我正在尝试创建激活页面,以便当用户点击其激活链接时,它会将用户导航到activate.php页面并显示一条消息,说明帐户是否已激活。
我遇到的问题是它一直显示消息“代码和用户名不匹配!帐户未激活”。即使已单击激活链接,它也不会显示成功消息“帐户已激活”。
如果识别出正确的用户名和代码,数据库中的“活动”列也应更改为“1”,但仍然显示“0”,表示帐户仍处于非活动状态。
我的问题是,为什么不识别用户名和激活码是否正确?
以下是registration.php脚本,其中插入用户的注册详细信息并通过电子邮件发送激活链接:
$teacherpassword = md5(md5("j3j".$teacherpassword."D2n"));
$code = md5(rand(1,9));
$insertsql = "
INSERT INTO Teacher
(TeacherForename, TeacherSurname, TeacherEmail, TeacherAlias, TeacherUsername, TeacherPassword, Code)
VALUES
(?, ?, ?, ?, ?, ?, ?)
";
if (!$insert = $mysqli->prepare($insertsql)) {
// Handle errors with prepare operation here
}
$insert->bind_param("sssssss", $getfirstname, $getsurname,
$getemail, $getid, $getuser,
$teacherpassword, $code);
$insert->execute();
if ($insert->errno) {
// Handle query error here
}
$insert->close();
$getuser = $_POST['user'];
$code = md5(rand(1,9));
$site = "http://helios.hud.ac.uk/......../Mobile_app";
$webmaster = "Mayur Patel <.......@hud.ac.uk>";
$headers = "From: $webmaster";
$subject = "Activate Your Account";
$message = "Thanks for Registering. Click the link below to Acivate your Account. \n";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must Activate your Account to Login";
if(mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been Registered. You must Activate your Account from the Activation Link sent to <b>$getemail</b>";
$getfirstname = "";
$getsurname = "";
$getid = "";
$getuser = "";
$getemail = "";
}
下面是activate.php页面,它检查激活链接并执行mysqli操作并显示消息:
<?php
$user_to_be_activated = $_GET['user'];
$code_to_be_matched = $_GET['code'];
// don't use $mysqli->prepare here
$query = "SELECT TeacherUsername, Active, Code FROM Teacher WHERE TeacherUsername = ? AND Code = ? ";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$user_to_be_activated, $code_to_be_matched);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbTeacherUsername, $dbActive, $dbCode);
//get number of rows
$stmt->store_result();
$counting = $stmt->num_rows();
if($counting == '1')
{
$updatesql = "UPDATE Teacher SET Active = ? WHERE TeacherUsername = ? AND Code = ?";
$update = $mysqli->prepare($updatesql);
$update->bind_param("iss", 1, $user_to_be_activated, $code_to_be_matched);
$update->execute();
$update->close();
echo "Account is Activated";
}
else
{
echo "The Code and Username doesn't match! Account is not Activated.";
}
?>
我只是希望它能够在第一次点击链接时激活帐户。
答案 0 :(得分:1)
我是怎么做到的:
当用户通过以下方式激活他的帐户时,在数据库(新列)中创建一个security_key:
example.com/activate/username/security_key
它会将“激活”列设置为1.现在设置一个新的哈希值,因此无法“再次”激活它并获得一些奇怪的错误。
现在,当用户想要登录时,他没有设置任何凭据,但电子邮件已知。所以只需向他发送一个带有恢复链接的“丢失密码”电子邮件:
example.com/set-password/username/security_key
出于安全原因,最好在他的行中每次更新时刷新security_key。所以你永远不会发现第三方用户(黑客)看到他的安全密钥的奇怪事件。
我希望这有助于你:)
结论,获得一些新鲜空气,有一个时刻,并以清醒的头脑第二次看它。最好先在纸上绘制这样的系统,这样你才能知道自己在做什么。 (我做了同样的事情,它确实帮助了我!)
答案 1 :(得分:1)
知道了,错误就在这里:
$ update-&gt; bind_param(“iss”,1,$ user_to_be_activated,$ code_to_be_matched);
简单地说它没有通过1而且我不确定为什么它不会显示错误。
所以你可以把这个数字1放到一个变量中,然后在你的sql代码中使用它,如下所示:
所以整个代码:
$code_activated = 1;
// don't use $mysqli->prepare here
$query = "SELECT TeacherUsername, Active, Code FROM Teacher WHERE TeacherUsername = ? AND Code = ? ";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$user_to_be_activated, $code_to_be_matched);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbTeacherUsername, $dbActive, $dbCode);
//get number of rows
$stmt->store_result();
$counting = $stmt->num_rows();
if($counting == '1')
{
$updatesql = "UPDATE Teacher SET Active = ? WHERE TeacherUsername = ? AND Code = ?";
$update = $mysqli->prepare($updatesql);
$update->bind_param("sss", $code_activated, $user_to_be_activated, $code_to_be_matched);
$update->execute() or die(mysql_error());
$update->close();
echo "Account is Activated";
}
else
{
echo "The Code and Username doesn't match! Account is not Activated.";
}
你可以在这里测试:
http://design05.comuf.com/avtivate.php
以下详细信息:
用户:主人
代码:bbb111
http://design05.comuf.com/avtivate.php?user=master&code=bbb111
用户:admin
代码:abc123
http://design05.comuf.com/avtivate.php?user=admin&code=abc123
当然会尝试一些错误的。
答案 2 :(得分:0)
您似乎生成了一个存储在数据库中的随机代码,然后生成另一个您在电子邮件中添加的代码。这两个代码可能有所不同:)
答案 3 :(得分:-1)
你只需删除第二个代码md5,因为你已经有一次代码md5。