如何向注册用户发送激活链接?

时间:2013-01-17 02:13:53

标签: php

我之前已经问过这个但是我似乎从来没有得到它的工作方式(我尝试了很多但根本没有成功)有人可以告诉我如何在注册时向用户的电子邮件地址发送激活链接并且不要t允许用户按照电子邮件地址中的链接激活帐户?我该怎么办?我根本没有得到它...请帮帮我..

我在数据库中的表users中拥有的内容: 

1   id          int(11)       AUTO_INCREMENT    
2   username    varchar(255)        
3   password    char(64)    
4   salt        char(16)    
5   email       varchar(255)

register.php 

// First we execute our common code to connection to the database and start the session 
 require("common.php"); 

// This if statement checks to determine whether the registration form has been submitted 
// If it has, then the registration code is run, otherwise the form is displayed 
if(!empty($_POST))
{ 
// Ensure that the user has entered a non-empty username 
if(empty($_POST['username']))
{ 
    echo "Please enter a username."; 
}

// Ensure that the user has entered a non-empty password 
if(empty($_POST['password']))
{ 
    die("Please enter a password."); 
} 

// Make sure the user entered a valid E-Mail address 
// filter_var is a useful PHP function for validating form input, see:
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
{ 
    die("Invalid E-Mail Address"); 
} 

$query = " 
    SELECT 
        1 
    FROM users 
    WHERE 
        username = :username 
"; 

$query_params = array( 
    ':username' => $_POST['username'] 
); 

try 
{ 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
    // Note: On a production website, you should not output $ex->getMessage(). 
    // It may provide an attacker with helpful information about your code.  
    die("Failed to run query: " . $ex->getMessage()); 
} 

$row = $stmt->fetch(); 


if($row) 
{ 
    die("This username is already in use"); 
} 

// Now we perform the same type of check for the email address, in order 
// to ensure that it is unique. 
$query = " 
    SELECT 
        1 
    FROM users 
    WHERE 
        email = :email 
"; 

$query_params = array( 
    ':email' => $_POST['email'] 
); 

try 
{ 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$row = $stmt->fetch(); 

if($row) 
{ 
    die("This email address is already registered"); 
} 

// An INSERT query is used to add new rows to a database table. 
// Again, we are using special tokens (technically called parameters) to 
// protect against SQL injection attacks. 
$query = " 
    INSERT INTO users ( 
        username, 
        password, 
        salt, 
        email 
    ) VALUES ( 
        :username, 
        :password, 
        :salt, 
        :email 
    ) 
"; 

$to = "email";
$subject = "Your Account Information!";
$body = <<<EMAIL
Hello {'email'}, here is your account information!

Username:{'username'}
Password:{'password'}

Please activate your account by clicking the following activation link:
http://www.mywebsite.com/activate.php?aid={$aid}

EMAIL;

$headers = 'From: noreply@yourdomain.com' . "\r\n" .
'Reply-To: noreply@yourdomain.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();

if(mail($to, $subject, $body, $headers)){
echo("<p>Your account information was successfully sent to your email - ('email')! <br><br>Please open your    email and click the activation link to activate your account.</p><br><p>If you do not see your account information in your inbox within 60 seconds please check your spam/junk folder.</p>");
} else {
   echo("<p> Unfortunately, your account information was <u>unsuccessfully</u> sent to  your email - ('email'). </p>");
}

$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 

$password = hash('sha256', $_POST['password'] . $salt); 

for($round = 0; $round < 65536; $round++) 
{
    $password = hash('sha256', $password . $salt); 
}


$query_params = array( 
    ':username' => $_POST['username'], 
    ':password' => $password, 
    ':salt' => $salt, 
    ':email' => $_POST['email'] 
); 

try
{ 
    // Execute the query to create the user 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
}
catch(PDOException $ex)
{ 

}
header("Location: login.php"); 
die("Redirecting to login.php"); 
}
?> 
<h1>Register</h1> 
<form action="" method="post"> 
Username:<br /> 
<input type="text" name="username"  required value="" /> 
<br /><br /> 
E-Mail:<br /> 
<input type="text" name="email" required value="" /> 
<br /><br /> 
Password:<br /> 
<input type="password" required  name="password" value="" /> 
<br /><br /> 
<input type="submit"  value="Register" /> 
</form>

的login.php 

<?php 

// First we execute our common code to connection to the database and start the session 
require("common.php"); 

$submitted_username = '';
if(!empty($_POST)) 
{ 
$query = " 
    SELECT 
        id, 
        username, 
        password, 
        salt, 
        email 
    FROM users 
    WHERE 
        username = :username 
"; 

// The parameter values 
$query_params = array( 
    ':username' => $_POST['username'] 
); 

try 
{ 
    // Execute the query against the database 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$login_ok = false; 

$row = $stmt->fetch(); 
if($row) 
{ 

    $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
    for($round = 0; $round < 65536; $round++) 
    { 
        $check_password = hash('sha256', $check_password . $row['salt']); 
    } 

    if($check_password === $row['password']) 
    { 
        $login_ok = true; 
    } 
} 

if($login_ok) 
{ 

    unset($row['salt']); 
    unset($row['password']); 

    $_SESSION['user'] = $row; 

    // Redirect the user to the private members-only page. 
    header("Location: private.php"); 
    die("Redirecting to: private.php"); 
} 
else 
{ 
    // Tell the user they failed 
    print("The Username/Password is invalid."); 

    $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
} 
} 

    ?> 
    <h1>Login</h1> 
    <form action="login.php" method="post"> 
Username:<br /> 
<input type="text" name="username" required value="<?php echo $submitted_username; ?>" /> 
<br /><br /> 
Password:<br /> 
<input type="password" name="password" value="" required /> 
<br /><br /> 
<input type="submit" value="Login" /> 
</form> 
<a href="register.php">Register</a>

3 个答案:

答案 0 :(得分:9)

如果您没有通过电子邮件向用户发送此脚本中的任何内容。您应该做的是创建一个注册表并将值与令牌和日期时间一起存储在那里。一些基于URL的标识符。电子邮件和时间戳concat的简单md5可以正常工作。

$token = md5($_POST['email'].time());

然后通过电子邮件向用户发送链接 - 例如: http://www.yoursite.com/register/confirm?token=yourmd5token

此脚本将从该令牌中获取存储的用户信息,确保日期时间在一个小时左右,然后仅在确认时将数据推送到用户表中,这样您就不会不必要地填写表格。

根据您提供的代码,您不是PHP的真正初学者。所以你应该没有问题谷歌搜索提到的事情的例子。由于通常使用SO来提供快速帮助和基本QA,所以这对您来说太全面了。你的更多是一个完整的项目。

答案 1 :(得分:1)

以下是进行电子邮件验证的一种方法的概念性概述。这个问题仍然太高,无法在任何实际代码中添加答案。此外,请考虑这可能不是进行验证的最佳方式,只是一种简单的方法。

向数据库添加2列:

  • is_verified
  • verification_token

在login.php中:

  1. 创建用户集is_verified = 0并创建随机verification_token。
  2. 创建用户后,使用令牌作为查询字符串参数构建一个指向verify.php的链接。
  3. 发送电子邮件至电子邮件地址,并附上验证链接
  4. 将用户重定向到名为verificationWaiting.php的页面,该页面提醒他们检查他们的电子邮件并单击该链接。

    5. 创建名为verify.php的页面:

    1. 检查数据库中查询字符串中的标记,如果找到了具有toke的用户,则将is_verified标志设置为true。
    2. 将用户重定向到登录页面

      3. 修改login.php以确保用户已将is_verified设置为身份验证条件。

      这只是对一种方法的广泛概述。您可以添加许多其他功能。希望这有助于您入门。

答案 2 :(得分:0)

您有一些选项,您可以添加一个名为“active”的新列,默认为0,直到用户点击生成的链接(例如,yoursite.com/activate.php?key =)。 p>

让密钥=类似用户的电子邮件地址。

用户点击链接并输入之前注册的文件密码后,您可以将活动列设置为1。

第二个选项是生成随机密码,并要求用户从他/她的电子邮件中获取密码。因此需要有效的电子邮件地址。

相关问题
最新问题