1. 首頁
  2. 問答
  3. PHP和mySQL僅邀請註冊

PHP和mySQL僅邀請註冊

2012-06-27 37 views
2

我正在嘗試爲小型企業網站實施僅限邀請的註冊系統。管理員可以輸入員工的個人電子郵件並將驗證碼發送給他/她。PHP和mySQL僅邀請註冊

當員工點擊電子郵件中的鏈接時,他將被重定向到註冊頁面。 (用於確定顯示內容的開關)

事情是我之前做過註冊頁面,而且我很難將其應用於此邀請代碼。邀請碼使用「回顯」來顯示文本,而原始註冊頁面在使用php,html和css創建的表格中有一個表單。我的問題是如何修改代碼以使它們兼容。

請參閱下面的代碼:

INVITE.php

mysql_select_db($database_connSQL, $connSQL); 
$query_RecInvite = "SELECT * FROM invite_codes"; 
$RecInvite = mysql_query($query_RecInvite, $connSQL) or die(mysql_error()); 
$row_RecInvite = mysql_fetch_assoc($RecInvite); 
$totalRows_RecInvite = mysql_num_rows($RecInvite); 

/* 
This script assumes you already have a database setup, with a connection string in place. 
First, we'll need to create our table... 
Copy/paste the following SQL code into the database you'll be using. 

CREATE TABLE `invite_codes` (
    `id` int(11) NOT NULL auto_increment, 
    `invite_code` varchar(35) NOT NULL default '', 
    `time_stored` int(11) NOT NULL default '0', 
    PRIMARY KEY (`id`) 
) TYPE=MyISAM ; 

*/ 
function genRandomString($length) { 
    $chars = "abcdefghijklmnopqrstuvwxyz"; 
    for ($p = 0; $p < $length; $p++) { 
     $string .= $chars[mt_rand(0, strlen($chars))]; 
    } 
    return $string; 
} 
function clean($str) { 
    $value = mysql_escape_string(stripslashes(htmlspecialchars($str))); 
    return $value; 
} 
function sendEmail($mailto,$mailsubject,$mailcontent,$mailfrom) { 
    if($mailto == '' || $mailsubject == '' || $mailcontent == '' || $mailfrom == '') { 
     return false; 
    } else { 
     $headers = 'From: '.$mailfrom."\r\n". 
     'Reply-To: '.$mailfrom."\r\n" . 
     'X-Mailer: PHP/'.phpversion(); 
     if(mail($mailto, $mailsubject, $mailcontent, $headers)) { 
      return true; 
     } else { 
      return false; 
     } 
    } 
} 
function checkEmail($email) { 
    if(!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { return false; } 
    $email_array = explode("@", $email); 
    $local_array = explode(".", $email_array[0]); 
    for($i = 0; $i < sizeof($local_array); $i++) { 
     if(!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { 
      return false; 
     } 
    } 
    if(!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { 
     $domain_array = explode(".", $email_array[1]); 
     if (sizeof($domain_array) < 2) { return false; } 
     for($i = 0; $i < sizeof($domain_array); $i++) { 
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { 
       return false; 
      } 
     } 
    } 
    return true; 
} 
(empty($_GET['go']))?($go = 'home'):($go = $_GET['go']); 
switch($go) { 
    case 'home': 
     echo 'This is an invite code example..<br />Generate a new invite code:<br /> 
      <form action="?go=generate" method="post"> 
      <input name="submit" type="submit" value="Generate" /> 
      </form>'; 
    break; 
    case 'generate': 
     $invite_code = genRandomString(25); // genRandomString(INT) 
     echo 'This is a random invite code: <b>'.$invite_code.'</b><br />Let&#39;s go ahead and toss this into our database...'; 
     if(mysql_query("INSERT INTO invite_codes (id,invite_code,time_stored) VALUES ('','".$invite_code."','".mktime()."')")) { 
      echo '<br />Insertion successful<br /><br />Use code to invite a friend:<br />'; 
      echo '<p><form action="?go=invite" method="post"> 
       <input type="text" name="email" id="email" value="" /> 
       <input type="hidden" name="code" id="code" value="'.$invite_code.'" /> 
       <input name="submit" type="submit" value="Invite" /> 
       </form></p>'; 
     } else { echo 'Whoops! Something went horribly wrong, and we couldn&#39;t store the code :('; } 
    break; 
    case 'invite': 
     if(!empty($_POST['email'])) { 
      if(checkEmail($_POST['email'])) { 
       $thisDomain = str_replace('www.', '', $_SERVER['HTTP_HOST']); 
       $mailcont = "Someone has invited you to an invite only website!\nYour invite code is: ".$_POST['code'].".\n\nYou can use it at http://www.".$thisDomain."/newTATCS/login/invite.php?go=register&hash=".$_POST['code']; 
       if(sendEmail($_POST['email'],'You have been invited!',$mailcont,'[email protected]'.$thisDomain)) { 
        echo 'Your invite was dispatched to '.$_POST['email'].'<br /><br />Go back <a href="?go=home">home</a>'; 
       } else { echo 'Whoops! Something went horribly wrong, and we couldn&#39;t send the email :('; } 
      } else { 'Whoops! Looks like the email address you selected is invalid :('; } 
     } else { 'Whoops! It looks like you didn&#39;t actually add an email address...'; } 
    break; 
    case 'register': 
     if(!empty($_POST['code'])) { 
      $code = clean($_POST['code']); // Because SQL injections are annoying :) 
      $query = mysql_query("SELECT id FROM invite_codes WHERE invite_code = '".$code."'"); 
      if(mysql_num_rows($query) == 1) { 
       $fetch = mysql_fetch_object($query); 
       echo 'Congratulations, the invite code was found!<br />We&#39;re going to remove it from the database now...'; 
       if(mysql_query("DELETE FROM invite_codes WHERE id = '".$fetch->id."'")) { 
        echo '<br />Code removed!'; 
       } else { echo 'Whoops! Something went horribly wrong, and we couldn&#39;t remove the code :('; } 
      } else { echo 'Sorry, that code is invalid.'; } 
     } else { 
      echo 'This website is closed to the public. You will need an invite code to continue registration. 
       <p><form action="?go=register" method="post"> 
       <input type="text" name="code" id="code" value="'.$_GET['hash'].'" /> 
       <input name="submit" type="submit" value="Check" /> 
       </form></p>'; 
     } 
    break; 
} 
?>

REGISTER.php

<form id="register" name="register" method="POST" action="<?php echo $editFormAction; ?><?php echo $loginFormAction; ?>"> 
     <div class="leftRegister"> 
     <table width="278" border="0" cellpadding="0" cellspacing="0"> 
      <tr> 
      <td width="278">Saultation<br /> 
       <select name="salutation" id="salutation"> 
       <option selected="selected">Mr.</option> 
       <option>Mrs.</option> 
       <option>Ms.</option> 
       <option>Dr.</option> 
       <option>Prof.</option> 
      </select></td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
      <tr> 
      <td><table width="278" border="0" cellpadding="0" cellspacing="0"> 
       <tr> 
       <td width="138">Name<br /></td> 
       <td width="140">&nbsp;</td> 
       </tr> 
       <tr> 
       <td valign="top"><span id="sprytextfield1"> 
        <input name="firstname" class="regFirstname" type="text" id="firstname" /> 
        <br /> 
        <span class="textfieldRequiredMsg">Enter your First name .</span></span></td> 
       <td width="140" valign="top"><span id="sprytextfield2"> 
        <input type="text" class="regLastname" name="lastname" id="lastname" /> 
        <br /> 
        <span class="textfieldRequiredMsg">Enter your Last name.</span></span></td> 
       </tr> 
      </table></td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
      <tr> 
      <td>Personal Email<br /> 
       <span id="sprytextfield9"> 
       <input type="text" name="email" id="email" /> 
       <br /> 
       <span class="textfieldRequiredMsg">Please enter your personal email.</span></span></td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
      <tr> 
      <td>Create a password<br /> 
       <span id="sprypassword1"> 
       <input type="password" name="password" id="password" /> 
       <br /> 
      <span class="passwordRequiredMsg">Please choose a password that contain at least<br /> 
1 letter and 1 number for maximum security.</span><span class="passwordMinCharsMsg">Minimum number of characters not met.<br /> 
Password must contain at least 5 characters.</span><span class="passwordInvalidStrengthMsg">Password must contain at least 1 letter and 1 number.</span></span></td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
      <tr> 
      <td>Confirm your password<br /> 
       <span id="spryconfirm1"> 
       <input type="password" name="passwordcheck" id="passwordcheck" /> 
      <span class="confirmRequiredMsg"><br /> 
      Please make sure your password matches</span><span class="confirmInvalidMsg"><br /> 
      The values don't match.</span></span></td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
      <tr> 
      <td>Birthday<br /> 
       <select name="BirthMonth"> 
       <option value="1">January</option> 
       <option value="2">February</option> 
       <option value="3">March</option> 
       <option value="4">April</option> 
       <option value="5">May</option> 
       <option value="6">June</option> 
       <option value="7">July</option> 
       <option value="8">August</option> 
       <option value="9">September</option> 
       <option value="10">October</option> 
       <option value="11">November</option> 
       <option value="12">December</option> 
       </select> 
       <select name="BirthDay"> 
       <?php 
    for ($i=1; $i<=31; $i++) 
    { 
    echo "<option value='$i'>$i</option>"; 
    } 
    ?> 
       </select> 
       <select name="BirthYear"> 
       <?php 
    for ($i=2006; $i>=1900; $i=$i-1) 
    { 
    echo "<option value='$i'>$i</option>"; 
    } 
    ?> 
      </select></td> 
      </tr> 
      <tr> 
      <td>&nbsp;</td> 
      </tr> 
     </table> 
     </div> 

     <div class ="rightRegister"> 
     <table width="280" border="0" cellpadding="0" cellspacing="0"> 
      <tr> 
      <td colspan="2">Address 
       <br /> 
       <span id="sprytextfield3"> 
       <input type="text" name="address" id="address" /> 
       <br /> 
       <span class="textfieldRequiredMsg">Please enter your address</span></span></td> 
      </tr> 
      <tr> 
      <td colspan="2">&nbsp;</td> 
      </tr> 
      <tr> 
      <td colspan="2">City<br /> 
       <span id="sprytextfield4"> 
       <input type="text" name="city" id="city" /> 
       <br /> 
      <span class="textfieldRequiredMsg">Please enter your city.</span></span></td> 
      </tr> 
      <tr> 
      <td colspan="2">&nbsp;</td> 
      </tr> 
      <tr> 
      <td width="108" valign="top">State/Province<br /> 
       <span id="sprytextfield5"> 
       <input type="text" name="state" id="state" class="regState" /> 
      <span class="textfieldRequiredMsg">State required.</span></span></td> 
      <td width="144" valign="top">Zip/Postal Code<br /> 
       <span id="sprytextfield6"> 
       <input type="text" name="postalcode" id="postalcode" class="regPostalcode" /> 
       <span class="textfieldRequiredMsg"><br /> 
Zip Code required.</span><span class="textfieldMaxCharsMsg"><br /> 
Enter 5-digit Zip code.</span></span></td> 
      </tr> 
      <tr> 
      <td colspan="2">&nbsp;</td> 
      </tr> 
      <tr> 
      <td colspan="2">Homephone 
       <span id="sprytextfield7"><br /> 
       <input type="text" name="homephone" id="homephone" /> 
       <br /> 
       <span class="textfieldRequiredMsg">Please enter phone number.</span></span></td> 
      </tr> 
      <tr> 
      <td colspan="2">&nbsp;</td> 
      </tr> 
      <tr> 
      <td colspan="2">Cellphone<br /> 
       <span id="sprytextfield8"> 
       <input type="text" name="cellphone" id="cellphone" /> 
       <br /> 
      <span class="textfieldRequiredMsg">Please enter your cellphone number.</span></span></td> 
      </tr> 
      <tr> 
      <td colspan="2">&nbsp;</td> 
      </tr> 
      <tr> 
      <td colspan="2" align="right"><span class="submit"> 
       <input type="submit" value="Submit" /> 
      </span></td> 
      </tr> 
      <tr> 
      <td colspan="2" align="right">&nbsp;</td> 
      </tr> 
     </table> 
     <p>&nbsp;</p> 
     </div> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <p>&nbsp;</p> 
     <input type="hidden" name="MM_insert" value="register" /> 
    </form> 
    </div>

來源

2012-06-27 alchuang

回答

3

在註冊頁面,從拉邀請碼查詢字符串(site.php?code=ajiofdjasoiej39048)。然後,檢查數據庫中是否存在具有該邀請代碼的行。如果是,則顯示註冊表單。否則顯示錯誤消息。在提交時再次檢查代碼,並且在用戶註冊成功後,從數據庫中刪除邀請代碼。

此外,php_mysql已棄用。請改用MySQLi或PDO。

來源

2012-06-27 20:48:00 Lusitanian

+0

非常感謝!有效!現在我正試圖爲用戶設置一個鏈接,以便在代碼弄糟的情況下重新發送確認電子郵件。我如何確保invite.php中的電子郵件安全並且無法通過更改電子郵件來修改? 例如, 起初我想我可能會做'domain.com/[email protected]&code=「abcasdklh54654' ,然後在錯誤頁面,上面寫着一個鏈接: 」代碼無效,點擊這裏重新發送確認郵件「 ,但我意識到這樣做意味着用戶可以輕鬆操縱網址來更改電子郵件。 我應該如何避免這種情況? – alchuang

+0

將代碼旁邊的電子郵件地址存儲在同一張表中]在你的數據庫中。 – Lusitanian

相關問題

 相關問題