有效的電子郵件地址。

來源

2013-01-17 02:28:37

1

下面是一個電子郵件驗證方式的概念性概述。這個問題仍然太高,無法在任何實際代碼中添加答案。另外,請考慮這可能不是驗證的最佳方式,只是一種簡單的方法。

添加2列到數據庫:

  • is_verified
  • verification_token

在登錄。php:

  1. 當創建用戶設置is_verified = 0並創建一個隨機的verification_token。
  2. 創建用戶後,建立一個帶有token的verify.php鏈接作爲查詢字符串參數。
  3. 發送電子郵件至包含鏈接的電子郵件地址以驗證
  4. 將用戶重定向到一個名爲verificationWaiting.php的頁面,該頁面會提醒他們檢查其電子郵件並單擊鏈接。

創建一個名爲verify.php該頁面:

  1. 檢查數據庫在查詢字符串令牌,如果與托克發現用戶設置is_verified標誌設置爲true。
  2. 將用戶重定向到登錄頁面

修改login.php中,以確保用戶已is_verified設定爲認證條件。

這只是一個方法的廣泛概述。您可以添加許多其他功能。希望這有助於你開始。

來源

2013-01-17 02:30:29

相關問題

 相關問題