Question

我正在建立一个网站，要求用户注册和登录。我有大多数工作，但100％无效的是电子邮件激活。

当用户注册时，会发送一封包含链接（{{3}}）

的电子邮件

如果用户点击此链接，它将进入/激活检查以查看数据库中是否存在电子邮件和代码，并通过将值“active”从0更改为1来激活帐户（如果这些确实存在），但是，如果用户只需登录它就会自动激活我不想要的帐户（有点违背了激活邮件的目的）。

LOGIN

if (isset($_POST['submit'])) { // Create variables from submitted data
    $uname = mysqli_real_escape_string($db_connect, $_POST['uname']); 
    $password = mysqli_real_escape_string($db_connect, $_POST['loginPassword']);
    $passHash = md5($password); // Encrypt password

    $query1 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `uname` = '".$uname."' AND `password` = '".$passHash."' AND `active` = '1' ") or die(mysqli_connect_error()); // Uname and password match and account is active
    $result1 = (mysqli_num_rows($query1) > 0);
    $query2 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `uname` = '".$uname."' AND `password` = '".$passHash."' AND `active` = '0' ") or die(mysqli_connect_error()); // Uname and password match and account is not active
    $result2 = (mysqli_num_rows($query2) > 0);

        if ($result1) { // If uname and password match and account is active
            $_SESSION['uname'] = $_POST['uname'];
            header("Location: /profile");
        } else if ($result2) { // If uname and password match but account is not active
            echo "<p>Your account has not been activated! Please check your email inbox.</p><br />";
            back();
        } else { // If uname and password do not match
            echo "<p>The combination of username and password is incorrect!</p><br />";
            back();
            forgotPword();
            register();
        }   
} else {
        login();
        forgotPword(); 
        register();
}

激活页面

 if (isset($_GET['email'], $_GET['activationCode']) === true) { // If email and email code exist in URL
    $email = trim($_GET['email']);
    $activationCode = trim($_GET['activationCode']);

    $query1 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `email` = '".$email."' ") or die(mysqli_connect_error());
    $result1 = (mysqli_num_rows($query1) > 0);
    $query2 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `activationCode` = '".$activationCode."' ") or die(mysqli_connect_error());
    $result2 = (mysqli_num_rows($query2) > 0);  
    $query3 = mysqli_query($db_connect, "SELECT COUNT(`userID`) FROM `users` WHERE `email` = '".$email."' AND `activationCode` = '".$activationCode."' AND  `active` = '0' ") or die(mysqli_connect_error());
    $result3 = (mysqli_num_rows($query3) > 0);

    // Check email exists in database
    if ($result1) {     
        // Check activation code exists in database     
        if ($result2) { 

            // THIS IS THE PART NOT DOING IT'S JOB PROPERLY
            // Check active status
            if ($result3) {             
                mysqli_query($db_connect, "UPDATE `users` SET `active` = '1' WHERE `email` = '".$email."' AND `activationCode` = '".$activationCode."' AND `active` = '0' ") or die(mysqli_connect_error()); // Activate account
                echo "<p>Your account is now activated. You may <a href='/login'>Log In</a></p>";
                exit();         
            } else {
                echo "<p>Your account has already been activated. You may <a href='/login'>Log In</a></p>";
                exit(); 
            }   
            // ------------------------------------------------------------------------------------

        } else { // Activation code is invalid
          echo "<p>Hmmm, the activation code seems to be invalid!</p>"; 
          exit(); 
        }       
    } else { // Email does not exist
      echo "<p>Hmmm, ".$email." email does not seem to exist in our records!</p>";
      exit();
    }       

} else {
    header("Location: /login");
    exit();
}

非常感谢任何有关我出错的帮助。

Answer 1

您可以在登录

的sql查询中添加“AND active = 1”条件

电邮激活问题

1 个答案: