I already have an advanced user login/register system on my website (colemansystems.psm2.co.uk). However, I would like to have a email sent to new users for verification of their email address. If they have not clicked the link they will not be able to access their account. I am semi-experienced with PHP and MySQL, so please explain in depth.
我已经在我的网站上有一个高级的用户登录/注册系统(colemansystems.psm2.co.uk)。不过,我想给新用户发一封电子邮件,以核实他们的电子邮件地址。如果他们没有点击链接,他们将无法访问他们的帐户。我对PHP和MySQL有一定的了解,所以请您多多指教。
Edit: The code I'm using for the verify.php file (the link the user click on with a GET (for example, verify.php?d=51773199320))
编辑:我正在使用的验证码。php文件(用户使用GET单击的链接(例如,verify.php?d=51773199320))
$secret = $_GET['d'];
$result = mysql_query("SELECT valid FROM users WHERE secret=$secret");
while ($row = mysql_fetch_array($result))
{
$valid = $row['valid'];
}
if ($valid == "") {
echo"There seems to be a problem with the verification code.<br><br><br><br><br>";
}
elseif ($valid == "1")
{
echo"Your account is already verified.<br><br><br><br><br>";
}
else
{
mysql_query("UPDATE users SET valid = '1' WHERE secret=$secret");
echo "Thank you, your account is now verified and you are free to use the exclusive features!<br><br><br><br><br><br>";
}
Is this secure?
这是安全的吗?
3 个解决方案
#1
29
The easiest way is not to register unverified users at all.
最简单的方法是不注册未经验证的用户。
Ask them for an email address and send email with a link that contains this address sealed with a hash. Upon receiving this link you can start the registration process.
询问他们的电子邮件地址和发送电子邮件的链接,包含这个地址和一个散列。收到这个链接后,您可以开始注册过程。
Something like this
像这样的东西
$secret = "35onoi2=-7#%g03kl";
$email = urlencode($_POST['email']);
$hash = MD5($_POST['email'].$secret);
$link = "http://example.com/register.php?email=$email&hash=$hash";
And in your register.php add 2 hidden fields to the registration form - email and hash, storing their received values from GET.
和在你的注册。php向注册表单添加了两个隐藏字段——电子邮件和散列,存储它们从GET接收到的值。
Finally, process registration and check,
最后,流程注册和检查,
if (md5($_POST['email'].$secret) == $_POST['hash']) {
//Continue registration.
}
#2
0
Easiest for whom - user, coder, computer? What are you optimizing - the quantity of keypresses, the size of the code, the user experience?
最容易为谁-用户,编码器,计算机?你在优化什么——按键的数量,代码的大小,用户体验?
The easiest to code is probably unsafe. You should check the email address for correctness before sending a letter to it.
最容易编码的可能是不安全的。你应该检查电子邮件地址的正确性,然后再发送一封信给它。
#3
0
after registration create a hashed string and save it to the temporary user table send that hashed string to the user email address using this code
注册后创建一个散列字符串并保存到临时用户表中,然后使用此代码将散列字符串发送到用户电子邮件地址
if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');
$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();
$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);
echo "An Activation Code Is Sent To You Check You Emails";
}
and after that create a verify page and then
然后创建一个验证页面
if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
while($row=mysql_fetch_array($select))
{
$email=$row['email'];
$password=$row['password'];
}
$insert_user=mysql_query("insert into verified_user values('','$email','$password')");
$delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}
if you have any problem here is a complete tutorial http://talkerscode.com/webtricks/account-verification-system-through-email-using-php.php
如果您有任何问题,这里有一个完整的教程http://talkerscode.com/web涓流/account- verificationsystem through-email-using-php.php
#1
29
The easiest way is not to register unverified users at all.
最简单的方法是不注册未经验证的用户。
Ask them for an email address and send email with a link that contains this address sealed with a hash. Upon receiving this link you can start the registration process.
询问他们的电子邮件地址和发送电子邮件的链接,包含这个地址和一个散列。收到这个链接后,您可以开始注册过程。
Something like this
像这样的东西
$secret = "35onoi2=-7#%g03kl";
$email = urlencode($_POST['email']);
$hash = MD5($_POST['email'].$secret);
$link = "http://example.com/register.php?email=$email&hash=$hash";
And in your register.php add 2 hidden fields to the registration form - email and hash, storing their received values from GET.
和在你的注册。php向注册表单添加了两个隐藏字段——电子邮件和散列,存储它们从GET接收到的值。
Finally, process registration and check,
最后,流程注册和检查,
if (md5($_POST['email'].$secret) == $_POST['hash']) {
//Continue registration.
}
#2
0
Easiest for whom - user, coder, computer? What are you optimizing - the quantity of keypresses, the size of the code, the user experience?
最容易为谁-用户,编码器,计算机?你在优化什么——按键的数量,代码的大小,用户体验?
The easiest to code is probably unsafe. You should check the email address for correctness before sending a letter to it.
最容易编码的可能是不安全的。你应该检查电子邮件地址的正确性,然后再发送一封信给它。
#3
0
after registration create a hashed string and save it to the temporary user table send that hashed string to the user email address using this code
注册后创建一个散列字符串并保存到临时用户表中,然后使用此代码将散列字符串发送到用户电子邮件地址
if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');
$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();
$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);
echo "An Activation Code Is Sent To You Check You Emails";
}
and after that create a verify page and then
然后创建一个验证页面
if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
while($row=mysql_fetch_array($select))
{
$email=$row['email'];
$password=$row['password'];
}
$insert_user=mysql_query("insert into verified_user values('','$email','$password')");
$delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}
if you have any problem here is a complete tutorial http://talkerscode.com/webtricks/account-verification-system-through-email-using-php.php
如果您有任何问题,这里有一个完整的教程http://talkerscode.com/web涓流/account- verificationsystem through-email-using-php.php