[英]In PHP: Sending a verification link in user mail for forgot password
我在Php中的注冊系統上有一個任務。忘記密碼后,我必須將驗證鏈接發送到用戶郵件,以便如果用戶單擊該驗證鏈接,忘記密碼表格將打開,我將無法理解我在哪里做錯了以及為什么我的代碼無法正常工作有人可以指出我要去哪里。 提前致謝
<?php
require_once ( "./connect.php" );
if ( !empty( $_POST['submit'] ) ) {
$passkey = isset($_POST['$passkey']) ? $_POST['$passkey'] : '';
// Passkey that got from link
$passkey = $_POST['passkey'];
$user = "registration";
// Retrieve data from table where row that match this passkey
$sql ="SELECT * FROM `user` WHERE confirm_code ='$passkey'";
$result = $db->query($sql);
// If successfully queried
if( $result ) {
// Count how many row has this passkey
$count = mysql_num_rows( $result );
// if found this passkey in our database, retrieve data from table "temp_members_db"
if ( $count == 1 ) {
$rows = mysql_fetch_array( $result );
$username = $rows['username'];
$email = $rows['email'];
$password = $rows['password'];
$user = "registration";
// Insert data that retrieves from "temp_members_db" into table "registered_members"
$sql = "INSERT INTO $user ( name, email, password )VALUES( '$name', '$email', '$password' )";
$result = $db->query($sql);
}
// if not found passkey, display message "Wrong Confirmation code"
else {
echo "Wrong Confirmation code";
}
// if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db"
if ( $result ){
echo "Your account has been activated";
// Delete information of this user from table "temp_members_db" that has this passkey
$sql="DELETE FROM `user` WHERE confirm_code = '$passkey'";
$result = $db->query($sql);
}
}
}
?>
我對您的代碼進行了一些更改,請嘗試一下。
<?php
if(isset($_POST['submit'])){
if(!empty($_POST['passkey'])){
//Get the Passkey that got from link
$passkey = $_POST['passkey'];
$user = "registration";
// Retrieve data from table where row that match this passkey
$sql ="SELECT * FROM `user` WHERE confirm_code = $passkey ";
$result = $db->query($sql);
// If successfully queried
if( $result ) {
// Count how many row has this passkey
$count = mysql_num_rows( $result );
// if found this passkey in our database, retrieve data from table "temp_members_db"
if ( $count == 1 ) {
$rows = mysql_fetch_array( $result );
$username = $rows['username'];
$email = $rows['email'];
$password = $rows['password'];
$user = "registration";
// Insert data that retrieves from "temp_members_db" into table "registered_members"
$sql = "INSERT INTO $user ( name, email, password )VALUES( $name, $email, $password )";
$result = $db->query($sql);
}
// if not found passkey, display message "Wrong Confirmation code"
else {
echo "Wrong Confirmation code";
}
// if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db"
if($result){
// add inside the massage variable the confirmation code $passkey and your customized message
// change the $from variable with the email address you want use to send the verification mail. This is the address who the user will see
$message = "To activate your account please click on the following link https://yoursite.com/?code=$passkey";
$from = "";
if(mail($email, $message, $from)){
echo "Your account has been activated";
// Delete information of this user from table "temp_members_db" that has this passkey
$sql="DELETE FROM `user` WHERE confirm_code = $passkey";
$result = $db->query($sql);
}
else{
// error
}
}
}
}
}
?>
我添加了PHP內置的函數郵件。 閱讀有關的文檔,以獲取有關如何使用它的更多信息。 您會看到包含您的郵件地址的var $ from和包含您要發送的鏈接的var $ message。 form變量將作為將使用mail()
函數mail()
的電子郵件的標題傳遞。 注意if()語句,如果成功,郵件函數將返回true。
這里有很多事情要指出,所有這些都可能導致問題。
首先,將多次檢查$ result變量,而不會在兩次之間重置。 這意味着您可以從同一表單提交中獲得輸出“錯誤的確認代碼”和“您的帳戶已被激活”(如果第一個查詢成功,但是在數據庫中找不到匹配的密碼)。
這行看起來可能什么也不做:
$passkey = isset($_POST['$passkey']) ? $_POST['$passkey'] : '';
它可能應該是:
$passkey = isset($_POST['passkey']) ? $_POST['passkey'] : '';
不過,這並不重要,因為$ passkey在下一行代碼中分配了一個新值。
最后,此插入使用變量$ name代替$ username:
$sql = "INSERT INTO $user ( name, email, password )VALUES( '$name', '$email', '$password' )";
這可能是預期的:
$sql = "INSERT INTO $user ( name, email, password )VALUES( '$username', '$email', '$password' )";
我認為問題在於$ _POST數組。 通常我們通過電子郵件發送確認鏈接,確認鏈接包含確認代碼作為查詢字符串。 當我們單擊鏈接時,重定向的頁面將獲得確認代碼並繼續。
<?php
require_once ( "./connect.php" );
if ( isset($_GET['passkey']) && !empty( $_GET['passkey'] ) ) {
$passkey = $_GET['passkey'];
// Passkey that got from link
$passkey = $_GET['passkey'];
$user = "registration";
// Retrieve data from table where row that match this passkey
$sql ="SELECT * FROM `user` WHERE confirm_code ='$passkey'";
$result = $db->query($sql);
// If successfully queried
if( $result ) {
// Count how many row has this passkey
$count = mysql_num_rows( $result );
// if found this passkey in our database, retrieve data from table "temp_members_db"
if ( $count == 1 ) {
$rows = mysql_fetch_array( $result );
$username = $rows['username'];
$email = $rows['email'];
$password = $rows['password'];
$user = "registration";
// Insert data that retrieves from "temp_members_db" into table "registered_members"
$sql = "INSERT INTO $user ( name, email, password )VALUES( '$name', '$email', '$password' )";
$result = $db->query($sql);
}
// if not found passkey, display message "Wrong Confirmation code"
else {
echo "Wrong Confirmation code";
}
// if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db"
if ( $result ){
echo "Your account has been activated";
// Delete information of this user from table "temp_members_db" that has this passkey
$sql="DELETE FROM `user` WHERE confirm_code = '$passkey'";
$result = $db->query($sql);
}
}
}
?>
希望這對您有用。 我復制了您的代碼並進行了一些更改。 :)
<?php
require_once ( "./connect.php" );
if (!empty($_POST['submit'])) {
$passkey = isset($_POST['passkey']) ? $_POST['passkey'] : '';
// Passkey that got from link
$passkey = $_POST['passkey'];
$user = "registration";
// Retrieve data from table where row that match this passkey
$sql = "SELECT * FROM `user` WHERE confirm_code ='$passkey'";
$result = $db->query($sql);
// If successfully queried
if ($result) {
// Count how many row has this passkey
$count = mysql_num_rows($result);
// if found this passkey in our database, retrieve data from table "temp_members_db"
if ($count == 1) {
$rows = mysql_fetch_array($result);
$username = $rows['username'];
$email = $rows['email'];
$password = $rows['password'];
$user = "registration";
// Insert data that retrieves from "temp_members_db" into table "registered_members"
$sql = "INSERT INTO $user ( name, email, password )VALUES( '$username', '$email', '$password' )";
$result = $db->query($sql);
}
// if not found passkey, display message "Wrong Confirmation code"
else {
echo "Wrong Confirmation code";
}
// if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db"
if ($result) {
echo "Your account has been activated";
// Delete information of this user from table "temp_members_db" that has this passkey
$sql = "DELETE FROM `user` WHERE confirm_code = '$passkey'";
$result = $db->query($sql);
}
}
}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.