生成随机数&邮件激活

时间:2016-03-28 17:43:09

标签: php mysql email

我目前正在尝试使用php并创建了一个小型HTML文档,它使用表单来解析电子邮件和名称等信息。

我还创建了一个单独的php文件,用于分配已分析的数据(电子邮件,名称),并将此信息作为登录信息保存到数据库表中。

我还创建了一个随机数,每次填写表格时都会生成该数字。

然后,我想向用户发送一封电子邮件,然后用于激活他们在数据库中的帐户。我这样做是通过在我的db表中创建两个额外的字段,1来存储生成代码,另一个是布尔值0(false)或1(true)。

我发送电子邮件时遇到了困难。电子邮件本身正在发送,但是如果你在代码中查看我的$ body变量,我会给出一个链接:

  

http://localhost:8888/activation.php?acode= $ ACODE

我试图让.php之后附加激活码并且不确定为什么不是?

我发布了我的PHP代码,因为它可能更容易扫描并了解我已经完成的过程:

$acode = rand(1111111111,9999999999); 

    $to = $email; 
    $subject = 'Please activate your account';
    $headers = 'From: welcome@oreon.com'; 
    $body = 'Hello ' . $first_name . ', \n\n Please click the link below to activate your account. \n\n http://localhost:8888/activation.php?acode=$acode \n\n Thanks.';

    // Create a new connection 
    $conn = new mysqli($servername, $username, $password); 

    if($conn->connect_error) { 
        die ('Connection Failed'); 
    } else { 
        echo ('Connection Established <br>'); 

        if(!mysqli_select_db($conn,'Oreon')) { 
            die('Database could not be reached'); 
        } else { 
            echo ('Database Reached'); 
        } // close brackets db selected 

        // Prepare SQL statements 
        $core_customer_insert = "INSERT INTO core_customer_information(firstname, lastname, email, password, activation_code, activated) VALUES ('$first_name','$last_name','$email','$user_password','$acode','0')"; 

        // Prepare SQL statements 
        $core_company_insert = "INSERT INTO core_company_information(name, reg_address, postcode, comp_reg_no, comp_utr_no, comp_vat_no) VALUES ('$company_name','$address_line','$postcode','$company_reg_no','$company_utr_no','$company_vat_no')";

        if($conn->query($core_customer_insert) === TRUE) { 
            echo ('Data successfully added'); 
            // Send activation email
            if(!mail($to,$subject,$body,$headers)) { 
                echo '<br>The activation email could not be sent at this time.'; 
            }
        } else { 
            die ('Data not added ' . $conn->error); 
        }

        if($conn->query($core_company_insert) === TRUE) { 
            echo ('Data successfully added'); 
            echo ('<br> ' . $activation_code_generator); 
        } else { 
            die ('Data not added ' . $conn->error); 
        }
    }
} // close brackets for connected

提前感谢任何可以帮助我的人。

1 个答案:

答案 0 :(得分:0)

首先,就像对方说的那样,你只需要联系他们,但我想再帮助你。

好吧,所以这里是您的代码的问题,认为它就像建设性的批评:

  1. 保护您的查询,他们很容易被注入
  2. 存在两个激活值可能发生冲突的风险,因为您只是获取随机值,而不是唯一随机值
  3. 您可以避免#2,但是一旦帐户被激活,您必须确保删除激活码
  4. 您正在使用存在MySQLi对象的过程方法
  5. 您也不包括电子邮件数据类型标题

    6. 我还有一些问题,但考虑到我在几年前处于同样的位置,我不会触及美学和所有。我已经决定重写你的代码并稍微评论一下,以便你可以从中实际学习

    <?php

# First we generate the randomly unique activation code, there is an incredibly small chance of collision but that would only happen once in millenia or if you don't delete any activation values for centuries

$acode = md5(uniqid());

# If you are doing this for organization, I recommend arrays

$mailData = array(
        "to"        =>  $email, # User's email
        "subject"   =>  "Please activate your account", # E-mail subject, should be same as body title
        "headers"   =>  "From:  <you@atemail.com>\r\n
                        To: ".$first_name." <".$email.">\r\n
                        MIME-Version: 1.0\r\n
                        Content-type: text/html; charset=iso-8859-1\r\n", # From: <your or sender's email>, To: User's name <user's email>, MIME-Version: Mime version, don't worry too much about this one. COntent-type: Charset and type of content that the email will have
        "body"      => "<html>
                        <head>
                            <title>Please activate your account</title>
                        </head>
                        <body>
                            Hello ".$first_name . ", \n\n Please click the link below to activate your account. \n\n http://localhost:8888/activation.php?acode=".$acode." \n\n Thanks.
                        </body>
                        </html>" # Actual content of the email
    );

// Create a new connection 
$conn = new mysqli($servername, $username, $password); 

if ( $conn->connect_error )
{
    # I'm assuming this is a testing environment so I'll keep my comments about the way you are reporting progress off
    die ('Connection Failed'); 
}
else
{
    echo ('Connection Established <br>'); 

    # No need for this, you are already checking for connection errors on the creaton of the MySQLi object

    /*
    if ( !mysqli_select_db($conn, 'Oreon') )
        die('Database could not be reached'); 
    else
        echo ('Database Reached');
    */

    // Prepare SQL statements
    # Please protect your queries

    $core_customer_insert = "INSERT INTO core_customer_information(firstname, lastname, email, password, activation_code, activated) VALUES (
    '".$conn->real_escape_string($first_name)."',
    '".$conn->real_escape_string($last_name)."',
    '".$conn->real_escape_string($email)."',
    '".$conn->real_escape_string($user_password)."',
    '".$conn->real_escape_string($acode)."',
    '0')"; 

    // Prepare SQL statements 
    $core_company_insert = "INSERT INTO core_company_information(name, reg_address, postcode, comp_reg_no, comp_utr_no, comp_vat_no) VALUES (
    '".$conn->real_escape_string($company_name)."',
    '".$conn->real_escape_string($address_line)."',
    '".$conn->real_escape_string($postcode)."',
    '".$conn->real_escape_string($company_reg_no)."',
    '".$conn->real_escape_string($company_utr_no)."',
    '".$conn->real_escape_string($company_vat_no)."')";

    if ( $conn->query($core_customer_insert) === TRUE )
    { 
        echo ('Data successfully added'); 

        // Send activation email

        if( !mail($mailData['to'], $mailData['subject'], $mailData['body'], $mailData['headers']) )
            echo '<br>The activation email could not be sent at this time.'; 

    }
    else
        die ('Data not added ' . $conn->error);
}

    请记住,我没有完全测试但它应该可以正常工作。请务必阅读代码并查看评论。祝你好运。

相关问题
最新问题