ryr*_*yan 17 php mysql email verification
我的网站上已有一个高级用户登录/注册系统(colemansystems.psm2.co.uk).但是,我希望向新用户发送电子邮件以验证其电子邮件地址.如果他们没有点击该链接,他们将无法访问他们的帐户.我对PHP和MySQL经验不足,所以请深入解释.
编辑:我用于verify.php文件的代码(用户点击GET的链接(例如verify.php?d=51773199320))
$secret = $_GET['d'];
$result = mysql_query("SELECT valid FROM users WHERE secret=$secret");
while ($row = mysql_fetch_array($result))
{
$valid = $row['valid'];
}
if ($valid == "") {
echo"There seems to be a problem with the verification code.<br><br><br><br><br>";
}
elseif ($valid == "1")
{
echo"Your account is already verified.<br><br><br><br><br>";
}
else
{
mysql_query("UPDATE users SET valid = '1' WHERE secret=$secret");
echo "Thank you, your account is now verified and you are free to use the exclusive features!<br><br><br><br><br><br>";
}
这样安全吗?
You*_*nse 30
最简单的方法是根本不注册未经验证的用户.
向他们询问电子邮件地址并发送电子邮件,其中包含用哈希密封的地址的链接.收到此链接后,您可以开始注册过程.
像这样的东西
$secret = "35onoi2=-7#%g03kl";
$email = urlencode($_POST['email']);
$hash = MD5($_POST['email'].$secret);
$link = "http://example.com/register.php?email=$email&hash=$hash";
并在您register.php的注册表单中添加2个隐藏字段 - 电子邮件和哈希,从GET存储他们收到的值.
最后,流程注册和检查,
if (md5($_POST['email'].$secret) == $_POST['hash']) {
//Continue registration.
}
| 归档时间: |
|
| 查看次数: |
14271 次 |
| 最近记录: |