我现在有一个会员系统,当有人注册一个帐户时,我需要通过他的电子邮件激活它。他将在收件箱中收到有效链接,例如:
activate.php?email=ipoon2@outlook.com&email_code=b5b90ae21e31229878d681680db16bdf此链接有效,因此当我转到此链接时,他会成功激活该帐户。
您看到?email= ipoon2@outlook.com 所以当我将其更改为 ipodn2@outlook.com 并且email_code仍然相同时,他无法激活他的帐户。他需要收到We cannot find that email之类的错误,当他更改email_code时,他会收到类似problem activate your account的错误
这就是我所得到的问题当我更改电子邮件时,我没有收到任何错误。对于email_code
都没有我有一个名为activate.php的文件,该代码包括:
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = urldecode(trim($_GET['email']));
$email_code = trim($_GET['email_code']);
$user = new User();
if(User::email_exists($email) === false) {
echo 'We cannot find that email'; // return error doesn't show up
} else if (User::activate($email, $email_code) === false) {
echo 'problem activate your account'; // return error doesn't show up
}
}
?>
此外,我还有2个函数,类文件User.php
public function email_exists($email) {
require './config.php';
$email = urldecode(trim($_GET['email']));
$sql_30 = $db->query("SELECT COUNT(id) FROM users WHERE email = '$email'");
if ($sql_30->fetch_object() === true) {
return true;
} else if ($sql_30->fetch_object() === false) {
return false;
}
}
public function activate($email, $email_code) {
require './config.php';
$email = urldecode($email);
$email_code = $db->real_escape_string($email_code);
$sql_33 = $db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `group` = 0");
if ($sql_33->fetch_object()) {
$db->query("UPDATE `users` SET `group` = 1 WHERE `email` = '$email' AND `email_code` = '$email_code'");
return true;
} else {
return false;
}
}
答案 0 :(得分:1)
对我来说,你的email_exists()和activate()是错误的。
if ($sql_30->fetch_object() === true) {
return true;
} else if ($sql_30->fetch_object() === false) {
return false;
}
来自mysqli_result::fetch_object的php文档:
Returns an object with string properties that corresponds to the fetched row or NULL if there are no more rows in resultset.所以你的测试必须是:
if ($sql_30->fetch_object() !== NULL) {
return true;
}
return false;
我想它应该可以解决你的问题。