电子邮件验证 - 网站保持空白 - PHP,MYSQL

时间:2018-02-04 14:20:28

标签: php mysql

当新用户注册时,我会向我发送一封电子邮件。现在我有了这个verify.php代码:

<?php
mysql_connect("localhost", "database", "pw", "databasename") or die(mysql_error()); // Connect to database server(localhost) with username and password.
mysql_select_db("databasename") or die(mysql_error()); // Select registration database.

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysql_escape_string($_GET['email']); // Set email variable
    $hash = mysql_escape_string($_GET['hash']); // Set hash variable

    $search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error()); 
    $match  = mysql_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>

我得到了所有信息......邮件的链接正确:

http://www.yourwebsite.com/verify.php?email='.$email.'&hash='.$hash.'

但是,一旦我点击链接,它就会停留在空白的网站上..没有错误,但没有改变...... :( ...很确定我找不到小错误..

4 个答案:

答案 0 :(得分:0)

解决:

<?php
ini_set('display_errors', true); error_reporting(E_ALL);
$link = $link = mysqli_connect("localhost", "database", "pw!", "database");


// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysqli_escape_string($link, $_GET['email']); // Set email variable
    $hash = mysqli_escape_string($link, $_GET['hash']); // Set hash variable
    $passwort = mysqli_escape_string($link, $_GET['passwort']); // Set hash variable

    $passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);

    $search = mysqli_query($link, "SELECT email, hash, active, passwort FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error()); 
    $match  = mysqli_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysqli_query($link, "UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error()); 
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';

    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>

答案 1 :(得分:-2)

使用die()是一个坏主意,如果发生这种情况,则会将错误记录到Apache错误日志中,并留下空白屏幕。您应该考虑不再使用这种与mysql交互的方式,并考虑将PDO(https://phpdelusions.net/pdo)与预处理语句一起使用。

要查看实际错误,请遵循Web服务器错误日志并查看正在记录的内容。

答案 2 :(得分:-2)

检查此行:

  
    

if(isset($ _ GET ['email'])&amp;&amp;!empty($ _ GET ['email'])AND isset($ _ GET ['hash'])&amp;&amp;!empty($ _ GET [ '散列'])){

  

你在这里使用过“AND”。它应该是:

  

if((isset($ _ GET ['email'])&amp;&amp;!empty($ _ GET ['email']))&amp;&amp;(isset($ _ GET ['hash'])&amp;&amp; ;!empty($ _ GET ['hash']))){

我检查了你的脚本,它正在进行一些修改。根据我的可能错误是status数据类型。它应该是'int'请检查下面:      

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysql_escape_string($_GET['email']); // Set email variable
    $hash = mysql_escape_string($_GET['hash']); // Set hash variable

    $search = mysql_query("SELECT * FROM test_users WHERE u_email='".$email."' AND u_hash='".$hash."' ") or die(mysql_error()); 
    $match  = mysql_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysql_query("UPDATE test_users SET u_status='1' WHERE u_email='".$email."' AND u_hash='".$hash."'") or die(mysql_error());
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>

答案 3 :(得分:-2)

先生,你用过  AND在if循环中尝试&amp;&amp;

相关问题
最新问题