电子邮件验证后,PHP登录用户自动
[英]PHP login user automatically after email verification
问题描述
I'm using PHP Zend framework for my web application. 
我正在为我的Web应用程序使用PHP Zend框架。 When users register, I send them an email to verify their email address and when they click on that link - the account is activated. 当用户注册时,我向他们发送电子邮件以验证其电子邮件地址,并在他们单击该链接时激活了该帐户。
My problem - when users click on the activate link - I also want to automatically log them in - rather than asking them to login in again. 我的问题-当用户单击激活链接时-我也想自动将他们登录-而不是要求他们再次登录。 I'm not sure how to do that. 我不确定该怎么做。
This is my login action in Zend which requires email address and password. 这是我在Zend中的登录操作,需要电子邮件地址和密码。 So what should I send as part of the activation link so that when the user clicks on it, they are automatically logged in. 因此,我应该发送什么作为激活链接的一部分,以便用户单击它时,他们将自动登录。
$db = Zend_Db_Table::getDefaultAdapter();
//create the auth adapter
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'user','email', 'password');
//set the username and password
$authAdapter->setIdentity($this->_getParam('email'));
$authAdapter->setCredential(md5($this->_getParam('password')));
//authenticate
$result = $authAdapter->authenticate();
if ($result->isValid()) {
$auth = Zend_Auth::getInstance();
$storage = $auth->getStorage();
$row = $authAdapter->getResultRowObject(array('user_id'));
$userModel = new Model_User();
$user = $userModel->loadUserProfile($row->user_id);
$storage->write($user);
}
Thanks for your help 谢谢你的帮助
2 个解决方案
解决方案1
8 已采纳 2011-12-07 10:24:48
You have an if statement to authenticate a username and password. 您有一个if语句来验证用户名和密码。 In the case of someone validating their email you are mimicking this process and enabling a user to authenticate their account via an email and verification key. 对于某人验证其电子邮件的情况,您正在模仿此过程,并使用户能够通过电子邮件和验证密钥来验证其帐户。
All you need to do is verify the email and verification are correct and place this conditional underneath: 您需要做的就是验证电子邮件和验证是否正确,并将此条件置于下面:
.
.
.
$verified = $emailVerification->isValid( $email, $key );
if ( $verified )
{
$auth = Zend_Auth::getInstance();
$storage = $auth->getStorage();
$row = $authAdapter->getResultRowObject(array('user_id'));
$userModel = new Model_User();
$user = $userModel->loadUserProfile($row->user_id);
$storage->write($user);
}
The user will then be logged in as you have saved their User details to the Zend_Auth storage engine. 然后,当您将用户详细信息保存到Zend_Auth存储引擎时,该用户将登录。
I'd advise after using this method remove the verification key from the user record to ensure they cannot login via this process again, unless they forget their password, in whcih case you assign a new verification key. 我建议使用此方法后,请从用户记录中删除验证码,以确保他们无法再次通过此过程登录,除非他们忘记了密码,在这种情况下,您需要分配新的验证码。
Hope this helps! 希望这可以帮助!
解决方案2
1 2011-12-07 10:21:23
I am not familiar with zend so I did not look your code properly but here is an idea: 我不熟悉zend,所以我没有正确看一下您的代码,但这是一个主意:
- Send a validation mail 发送验证邮件
- Create a session after you've sent the mail 发送邮件后创建一个会话
- Wait for it... 等等...
- Once the user clicked the mail, if the session is still active (normally this time limit is something like 20 minutes), just login him. 用户单击邮件后,如果会话仍处于活动状态(通常此时间限制为20分钟左右),只需登录即可。
For security, you may create even two sessions. 为了安全起见,您甚至可以创建两个会话。 The first one will store the id and the second one will store a guid. 第一个将存储ID,第二个将存储GUID。 The guid will also be sent to the user in the validation link. 该GUID也将通过验证链接发送给用户。 So when he/she clicks the link and returns back, you will compare whether the guid and the id matches or not. 因此,当他/她单击链接并返回时,您将比较guid和id是否匹配。 If it matches just log them in as you would do in a login script. 如果匹配,只需像登录脚本中那样登录即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.