2

我正在尝试创建一个激活页面,因此当用户单击其激活链接时,它会将用户导航到 activate.php 页面并显示一条消息,说明该帐户是否已激活。

我遇到的问题是它一直显示消息“代码和用户名不匹配!帐户未激活。” 即使点击了激活链接,它也根本不会显示成功消息“帐户已激活”。

此外,如果识别出正确的用户名和代码,数据库中的“活动”列应更改为“1”,但仍显示“0”,表示帐户仍处于非活动状态。

我的问题是为什么它不能识别用户名和激活码是正确的?

下面是 registration.php 脚本,它插入用户的注册详细信息并通过电子邮件发送激活链接:

$teacherpassword = md5(md5("j3j".$teacherpassword."D2n"));  
$code = md5(rand(1,9));

$insertsql = "
INSERT INTO Teacher
(TeacherForename, TeacherSurname, TeacherEmail, TeacherAlias, TeacherUsername, TeacherPassword, Code)
VALUES
(?, ?, ?, ?, ?, ?, ?)
";
if (!$insert = $mysqli->prepare($insertsql)) {
// Handle errors with prepare operation here
}                                           

$insert->bind_param("sssssss", $getfirstname, $getsurname,
$getemail, $getid, $getuser,
$teacherpassword, $code);

$insert->execute();

if ($insert->errno) {
// Handle query error here
}

$insert->close();

    $getuser = $_POST['user'];
    $code = md5(rand(1,9));

    $site = "http://helios.hud.ac.uk/......../Mobile_app";
    $webmaster = "Mayur Patel <.......@hud.ac.uk>";
    $headers = "From: $webmaster";
    $subject = "Activate Your Account";
    $message = "Thanks for Registering. Click the link below to Acivate your Account. \n";
    $message .= "$site/activate.php?user=$getuser&code=$code\n";
    $message .= "You must Activate your Account to Login";

    if(mail($getemail, $subject, $message, $headers)){
    $errormsg = "You have been Registered. You must Activate your Account from the Activation Link sent to <b>$getemail</b>";
    $getfirstname = "";
    $getsurname = "";
    $getid = "";
    $getuser = "";
    $getemail = "";
    }

下面是 activate.php 页面,它检查激活链接并执行 mysqli 操作并显示消息:

 <?php
    $user_to_be_activated  =   $_GET['user'];
    $code_to_be_matched   =   $_GET['code'];


    // don't use $mysqli->prepare here
    $query = "SELECT TeacherUsername, Active, Code FROM Teacher WHERE TeacherUsername = ? AND Code = ? ";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$user_to_be_activated, $code_to_be_matched);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbTeacherUsername, $dbActive, $dbCode);
    //get number of rows
    $stmt->store_result();
    $counting = $stmt->num_rows();

    if($counting == '1')
    {

   $updatesql = "UPDATE Teacher SET Active = ? WHERE TeacherUsername = ? AND Code = ?";                                         
    $update = $mysqli->prepare($updatesql);
    $update->bind_param("iss", 1, $user_to_be_activated, $code_to_be_matched);
        $update->execute();
        $update->close();

        echo "Account is Activated";
    }
    else
    {
        echo "The Code and Username doesn't match! Account is not Activated.";
    }

        ?>

我只是希望它能够在第一次单击链接时激活帐户。

4

4 回答 4

1

我是怎么做到的:

当用户通过以下方式激活他的帐户时,在您的数据库(新列)中创建一个 security_key:

      example.com/activate/username/security_key

它将“激活”列设置为 1。现在设置一个新的哈希,所以不可能“再次”激活它并得到一些奇怪的错误。

现在,当用户想要登录时,他没有设置任何凭据,但电子邮件是已知的。因此,只需向他发送一封带有恢复链接的“丢失密码”电子邮件:

     example.com/set-password/username/security_key

出于安全原因,最好在他的行中的每次更新时刷新 security_key。因此,您永远不会遇到第 3 方用户(黑客)看到他的安全密钥的奇怪事件。

我希望这对你有帮助:)

结论,呼吸新鲜空气,花点时间,以清醒的头脑再看一遍。最好先在纸上画出这样的系统,这样你就知道你在做什么。(我做了同样的事情,它确实帮助了我!)

于 2012-08-25T22:11:50.427 回答
1

明白了,错误在这里:

$update->bind_param("iss", 1, $user_to_be_activated, $code_to_be_matched);

只是它没有通过 1,我不确定为什么它没有显示错误。

所以你可以把那个数字 1 放入一个变量中,然后在你的 sql 代码中使用它,如下所示:

所以整个代码:

   $code_activated = 1;

// don't use $mysqli->prepare here
    $query = "SELECT TeacherUsername, Active, Code FROM Teacher WHERE TeacherUsername = ? AND Code = ? ";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$user_to_be_activated, $code_to_be_matched);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbTeacherUsername, $dbActive, $dbCode);
    //get number of rows
    $stmt->store_result();
    $counting = $stmt->num_rows();

    if($counting == '1')
    {

   $updatesql = "UPDATE Teacher SET Active = ? WHERE TeacherUsername = ? AND Code = ?";                                         
    $update = $mysqli->prepare($updatesql);
    $update->bind_param("sss", $code_activated, $user_to_be_activated,  $code_to_be_matched);
        $update->execute() or die(mysql_error());
        $update->close();

        echo "Account is Activated";
    }
    else
    {
        echo "The Code and Username doesn't match! Account is not Activated.";
    }

你可以在这里测试:

http://design05.comuf.com/avtivate.php

有以下细节:

用户:师傅

代码:bbb111

http://design05.comuf.com/avtivate.php?user=master&code=bbb111

用户:管理员

代码:abc123

http://design05.comuf.com/avtivate.php?user=admin&code=abc123

当然尝试一些错误的。

于 2012-08-25T23:41:17.593 回答
0

似乎您生成了一个存储在数据库中的随机代码,然后生成了另一个添加到电子邮件中的代码。这两个代码可能不同:)

于 2012-08-26T00:05:44.743 回答
-1

您只需要删除第二个代码 md5,因为您已经拥有一次代码 md5。

于 2016-08-26T09:20:34.533 回答