0

我正在尝试做一些小脚本来更改我的免费服务中的电子邮件。用户使用名称、密码等进行注册。我想要的是添加 Web 表单以使用 PHP 脚本更改他们在数据库中的电子邮件,这允许他们通过确认过程将电子邮件更改为旧电子邮件。它应该如何工作?

用户进入某个站点(登录)单击更改电子邮件,将出现旧电子邮件、新电子邮件和新电子邮件2 的字段。将检查旧电子邮件是否真的是数据库中的旧电子邮件,newemail 与 newemail2 相同。我在这里对电子邮件等的有效性进行了一些检查:

    if ($auth->isLogged())
{
    if(!empty($email))
    {
        if ($this->checkEmail($mail))
        {           
            $this->db->selectDb("login");            
            if (!mysql_result(mysql_query("SELECT COUNT(id) FROM account WHERE email='".$mail."'"), 0) > 0)
            {

我创建了脚本 - 它使用 php 更改电子邮件与数据库和站点在一页上具有 php self 函数,如下所示:

$login_db_new_connect = mysql_connect($logindb[db_host],$logindb[db_username],$logindb[db_password]);
$selectdb = mysql_select_db($logindb[db_name],$login_db_new_connect); 
    if ($_GET[h] && $_GET[h] != '' && $_GET[h] != '0')
    {
        $emailz = $newemail1;
        $query = mysql_query("SELECT username FROM `account` WHERE reset_email='$_GET[h]'");
        $res = mysql_fetch_array($query);
        $check = mysql_query("SELECT email FROM `account` WHERE reset_email='$_GET[h]'");
        $ress = mysql_fetch_array($check);
        $check1 = mysql_query("SELECT reset_email2 FROM `account` WHERE reset_email='$_GET[h]'");
        $resss = mysql_fetch_array($check1);
        $emailz = $resss[reset_email2];

        if (mysql_num_rows($query) == 1)
        {
            echo "<b>E-mail was changed.</b>";
            $to = $ress[email];
            $headers = "Headers here";  
            $message = "Email has been Changed (more text to come later)";
            mail($to, '', $message, $headers);
            mysql_query("UPDATE account SET email='$emailz' WHERE reset_email='$_GET[h]'") or die ('query change ...');
            mysql_query("UPDATE account SET reset_email='', reset_email2='' WHERE username='$res[username]'") or die ('query ...');
        }
        else
        {
            echo "<b>Error not changed.</b>";     
        }
    }
    else
    {  
        $oldemail = addslashes($_POST["oldemail"]);
        $newemail1 = addslashes($_POST["newemail1"]);
        $newemail2 = addslashes($_POST["newemail2"]);
        if ($oldemail == "" || $newemail1 == "" || $newemail2 == "")
        {
            $reason =  "
            <form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">
            <table width=\"310\">
            <tr><td>Old e-mail:</td><td><input type=\"email\" name=\"oldemail\"></td></tr>
            <tr><td>New e-mail:</td><td><input type=\"email\" name=\"newemail1\"></td></tr>
            <tr><td>New e-mail again:</td><td><input type=\"email\" name=\"newemail2\"></td></tr>
            <tr><td align=\"center\" colspan=\"2\"><br><input type=\"submit\" value=\"Change e-mail\">
            </table>
            </form>";
        }
        else
        {   
            $login_db_new_connect = mysql_connect($logindb[db_host],$logindb[db_username],$logindb[db_password]);
            $selectdb = mysql_select_db($logindb[db_name],$login_db_new_connect);
            $queryy = mysql_query("SELECT username FROM `account` WHERE id='$id'");
            $resu = mysql_fetch_array($queryy);  
            $sql = "SELECT * FROM account WHERE email='$oldemail' AND username='$resu[username]'";
            $result = mysql_query($sql);
            $result2 = mysql_num_rows($result);

            if ($result2 !== 1)
            {
                $reason = "Something is wrong";
            }
            else
            {
                if ($newemail1 == $newemail2)
                {
                    $emailz = $newemail1;       
                    $rand = random_string(40);
                    $sql1 = "UPDATE `account` SET reset_email='$rand' WHERE id='$id'";
                    mysql_query($sql1) or die ('query ...');
                    $sql2 = "UPDATE `account` SET reset_email2='$newemail1' WHERE id='$id'";
                    mysql_query($sql2) or die ('query ...');
                    $to = $_POST["oldemail"];
                    $headers = "";  
                    $message = "Activation link: $config[path_to_thisfile]?h=$rand\n\n\n";
                    mail($to, '', $message, $headers);
                    echo "<b>activation link has been sent</b>";
                }
                else
                {                                                                                  
                    echo "<b>wrong input data</b>";
                }
            }
        } 
    }
?>

但我希望有更多像我上面提到的检查电子邮件完整性和验证,检查用户是否在线......也许我的脚本不完全正常:D

所以我现在对你的想法持开放态度:) 谢谢。

4

1 回答 1

1

关于电子邮件验证,我正在使用:

// returns TRUE if 'email' is valid
function email_valid($email)
{
   return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email);
}

另外,在将用户文本直接写入数据库之前,请考虑使用mysql_real_escape_string ;他们可能在文本中有引号“,”。

周围还有一个数据库混乱;如果可能,考虑减少这种对安全的要求

还可以考虑放置内联 HTML 块,例如:

$reason =  "
<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">
<table width=\"310\">

进入其他文件并像这样称呼它们:

include("template.php");

避免重复引用并减少未来的混乱

于 2012-05-21T09:15:26.780 回答