电子邮件验证-站点保持空白-PHP、MYSQL
当一个新用户注册并同意时,我会向我发送一封电子邮件。现在我有了这个verify.php代码:电子邮件验证-站点保持空白-PHP、MYSQL,php,mysql,Php,Mysql,当一个新用户注册并同意时,我会向我发送一封电子邮件。现在我有了这个verify.php代码: <?php mysql_connect("localhost", "database", "pw", "databasename") or die(mysql_error()); // Connect to database server(localhost) with username and password. mysql_select_db("databasename") or die(my
<?php
mysql_connect("localhost", "database", "pw", "databasename") or die(mysql_error()); // Connect to database server(localhost) with username and password.
mysql_select_db("databasename") or die(mysql_error()); // Select registration database.
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysql_escape_string($_GET['email']); // Set email variable
$hash = mysql_escape_string($_GET['hash']); // Set hash variable
$search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>
但一旦我点击了链接,它就会停留在空白的网站上。。无错误,但对…无更改:(很确定有一个小错误,我找不到。< p>)使用die()是一个坏主意,如果发生这种情况,错误被记录到Apache错误日志中,而你将留下一个空白的屏幕。你应该考虑远离使用这种与MySQL交互的方式,并考虑用准备好的语句使用PDO()。
要查看实际错误,请查看web服务器错误日志并查看记录的内容。检查此行:
如果(isset($获取['email'])和&!empty($获取['email'])和isset($获取['hash'])和&!empty($获取['hash'])){
您在此处使用了“和”。它应该是:
如果((isset($获取['email'])&&!empty($获取['email'])&&($获取['hash'])isset($获取['hash'])&&!empty($获取['hash'])){
我已经检查了您的脚本,它正在进行一些修改。根据我的说法,可能的错误是状态数据类型。它应该是“int”,请检查以下内容:
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysql_escape_string($_GET['email']); // Set email variable
$hash = mysql_escape_string($_GET['hash']); // Set hash variable
$search = mysql_query("SELECT * FROM test_users WHERE u_email='".$email."' AND u_hash='".$hash."' ") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysql_query("UPDATE test_users SET u_status='1' WHERE u_email='".$email."' AND u_hash='".$hash."'") or die(mysql_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>
if(isset($获取['email'])和&!empty($获取['email'])和isset($获取['hash'])和&!empty($获取['hash'])){
//验证数据
$email=mysql\u escape\u string($\u GET['email']);//设置电子邮件变量
$hash=mysql\u escape\u string($\u GET['hash']);//设置哈希变量
$search=mysql\u query(“从test\u用户中选择*,其中u\u email=”“$email.”和u\u hash=”“$hash.”)或die(mysql\u error());
$match=mysql\u num\u行($search);
如果($match>0){
//我们有匹配项,激活帐户
mysql_查询(“更新测试_用户设置u_状态='1',其中u_email=''.$email.'和u_hash='.$hash.''))或死亡(mysql_error());
echo“您的帐户已激活,您现在可以登录”;
}否则{
//没有匹配->无效的url或帐户已被激活。
echo“url无效,或者您已经激活了您的帐户。”;
}
}否则{
//无效方法
echo“无效方法,请使用已发送到您电子邮件的链接。”;
}
?>
解决方法:
<?php
ini_set('display_errors', true); error_reporting(E_ALL);
$link = $link = mysqli_connect("localhost", "database", "pw!", "database");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysqli_escape_string($link, $_GET['email']); // Set email variable
$hash = mysqli_escape_string($link, $_GET['hash']); // Set hash variable
$passwort = mysqli_escape_string($link, $_GET['passwort']); // Set hash variable
$passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);
$search = mysqli_query($link, "SELECT email, hash, active, passwort FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error());
$match = mysqli_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysqli_query($link, "UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>
没有错误;我看不到任何相同的错误报告语法..但一旦我单击链接,站点将保持空白..并且数据库中没有任何更改:)网站空白,对我来说意味着500和php的死亡。可能是因为使用了mysql\u*
函数……每次你在新代码中使用数据库扩展,它都会被弃用,多年来一直在PHP7中消失。如果你只是在学习php,请花精力学习PDO
或mysqli
数据库扩展你认为通过电子邮件发送是安全的吗?这是一种非常不安全的机制,用户散列了密码???我认为散列密码我认为你误解了什么die(\u一些字符串\u在这里)
是的。它不会将该字符串发送到apache错误日志。它会将该字符串显示到浏览器。如果他使用了errorno,则该字符串将与该代码一起退出。(ps:我不是向下投票人)没有死亡()它仍然将我留在空白屏幕上:)…是的,我知道..但我现在开始这样做:(这有什么问题吗?你介绍的东西没有什么不同。除了比较的顺序之外,但是如果所有的东西都是AND,那么它就不重要了。小注释和=&
最好写成!empty($\u GET['email'])和!empty($\u GET['hash'])
)伙计们,很抱歉我回答错了,但请不要再给我否决票了。嗨..你们做了什么修改?我只是从数据库中看到了其他名称,然后是我的..你们的意思应该是“int”“active”是默认的0 int
<?php
ini_set('display_errors', true); error_reporting(E_ALL);
$link = $link = mysqli_connect("localhost", "database", "pw!", "database");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
// Verify data
$email = mysqli_escape_string($link, $_GET['email']); // Set email variable
$hash = mysqli_escape_string($link, $_GET['hash']); // Set hash variable
$passwort = mysqli_escape_string($link, $_GET['passwort']); // Set hash variable
$passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);
$search = mysqli_query($link, "SELECT email, hash, active, passwort FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error());
$match = mysqli_num_rows($search);
if($match > 0){
// We have a match, activate the account
mysqli_query($link, "UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error());
echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
}else{
// No match -> invalid url or account has already been activated.
echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
}
}else{
// Invalid approach
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>