[英]verify a user via e-mail in PHP
I'm actually creating a web application using PHP and seek help verifying a user.我实际上正在使用 PHP 创建一个 Web 应用程序并寻求帮助验证用户。 As with certain websites, when you register, an e-mail is sent to you with a confirmation link.与某些网站一样,当您注册时,系统会向您发送一封带有确认链接的电子邮件。 How do I implement that in PHP?我如何在 PHP 中实现它? All I know is that I have to use the PHP mail()
function to send the e-mail.我所知道的是,我必须使用 PHP mail()
函数来发送电子邮件。 Please help.请帮忙。 Necessary.必要的。 Thanks.谢谢。 :) :)
Patricks answer is correct altough i want to point out that there are other possibilities!帕特里克的回答是正确的,尽管我想指出还有其他可能性!
You don't necessarily have to create and store a unique token in your database.您不必在数据库中创建和存储唯一的令牌。 This is data overhead that is only needed once.这是只需要一次的数据开销。
You could also take advantage of one-way hashing.您还可以利用单向散列。
For example send the user the code md5('my-secret-application-token'.$user_email_adress)
.例如向用户发送代码md5('my-secret-application-token'.$user_email_adress)
。
You can validate that just the same way but dont need to store a secret code.您可以用同样的方式验证,但不需要存储密码。
This is a very broad question, so we can only give a broad answer, but the general technique to do so is这是一个非常广泛的问题,所以我们只能给出一个广泛的答案,但这样做的一般技术是
just like with CSRF protection you generate an unique token.就像使用CSRF保护一样,您会生成一个唯一的令牌。
$token = md5(uniqid(rand(), TRUE));
You store that value in your session for that email and when the user clicks link in email(you pass token via the query-string ) you compare the two values.您将该值存储在该电子邮件的会话中,当用户单击电子邮件中的链接时(您通过查询字符串传递令牌),您将比较这两个值。
To make it more secure you could just as with CSRF add a time-limit.为了使其更安全,您可以像使用 CSRF 一样添加时间限制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.