我正在建立一个需要用户注册和登录的网站。我有大部分工作,但不是100%工作的部分是电子邮件激活。
当用户注册时,它发送带有链接的电子邮件(http://example.com/activate?email=name@example.com&activationCode=e7870fadcf79c39584dca1fc33c47ef9)
如果用户点击这个链接,它会去/activate检查,看看电子邮件和代码是否存在于数据库中,并通过将值'active'从0更改为1来激活帐户,如果这些确实存在,但是,如果用户只是登录它会自动激活我不想要的帐户(有点违背激活电子邮件的目的)。
登录if (isset($_POST['submit'])) { // Create variables from submitted data
$uname = mysqli_real_escape_string($db_connect, $_POST['uname']);
$password = mysqli_real_escape_string($db_connect, $_POST['loginPassword']);
$passHash = md5($password); // Encrypt password
$query1 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `uname` = '".$uname."' AND `password` = '".$passHash."' AND `active` = '1' ") or die(mysqli_connect_error()); // Uname and password match and account is active
$result1 = (mysqli_num_rows($query1) > 0);
$query2 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `uname` = '".$uname."' AND `password` = '".$passHash."' AND `active` = '0' ") or die(mysqli_connect_error()); // Uname and password match and account is not active
$result2 = (mysqli_num_rows($query2) > 0);
if ($result1) { // If uname and password match and account is active
$_SESSION['uname'] = $_POST['uname'];
header("Location: /profile");
} else if ($result2) { // If uname and password match but account is not active
echo "<p>Your account has not been activated! Please check your email inbox.</p><br />";
back();
} else { // If uname and password do not match
echo "<p>The combination of username and password is incorrect!</p><br />";
back();
forgotPword();
register();
}
} else {
login();
forgotPword();
register();
}
激活页面
if (isset($_GET['email'], $_GET['activationCode']) === true) { // If email and email code exist in URL
$email = trim($_GET['email']);
$activationCode = trim($_GET['activationCode']);
$query1 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `email` = '".$email."' ") or die(mysqli_connect_error());
$result1 = (mysqli_num_rows($query1) > 0);
$query2 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `activationCode` = '".$activationCode."' ") or die(mysqli_connect_error());
$result2 = (mysqli_num_rows($query2) > 0);
$query3 = mysqli_query($db_connect, "SELECT COUNT(`userID`) FROM `users` WHERE `email` = '".$email."' AND `activationCode` = '".$activationCode."' AND `active` = '0' ") or die(mysqli_connect_error());
$result3 = (mysqli_num_rows($query3) > 0);
// Check email exists in database
if ($result1) {
// Check activation code exists in database
if ($result2) {
// THIS IS THE PART NOT DOING IT'S JOB PROPERLY
// Check active status
if ($result3) {
mysqli_query($db_connect, "UPDATE `users` SET `active` = '1' WHERE `email` = '".$email."' AND `activationCode` = '".$activationCode."' AND `active` = '0' ") or die(mysqli_connect_error()); // Activate account
echo "<p>Your account is now activated. You may <a href='/login'>Log In</a></p>";
exit();
} else {
echo "<p>Your account has already been activated. You may <a href='/login'>Log In</a></p>";
exit();
}
// ------------------------------------------------------------------------------------
} else { // Activation code is invalid
echo "<p>Hmmm, the activation code seems to be invalid!</p>";
exit();
}
} else { // Email does not exist
echo "<p>Hmmm, ".$email." email does not seem to exist in our records!</p>";
exit();
}
} else {
header("Location: /login");
exit();
}
如果你能告诉我哪里出了问题,我将不胜感激。
您可以在登录时为sql查询添加一个" AND active = 1"条件
经过几个小时痛苦的检查和重写代码,我已经找到了导致问题的原因。这实际上是发送电子邮件的注册页面。我已经将激活链接包装在单引号的消息体中,现在它可以完美地工作。你在邮件里看到了……'http://www.example.com/activate?email=".$email."&activationCode=".$activationCode."'
但是这个链接是有效的,所以我坚持使用它。
谢谢你的帮助,真的很感激。