使用php进行电子邮件验证

Question

I am new here, and I am continuing previous developer website for the client. This web will sent an verification email for user after the user sign up for member in the web. The email is send to the user but my problem now is that the verification doesn't work. When the user click on the verification link, it's does link to the verification.php but show a blank page. I don't know where is the problem. This is the account_verification.php file:

session_start();  
require_once 'cms/configuration.php';

$username = $_GET['e_username'];
$key = $_GET['key'];

$sql = "SELECT * FROM member WHERE username = '$username'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$memberID = $row['id'];

if ($key == md5($username.$row['id']))
{
    $sql = "UPDATE member SET verified = '1' WHERE id = '{$row['id']}'";    
    $result = mysql_query($sql);

    echo '  <script type="text/javascript">
            alert("Your account is activated."); 
            window.location = "homepage.php"; 
            </script>';
}
?>

And this is the membersignup.php file:

<?php
session_start();
require_once 'cms/configuration.php';
include "includes/phpmailer.php";

foreach ($_POST as $key => $value)
{
    $_POST[$key] = $value;
}


$e_username = trim($_POST['username']);
$password = $_POST['password'];
$ic_no = $_POST['ic_no'];
$email = $_POST['email'];
$dob = $_POST['dob'];
$contact = $_POST['contact'];
$address = $_POST['address'];
$comp_name = $_POST['comp_name'];
$comp_address = $_POST['comp_address'];
$comp_contact = $_POST['comp_contact'];
$comp_fax = $_POST['comp_fax'];
$comp_email = $_POST['comp_email'];
$about_us = $_POST['about_us'];
$datetime = $_POST['datetime'];

;
$result = mysql_query("SELECT username FROM member WHERE username='$e_username'");
$num_records = mysql_num_rows($result);

if ($num_records !=0){
    echo "Please use different username.";
    exit();
}


$sql = sprintf("INSERT INTO member (username, password, ic_no,email, birthday, contact, address, company_name, company_address, company_contact, company_fax, company_email, about_us, register_date)
                VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s',NOW())",


        mysql_real_escape_string($e_username),
        md5($password),
        mysql_real_escape_string($ic_no),
        mysql_real_escape_string($email),
        mysql_real_escape_string($dob),
        mysql_real_escape_string($contact),
        mysql_real_escape_string($address),
        mysql_real_escape_string($comp_name),
        mysql_real_escape_string($comp_address),
        mysql_real_escape_string($comp_contact),
        mysql_real_escape_string($comp_fax),
        mysql_real_escape_string($comp_email),
        mysql_real_escape_string($about_us),
        mysql_real_escape_string($datetime)
);
$result = mysql_query($sql) or die(mysql_error());
$insertID = mysql_insert_id();
$key = md5($_POST['username'].$insertID);
$link = "http://___/account_verification.php?username={$_POST['username']}&key=$key";
$body = "<div>
            <p style='padding:10px;'>
            Hello {$_POST['username']}!
            </p>
            <p style='padding:10px;'>
            Thank you for creating an account at ___.
            </p>
            <p style='padding:10px;'>
            Please keep this e-mail for your records. Your account information is as follows:<br/>
            Username : $e_username <br/>
            Password : {$_POST['password']}
            </p>
            <p style='padding:10px;'>
            Verify your account to complete your registration by clicking the link:<br/>
            <a href='$link' target='_blank'>$link</a>
            </p>
            <p style='padding:10px;'>&nbsp;</p>
            <p style='padding:10px;'>
            Thanks,<br/>Admin
            </p>
        </div>";
$subject = "Member Registration and Verification";
if ($result)
{
    $sendMailResult = sendPHPMail('noreply@___.com', '___', $_POST['email'], $subject, $body);
    if($sendMailResult == TRUE)
        echo 1;
    else
        echo "There's problem sending validation mail to your email. Please try again later.";
}
else
{
    echo "There's problem saving your registration details to our database. Please try again later.";   
}

?>

Can anyone help me to find what is the problem here?

Answer 1

You are searching for a user that matches $username = $_GET['e_username']; when you are actually only sending in the url username

So, your account_verification.php should be

session_start();  
require_once 'cms/configuration.php';

$username = $_GET['username'];
$key = $_GET['key'];

$sql = "SELECT * FROM member WHERE username = '$username'";
etc ...

And your link to this script should be as follows: (note: your username variable is changed to $_POST['e_username']

$link = "http://___/account_verification.php?username={$_POST['e_username']}&key=$key";