基本上我设置了一个自签名的SSL证书,突然之间我的注册论坛停止了工作,它几乎感觉好像它进入了一个重定向循环,但事实并非如此,我的注册工作方式是你需要的通过电子邮件验证您的帐户当您单击该注册表时,该页面将在几分钟内未加载,然后最终会向您发送验证已发送但不会发送到您的电子邮件地址的通知。此外,在我设置自签名SSL之前,它确实有效,我相信这是因为SSL没有看到我的register.php论坛是安全的因为它没有发送它,因为它是未加密的,如果有旁路或修复方法非常感谢。
<?php
define('DIRECT', TRUE);
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
/* Registration process, inserts user info into the database
and sends account confirmation email message
*/
// Set session variables to be used on activate.php page
$_SESSION['email'] = $_POST['email'];
$_SESSION['username'] = $_POST['firstname'];
// Escape all $_POST variables to protect against SQL injections
$username = $mysqli->escape_string($_POST['firstname']);
$ip=$_SERVER['REMOTE_ADDR'] = getRealIpAddr();
$dateTime = date('Y/m/d G:i:s');
$email = $mysqli->escape_string($_POST['email']);
$uncryptpass = $mysqli->escape_string($_POST['password']);
$password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
$hash = $mysqli->escape_string( md5( rand(0,1000) ) );
// Check if user with that email already exists
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'") or die($mysqli->error());
// We know user email exists if the rows returned are more than 0
if ( $result->num_rows > 0 ) {
$_SESSION['message'] = 'An account with ' .$email. ' already exists!';
header("location: /login/index.php");
}
else { // Email doesn't already exist in a database, proceed...
// active is 0 by DEFAULT (no need to include it here)
$sql = "INSERT INTO users (username, email, uncryptpass, password, hash, ip, date) "
. "VALUES ('$username','$email','$uncryptpass','$password', '$hash', '$ip', '$dateTime')";
// Add user to the database
if ( $mysqli->query($sql) ){
$_SESSION['active'] = 0; //0 until user activates their account with verify.php
$_SESSION['logged_in'] = true; // So we know the user has logged in
$_SESSION['message'] =
"Confirmation link has been sent to $email, please verify
your account by clicking on the link in the message!";
// Send registration confirmation link (verify.php)
$to = $email;
$subject = 'Account Verification';
$message_body = '
'.$username.',
***DO NOT RESPOND BACK TO THIS EMAIL***
https://example.com/login/verify.php?email='.$email.'&hash='.$hash;
mail( $to, $subject, $message_body );
header("location: activate.php");
}
else {
$_SESSION['message'] = 'Registration failed!';
header("location: /login/index.php");
}
}