PHP&;MySQL电子邮件验证不工作
我有个问题。我在我的网站上注册了电子邮件验证。它两天前还在工作,但昨天停止了工作。我试图改成代码,但什么也没发生。问题是代码没有找到任何匹配项。以下是代码:PHP&;MySQL电子邮件验证不工作,php,html,mysql,Php,Html,Mysql,我有个问题。我在我的网站上注册了电子邮件验证。它两天前还在工作,但昨天停止了工作。我试图改成代码,但什么也没发生。问题是代码没有找到任何匹配项。以下是代码: ob_start(); require_once 'include/connect.php'; $pripojenie=mysql_query("SELECT * FROM users"); $row=mysql_fetch_array($pripojenie); if(isset($_GET['tokenCode'])){
ob_start();
require_once 'include/connect.php';
$pripojenie=mysql_query("SELECT * FROM users");
$row=mysql_fetch_array($pripojenie);
if(isset($_GET['tokenCode'])){
$token = $_GET['tokenCode'];
$query = "UPDATE users SET userStatus='Y' WHERE tokenCode='$token'";
if($dbcon->query($query)){
//odoslať email
$to=$_GET['userEmail'];
$subject='Účet aktivovaný';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: <noreply@limix.eu>' . "\r\n";
$text="<!DOCTYPE html>
<html>
<head>
</head>
<body>
<p>Ahoj!<br><br>Ďakujem za aktiváciu účtu na webovej stránke <a href='http://limix.eu'>LiMix.eu</a>.<br><br>S pozdravom<br>Maximilián Csank
</body>
</html>";
mail($to, $subject, $text, $headers);
header('Location: index.php?error=4');
exit();
}
//ak je už aktívny, presmerovať na chybu
} else if ($row['userStatus']=='Y') {
header('Location: index.php?error=7');
exit();
} else {
//ak je zlý token, presmerovať na chybu
header('Location: index.php?error=5');
exit();
}
您应该如何通过发送包含令牌的超链接的电子邮件来验证用户电子邮件地址的示例-您不需要在发送的任何链接中包含电子邮件地址 假设您生成的电子邮件包含如下超链接:
<a href='https://www.example.com/verify.php?token=$token'>Click here to verify registration</a>
function createtoken( $email, $key ){
return hash_hmac( 'ripemd160', sha1( $email ), $key );
}
function verifyemail( $email, $token, $key ){
return createtoken( $email, $key )===$token;
}
/* define a secret used to hash the email address prior to sending email */
define( 'SECRET_KEY', sha1('This is ever so secret and never changes') );
然后处理用户激活
/* verify.php */
if( $_SERVER['REQUEST_METHOD']=='GET' && !empty( $_GET['token'] ) ){
try{
/* Get the token from the URI */
$token=filter_input( INPUT_GET, 'token', FILTER_SANITIZE_STRING );
$dbhost = 'localhost';
$dbuser = 'xxx';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
/* assume $db is a mysqli connection */
$sql='select distinct `email` from `users` where `token`=? and `userstatus`=?';
$stmt=$db->prepare( $sql );
if( $stmt ){
$status=0;
$stmt->bind_param( 'si', $token, $status );
$result=$stmt->execute();
if( $result ){
/* Store the result & bind column to variable BEFORE getting `num_rows` */
$stmt->store_result();
$stmt->bind_result( $email );
/* Fetch number of rows from db as integer ~ there should be only 1 at most */
$rows=$stmt->num_rows;
/* Fetch the result into the variable & tidy up */
$stmt->fetch();
$stmt->free_result();
$stmt->close();
if( $rows==1 ){
/* Token was found - validate and update db */
if( verifyemail( $email, $token, SECRET_KEY ) ){
$sql='update `users` set `userstatus`=? where `token`=?';
$stmt=$db->prepare( $sql );
if( $stmt ){
/*
in my test table `users`, the column `userstatus` is set as `tinyint(1)`
so 1=yes/true and 0=no/false rather than string yes/no
*/
$yes=1;
$stmt->bind_param( 'ss', $yes, $token );
$result = $stmt->execute();
if( $result ){
$rows = $db->affected_rows;
if( $rows===1 ){
$status=@mail( $email, 'success', 'email validated' );
exit( header( 'Location: /login?validated='.$status ) );
}
} else {
throw new Exception('unable to update record',5);
}
}
} else {
throw new Exception('unable to verify email',4);
}
} else {
/* Token cannot be found */
throw new Exception('Invalid token',3);
}
} else {
throw new Exception('query failed',2);
}
} else {
throw new Exception('unable to prepare sql statement',1);
}
}catch( Exception $e ){
exit( header( 'Location: /index.php?error='.$e->getCode().'&message='.$e->getMessage() ) );
}
}
--
$token
的值既需要记录在数据库中(与用户的电子邮件地址记录相同),也需要在HTML电子邮件中发送的超链接中使用
define( 'SECRET_KEY', sha1('This is ever so secret and never changes') );
$token = createtoken( 'fred.bloggs@yahoo.com', SECRET_KEY ); /* yields: c6bc1ba4a8193cd965f1175197b5170c4c385040 */
一个基本示例用户
表:
mysql>describe users;
+------------+---------------------+------+-----+------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+---------------------+------+-----+------------------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(64) | NO | MUL | NULL | |
| email | varchar(64) | NO | MUL | mail@example.com | |
| token | varchar(64) | NO | MUL | default_token | |
| userstatus | tinyint(1) unsigned | NO | | 0 | |
+------------+---------------------+------+-----+------------------+----------------+
/* add the user */
mysql>insert into `users` (`username`,`email`,`token`) values ('fred.bloggs','fred.bloggs@yahoo.com','c6bc1ba4a8193cd965f1175197b5170c4c385040');
/*
It would be at this point ( adding user to db ) that you generate the email to the user with a confirmation link that they must click.
The status is set to zero / no so they should not be able to login until that is updated.
The above is the equivalent of the user clicking "submit" after completing the form for example
*/
mysql> select * from users;
+----+-------------+-----------------------+------------------------------------------+------------+
| id | username | email | token | userstatus |
+----+-------------+-----------------------+------------------------------------------+------------+
| 1 | fred.bloggs | fred.bloggs@yahoo.com | c6bc1ba4a8193cd965f1175197b5170c4c385040 | 0 |
+----+-------------+-----------------------+------------------------------------------+------------+
用户单击他/她的电子邮件中的链接,然后进入verify.php
页面(例如)和查询字符串https://www.example.com/verify.php?token=c6bc1ba4a8193cd965f1175197b5170c4c385040
包含标记
——因此,此时验证将从先前发布的代码开始
在进行验证时,您往往看不到这样一个简化的url,但本质上就是这样。为用户提供的实际URL可能会更加复杂,因为有些人可能认为上面的机制很容易被破坏(如果他们看到电子邮件开始)
我希望这对您的注册确认工作有所帮助~因为您没有共享生成令牌、记录到db或向用户发送电子邮件的代码部分,因此只能作为指导而不是实际答案,而是其中的某些部分(即准备好的声明方法)应采用/调整您的代码,以防止淘气的人入侵您的数据库;-) 您的令牌代码是什么,查询是如何进行的?
echo$query=“UPDATE user….
?mysql\u query
,$dbcon->query
。为什么?我不明白代码中这两行的目的是什么?$pripojenie=mysql\u query(“SELECT*FROM users”);$row=mysql\u fetch\u array($pripojenie);
。它将只检索一行,也检索其他一些记录的一行。您试图实现什么?注意:您将mysql和PDO@VedPrakash我没有收到任何错误。它将我移动到index.php?error=7,显示该帐户已激活。如果此行正在执行header('Location:index.php?error=7')。这意味着,如果(isset($\u GET['tokenCode']){
不起作用。tokenCode
不会进入此页面。谢谢,但是getCode(),我没有指定的错误代码,我手动设置。如何指定它?我犯了一个小错误,在调用$stmt->num rows
之前调用了$stmt->store\u result()
etc,因此它总是返回零。稍微修改sql,仅在令牌与提供的令牌匹配并且userstatus
为零时选择用户的电子邮件(即:尚未验证)~除此之外,它似乎还起作用,所以你能澄清一下它在哪里失败了吗?它没有找到匹配项。而$token是token,必须通过电子邮件发送并添加到DB中?还是$key?请给我完整的验证代码,正确:)
mysql>describe users;
+------------+---------------------+------+-----+------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+---------------------+------+-----+------------------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(64) | NO | MUL | NULL | |
| email | varchar(64) | NO | MUL | mail@example.com | |
| token | varchar(64) | NO | MUL | default_token | |
| userstatus | tinyint(1) unsigned | NO | | 0 | |
+------------+---------------------+------+-----+------------------+----------------+
/* add the user */
mysql>insert into `users` (`username`,`email`,`token`) values ('fred.bloggs','fred.bloggs@yahoo.com','c6bc1ba4a8193cd965f1175197b5170c4c385040');
/*
It would be at this point ( adding user to db ) that you generate the email to the user with a confirmation link that they must click.
The status is set to zero / no so they should not be able to login until that is updated.
The above is the equivalent of the user clicking "submit" after completing the form for example
*/
mysql> select * from users;
+----+-------------+-----------------------+------------------------------------------+------------+
| id | username | email | token | userstatus |
+----+-------------+-----------------------+------------------------------------------+------------+
| 1 | fred.bloggs | fred.bloggs@yahoo.com | c6bc1ba4a8193cd965f1175197b5170c4c385040 | 0 |
+----+-------------+-----------------------+------------------------------------------+------------+