我有注册表,我希望用户必须在用户激活后激活他们的电子邮件,然后用户可以登录他们的帐户,否则用户不能登录?
问题
问题是用户可以在没有电子邮件激活的情况下登录?
法典
$email2=$_POST['email'];
$querycheck=mysql_query("select activation from students
where semail='$email2'") or die ("Query Activated Problem");
$rowcheck=mysql_fetch_array($querycheck);
$act=$rowcheck['activation'];
if($act=='activated')
{
$email=$_POST['email'];
$password=$_POST['password'];
$email = stripslashes($email);
$password= stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$querymysql=mysql_query("select * from students where semail='$email'
and spassword='$password' ") or die ("query problem");
$row=mysql_fetch_array($querymysql);
if($row)
{
session_register("email");
session_register("password");
header('Location:index.php');
}
else {
$message="Please Check Your Login Details";
header('Location:login.php?login_error='.$message.'');
}
}
else if($act=='')
{
$actmsg="Your Email Is Not Activated Yet";
header('Location:login.php?actmsg='.$actmsg.'');
}
session_register : 此函数已从 PHP 5.3.0 开始弃用,从 PHP 5.4.0 开始被删除。
直接使用 $_SESSION 设置变量。
添加一个名为 activated 的字段 tinyint 字段。 然后将您的选择更改为 从学生中选择 *,其中 semail='$email' 和 spassword='$password' " 并激活=1
激活链接应将用户的激活设置为 1。
仔细检查students
表中的activation
字段。然后,让我们将你的代码从MySQL转换为MySQLi。MySQL 已被弃用。
/* ESTABLISH CONNECTION FIRST */
<?php
$connection=mysqli_connect("YourHost","YourUsername","YourPassword","DatabaseName");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
$email2=mysqli_real_escape_string($con,$_POST['email']); /* LETS USE REAL ESCAPE STRING TO PREVENT A BIT OF SQL INJECTION */
$querycheck=mysqli_query($connection,"SELECT activation FROM students
WHERE semail='$email2'");
while($rowcheck=mysqli_fetch_array($querycheck)){
$act=$rowcheck['activation'];
}
if($act=='activated')
{
$email=$_POST['email'];
$password=$_POST['password'];
$email = stripslashes($email);
$password= stripslashes($password);
$email = mysqli_real_escape_string($email);
$password = mysqli_real_escape_string($password);
$querymysql=mysqli_query("SELECT * FROM students WHERE semail='$email'
and spassword='$password'");
$row=mysqli_num_rows($querymysql); /* I CHANGED THIS PART OF YOUR CODE */
if($row!=0) /* SO THIS CONDITION ALSO CHANGES */
{
session_register("email");
session_register("password");
header('Location:index.php');
}
else {
$message="Please Check Your Login Details";
header('Location:login.php?login_error='.$message.'');
}
}
else if($act=='')
{
$actmsg="Your Email Is Not Activated Yet";
header('Location:login.php?actmsg='.$actmsg.'');
}
?>