PHP电子邮件验证链接的最简单方法 [英] Easiest way for PHP email verification link

问题描述

我的网站上已经有一个高级用户登录/注册系统(colemansystems.psm2.co.uk).但是，我希望向新用户发送一封电子邮件，以验证他们的电子邮件地址.如果他们没有点击链接，他们将无法访问他们的帐户.我对 PHP 和 MySQL 半经验，所以请详细解释.

I already have an advanced user login/register system on my website (colemansystems.psm2.co.uk). However, I would like to have a email sent to new users for verification of their email address. If they have not clicked the link they will not be able to access their account. I am semi-experienced with PHP and MySQL, so please explain in depth.

我用于 verify.php 文件的代码(用户使用 GET 点击的链接(例如，verify.php?d=51773199320verify.php?d=51773199320代码>))

The code I'm using for the verify.php file (the link the user click on with a GET (for example, verify.php?d=51773199320))

$secret = $_GET['d'];
$result = mysql_query("SELECT valid FROM users WHERE secret=$secret");
while ($row = mysql_fetch_array($result))
{
    $valid = $row['valid'];
}
if ($valid == "") {
    echo"There seems to be a problem with the verification code.<br><br><br><br><br>";
}
elseif ($valid == "1")
{
    echo"Your account is already verified.<br><br><br><br><br>";
}
else
{
    mysql_query("UPDATE users SET valid = '1' WHERE secret=$secret");  
    echo "Thank you, your account is now verified and you are free to use the exclusive features!<br><br><br><br><br><br>";
}

这样安全吗?

推荐答案

最简单的方法是根本不要注册未经验证的用户.

The easiest way is not to register unverified users at all.

向他们询问电子邮件地址并发送带有链接的电子邮件，该链接包含用哈希密封的该地址.收到此链接后，您可以开始注册过程.

Ask them for an email address and send email with a link that contains this address sealed with a hash. Upon receiving this link you can start the registration process.

类似的东西

$secret = "35onoi2=-7#%g03kl";
$email = urlencode($_POST['email']);
$hash = MD5($_POST['email'].$secret);
$link = "http://example.com/register.php?email=$email&hash=$hash";

并在您的 register.php 中向注册表单添加 2 个隐藏字段 - 电子邮件和哈希，存储它们从 GET 接收到的值.

And in your register.php add 2 hidden fields to the registration form - email and hash, storing their received values from GET.

最后，进行注册和检查，

Finally, process registration and check,

if (md5($_POST['email'].$secret) == $_POST['hash']) {
    //Continue registration.
}

这篇关于PHP电子邮件验证链接的最简单方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！