1

我最近制作了一个登录和注册脚本,它工作正常,但我希望它更安全,不受垃圾邮件发送者的影响,我想知道是否有人知道如何制作电子邮件验证系统。

我怎样才能让这个脚本向它添加电子邮件验证。我希望这是有道理的

    <?php 
    require("php/bp-connection.php"); 

    if(!empty($_POST)) 
    { 
        if(empty($_POST['username'])) 
        { 
            die("Please enter a username."); 
        } 

        if(empty($_POST['password'])) 
        { 
            die("Please enter a password."); 
        } 

        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { 
            die("Invalid E-Mail Address"); 
        } 

        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                username = :username 
        "; 

        $query_params = array( 
            ':username' => $_POST['username'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            die("Failed to run query: " . $ex->getMessage()); 
        } 

        $row = $stmt->fetch(); 

        if($row) 
        { 
            die("This username is already in use"); 
        } 

        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 

        $query_params = array( 
            ':email' => $_POST['email'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            die("Failed to run query: " . $ex->getMessage()); 
        } 

        $row = $stmt->fetch(); 

        if($row) 
        { 
            die("This email address is already registered"); 
        } 

        $query = " 
            INSERT INTO users ( 
                username, 
                password, 
                salt, 
                email 
            ) VALUES ( 
                :username, 
                :password, 
                :salt, 
                :email 
            ) 
        "; 

        $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 

        $password = hash('sha256', $_POST['password'] . $salt); 

        for($round = 0; $round < 65536; $round++) 
        { 
            $password = hash('sha256', $password . $salt); 
        } 

        $query_params = array( 
            ':username' => $_POST['username'], 
            ':password' => $password, 
            ':salt' => $salt, 
            ':email' => $_POST['email'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 

            die("Failed to run query: " . $ex->getMessage()); 
        } 

        header("Location: login.php"); 

        die("Redirecting to login.php"); 
    } 

?> 
<html lang="en">
<head>
    <title>Register | BinaryPaw</title>

    <link rel="shortcut icon" href="favicon.ico" type="icon" />
    <link rel="stylesheet" href="css/bp-grid.css" type="text/css" />
    <link rel="stylesheet" href="css/bp-styles.css" type="text/css" />
</head>

<body>
<?php
    include 'php/bp-siteBar.php';
?>

<div class="container">
    <?php
        include 'php/bp-sideBar.php';
    ?>

    <div class="span4">
        <h1>User Registration</h1>
    <form action="register.php" method="post"> 
        <div class="space1">
            <label>Username</label> 
        </div>

        <div class="space2">
            <input type="text" name="username" class="username" value="" /> 
        </div>

        <div class="space1">
            <label>Email</label> 
        </div>

        <div class="space2">
            <input type="text" name="email" class="email" value="" /> 
        </div>

        <div class="space1">
            <label>Password</label> 
        </div>

        <div class="space2">
            <input type="password" name="password" class="password" value="" /> 
        </div>

        <div class="space3">
            <input type="submit" class="submit" value="Register" />
        </div>
    </form>
    </div>

    <div class="space3"></div>

    <div class="span10" id="footer">
        <h6>Created by Mathew Berry &copy2013 </h6>
    </div>
</div>
</body>
4

3 回答 3

0

它简单地将代码发送到用户电子邮件地址并创建一个页面来验证代码,如果代码验证然后注册用户

if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');

$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();

$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);

echo "An Activation Code Is Sent To You Check You Emails";
}

验证代码

if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
    while($row=mysql_fetch_array($select))
    {
        $email=$row['email'];
        $password=$row['password'];
    }
    $insert_user=mysql_query("insert into verified_user values('','$email','$password')");
    $delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}
于 2016-03-16T08:01:27.353 回答
0

它简单地将代码发送到用户电子邮件地址并创建一个页面来验证代码,如果代码验证然后注册用户

if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');

$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();

$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);

echo "An Activation Code Is Sent To You Check You Emails";
}

验证代码

if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
    while($row=mysql_fetch_array($select))
    {
        $email=$row['email'];
        $password=$row['password'];
    }
    $insert_user=mysql_query("insert into verified_user values('','$email','$password')");
    $delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}

完整教程在这里http://talkerscode.com/webtricks/account-verification-system-through-email-using-php.php

于 2016-03-16T08:06:00.010 回答
-1

您可以添加验证码以防止在您的表单上发送垃圾邮件。它比其他任何东西都更安全。

于 2014-11-29T13:11:27.840 回答