PHP&;MySQL电子邮件验证不工作
我有个问题。我在我的网站上注册了电子邮件验证。它两天前还在工作,但昨天停止了工作。我试图改成代码,但什么也没发生。问题是代码没有找到任何匹配项。以下是代码:PHP&;MySQL电子邮件验证不工作,php,html,mysql,Php,Html,Mysql,我有个问题。我在我的网站上注册了电子邮件验证。它两天前还在工作,但昨天停止了工作。我试图改成代码,但什么也没发生。问题是代码没有找到任何匹配项。以下是代码: ob_start(); require_once 'include/connect.php'; $pripojenie=mysql_query("SELECT * FROM users"); $row=mysql_fetch_array($pripojenie); if(isset($_GET['tokenCode'])){
ob_start();
require_once 'include/connect.php';
$pripojenie=mysql_query("SELECT * FROM users");
$row=mysql_fetch_array($pripojenie);
if(isset($_GET['tokenCode'])){
$token = $_GET['tokenCode'];
$query = "UPDATE users SET userStatus='Y' WHERE tokenCode='$token'";
if($dbcon->query($query)){
//odoslať email
$to=$_GET['userEmail'];
$subject='Účet aktivovaný';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: <noreply@limix.eu>' . "\r\n";
$text="<!DOCTYPE html>
<html>
<head>
</head>
<body>
<p>Ahoj!<br><br>Ďakujem za aktiváciu účtu na webovej stránke <a href='http://limix.eu'>LiMix.eu</a>.<br><br>S pozdravom<br>Maximilián Csank
</body>
</html>";
mail($to, $subject, $text, $headers);
header('Location: index.php?error=4');
exit();
}
//ak je už aktívny, presmerovať na chybu
} else if ($row['userStatus']=='Y') {
header('Location: index.php?error=7');
exit();
} else {
//ak je zlý token, presmerovať na chybu
header('Location: index.php?error=5');
exit();
}
您应该如何通过发送包含令牌的超链接的电子邮件来验证用户电子邮件地址的示例-您不需要在发送的任何链接中包含电子邮件地址 假设您生成的电子邮件包含如下超链接:
<a href='https://www.example.com/verify.php?token=$token'>Click here to verify registration</a>
function createtoken( $email, $key ){
return hash_hmac( 'ripemd160', sha1( $email ), $key );
}
function verifyemail( $email, $token, $key ){
return createtoken( $email, $key )===$token;
}
/* define a secret used to hash the email address prior to sending email */
define( 'SECRET_KEY', sha1('This is ever so secret and never changes') );
/* verify.php */
if( $_SERVER['REQUEST_METHOD']=='GET' && !empty( $_GET['token'] ) ){
try{
/* Get the token from the URI */
$token=filter_input( INPUT_GET, 'token', FILTER_SANITIZE_STRING );
$dbhost = 'localhost';
$dbuser = 'xxx';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
/* assume $db is a mysqli connection */
$sql='select distinct `email` from `users` where `token`=? and `userstatus`=?';
$stmt=$db->prepare( $sql );
if( $stmt ){
$status=0;
$stmt->bind_param( 'si', $token, $status );
$result=$stmt->execute();
if( $result ){
/* Store the result & bind column to variable BEFORE getting `num_rows` */
$stmt->store_result();
$stmt->bind_result( $email );
/* Fetch number of rows from db as integer ~ there should be only 1 at most */
$rows=$stmt->num_rows;
/* Fetch the result into the variable & tidy up */
$stmt->fetch();
$stmt->free_result();
$stmt->close();
if( $rows==1 ){
/* Token was found - validate and update db */
if( verifyemail( $email, $token, SECRET_KEY ) ){
$sql='update `users` set `userstatus`=? where `token`=?';
$stmt=$db->prepare( $sql );
if( $stmt ){
/*
in my test table `users`, the column `userstatus` is set as `tinyint(1)`
so 1=yes/true and 0=no/false rather than string yes/no
*/
$yes=1;
$stmt->bind_param( 'ss', $yes, $token );
$result = $stmt->execute();
if( $result ){
$rows = $db->affected_rows;
if( $rows===1 ){
$status=@mail( $email, 'success', 'email validated' );
exit( header( 'Location: /login?validated='.$status ) );
}
} else {
throw new Exception('unable to update record',5);
}
}
} else {
throw new Exception('unable to verify email',4);
}
} else {
/* Token cannot be found */
throw new Exception('Invalid token',3);
}
} else {
throw new Exception('query failed',2);
}
} else {
throw new Exception('unable to prepare sql statement',1);
}
}catch( Exception $e ){
exit( header( 'Location: /index.php?error='.$e->getCode().'&message='.$e->getMessage() ) );
}
}
$tokendefine( 'SECRET_KEY', sha1('This is ever so secret and never changes') );
$token = createtoken( 'fred.bloggs@yahoo.com', SECRET_KEY ); /* yields: c6bc1ba4a8193cd965f1175197b5170c4c385040 */
用户mysql>describe users;
+------------+---------------------+------+-----+------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+---------------------+------+-----+------------------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(64) | NO | MUL | NULL | |
| email | varchar(64) | NO | MUL | mail@example.com | |
| token | varchar(64) | NO | MUL | default_token | |
| userstatus | tinyint(1) unsigned | NO | | 0 | |
+------------+---------------------+------+-----+------------------+----------------+
/* add the user */
mysql>insert into `users` (`username`,`email`,`token`) values ('fred.bloggs','fred.bloggs@yahoo.com','c6bc1ba4a8193cd965f1175197b5170c4c385040');
/*
It would be at this point ( adding user to db ) that you generate the email to the user with a confirmation link that they must click.
The status is set to zero / no so they should not be able to login until that is updated.
The above is the equivalent of the user clicking "submit" after completing the form for example
*/
mysql> select * from users;
+----+-------------+-----------------------+------------------------------------------+------------+
| id | username | email | token | userstatus |
+----+-------------+-----------------------+------------------------------------------+------------+
| 1 | fred.bloggs | fred.bloggs@yahoo.com | c6bc1ba4a8193cd965f1175197b5170c4c385040 | 0 |
+----+-------------+-----------------------+------------------------------------------+------------+
verify.phphttps://www.example.com/verify.php?token=c6bc1ba4a8193cd965f1175197b5170c4c385040标记我希望这对您的注册确认工作有所帮助~因为您没有共享生成令牌、记录到db或向用户发送电子邮件的代码部分,因此只能作为指导而不是实际答案,而是其中的某些部分(即准备好的声明方法)应采用/调整您的代码,以防止淘气的人入侵您的数据库;-) 您的令牌代码是什么,查询是如何进行的?
echo$query=“UPDATE user….mysql\u query$dbcon->query$pripojenie=mysql\u query(“SELECT*FROM users”);$row=mysql\u fetch\u array($pripojenie);header('Location:index.php?error=7')。这意味着,如果(isset($\u GET['tokenCode']){
不起作用。tokenCode
不会进入此页面。谢谢,但是getCode(),我没有指定的错误代码,我手动设置。如何指定它?我犯了一个小错误,在调用$stmt->num rows
之前调用了$stmt->store\u result()
etc,因此它总是返回零。稍微修改sql,仅在令牌与提供的令牌匹配并且userstatus
为零时选择用户的电子邮件(即:尚未验证)~除此之外,它似乎还起作用,所以你能澄清一下它在哪里失败了吗?它没有找到匹配项。而$token是token,必须通过电子邮件发送并添加到DB中?还是$key?请给我完整的验证代码,正确:)
mysql>describe users;
+------------+---------------------+------+-----+------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+---------------------+------+-----+------------------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(64) | NO | MUL | NULL | |
| email | varchar(64) | NO | MUL | mail@example.com | |
| token | varchar(64) | NO | MUL | default_token | |
| userstatus | tinyint(1) unsigned | NO | | 0 | |
+------------+---------------------+------+-----+------------------+----------------+
/* add the user */
mysql>insert into `users` (`username`,`email`,`token`) values ('fred.bloggs','fred.bloggs@yahoo.com','c6bc1ba4a8193cd965f1175197b5170c4c385040');
/*
It would be at this point ( adding user to db ) that you generate the email to the user with a confirmation link that they must click.
The status is set to zero / no so they should not be able to login until that is updated.
The above is the equivalent of the user clicking "submit" after completing the form for example
*/
mysql> select * from users;
+----+-------------+-----------------------+------------------------------------------+------------+
| id | username | email | token | userstatus |
+----+-------------+-----------------------+------------------------------------------+------------+
| 1 | fred.bloggs | fred.bloggs@yahoo.com | c6bc1ba4a8193cd965f1175197b5170c4c385040 | 0 |
+----+-------------+-----------------------+------------------------------------------+------------+