PHP:用于验证电子邮件的哈希

时间:2015-12-11 15:52:35

标签: php mysql json

所以,我正在使用MySQL数据库对我的iPhone应用程序进行完整的注册过程。注册用户并最终登录工作得很好。但现在我希望用户必须首先验证他的电子邮件才能登录。

据我所知,我已经完成了,但它似乎没有正常工作。这是我的代码:

//signup.php

header('Content-type: application/json');
if($_POST) {
    $username   = $_POST['username'];
    $password   = $_POST['password'];
    $c_password = $_POST['c_password'];

    if($_POST['username']) {
        if ( $password == $c_password ) {

            $db_name     = 'db';
            $db_user     = 'user1';
            $db_password = 'myPassword';
            $server_url  = 'localhost';

            $mysqli = new mysqli('localhost', $db_user, $db_password, $db_name);

            /* check connection */
            if (mysqli_connect_errno()) {
                error_log("Connect failed: " . mysqli_connect_error());
                echo '{"success":0,"error_message":"' . mysqli_connect_error() . '"}';
            } else {
            $hash = md5( rand(0,1000) ); 
            $stmt = $mysqli->prepare("INSERT INTO users (username, password, hash) VALUES (?, ?, ?)");
                $password = md5($password);
                $stmt->bind_param('sss', $username, $password, $hash);

                /* execute prepared statement */
                $stmt->execute();

                if ($stmt->error) {

                error_log("Error: " . $stmt->error); 
                }

                $success = $stmt->affected_rows;

                /* close statement and connection */
                $stmt->close();

                /* close connection */
                $mysqli->close();
                error_log("Success: $success");

                if ($success > 0) {


                $to      = $username; // Send email to our user
                $subject = 'Signup | Verification'; // Give the email a subject 
                $message = '

                Thanks for signing up!
                Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

                ------------------------
                Username: '.$username.'
                Password: '.$password.'
                ------------------------

                Please click this link to activate your account:
                http://www.mywebsite.ch/verify.php?email='.$username.'&hash='.$hash.'

                '; // Our message above including the link

                $headers = 'From:noreply@mywebsite.ch' . "\r\n"; // Set from headers
                mail($to, $subject, $message, $headers); // Send our email


                error_log("User '$username' created.");
                echo '{"success":1}';
                } 
                else {
                    echo '{"success":0,"error_message":"Username Exist."}';
                }
            }
        } 

        else {
            echo '{"success":0,"error_message":"Passwords does not match."}';
        }

    } 

    else {
        echo '{"success":0,"error_message":"Invalid Username."}';
    }
}

else {
    echo '{"success":0,"error_message":"Invalid Data."}';
}

这是我的验证码:

//verify.php

header('Content-type: application/json');
$mysqli = new mysqli("localhost", "user", "myPassword", "db");

if (mysqli_connect_errno()) {
    error_log("Connect failed: " . mysqli_connect_error());
    echo '{"success":0,"error_message":"' . mysqli_connect_error() . '"}';
    } 
    else 
    {

        if(isset($_GET['username']) && !empty($_GET['username']) AND isset($_GET['hash']) && !empty($_GET['hash'])){

         $username = mysqli_real_escape_string($GET['username']);
         $hash = mysqli_real_escape_string($GET['hash']);

    $stmt = $mysqli->query("SELECT username, hash, active FROM users WHERE username='".$username."' AND hash='".$hash."' AND active='0'"); 
    $match  = mysqli_num_rows($stmt);

    if($match > 0){
        // We have a match, activate the account
        $mysqli->query("UPDATE users SET active='1' WHERE username='".$username."' AND hash='".$hash."' AND active='0'");
        echo "Your account has been activated, you can now log in.";

    }
}


    else{
        // No match -> invalid url or account has already been activated.
        echo "The url is either invalid or you already have activated your account.";
    }



}

else{
    // Invalid approach
    echo "Invalid approach, please use the link that has been sent to your E-mail.";

}

我收到一封具有相同用户名和哈希值的电子邮件,该邮件保存在数据库中,但它仍然无法正常工作。相反,我得到"无效方法的输出,请使用已发送到您的电子邮件的链接"。

我认为这是一个逻辑上的错误,因为我在研究这个帖子之前研究了很多并且做了很多改变。

注意:我知道,我不应该使用md5而是使用PHP提供的函数。我向你保证,我将把这段代码带到PHP的最新阶段,但首先我想把它带到工作中。我在这个领域真的很新,所以对于任何错误,我提前道歉。

任何帮助都会非常感激。

2 个答案:

答案 0 :(得分:2)

您之前的else声明以前没有if?这里有整个档案吗?问题必须在if语句中。

if(???){
    [...]
}else{
    // Invalid approach
    echo "Invalid approach, please use the link that has been sent to your E-mail.";
}

一旦缩进,您的代码看起来没有使用if / else使用

if () {
} 
else{
    if(){
        if(){
        }
    }
    else{ 
    }
}
else{
    // Invalid approach
    echo "Invalid approach, please use the link that has been sent to your E-mail.";
}

答案 1 :(得分:1)

Gauthier 的答案外,还有其他错误。

signup.php 中,您可以定义类似

的网址 
http://www.mywebsite.ch/verify.php?email='.$username.'&hash='.$hash.'

但是,在 verify.php 中,您的$_GET应该使用

$_GET['email']


$_GET['username']

另外,只需抬头,检查isset()!empty()redundant

该部分看起来应该更像

if (isset($_GET['email']) && isset($_GET['hash'])) {
    $username = mysqli_real_escape_string($GET['email']);
    $hash = mysqli_real_escape_string($GET['hash']);
    ....
相关问题
最新问题