PHP:用于验证电子邮件的哈希 - PHP: Hash for verifying E-mail

所以，我用MySQL数据库为我的iPhone应用程序做了一个完整的注册过程。注册用户并最终登录非常有效。但现在我希望用户必须首先验证他的电子邮件才能登录

据我所知，我已经完成了，但它似乎不能正常工作。这是我的代码：

//signup.php
header('Content-type: application/json');
if($_POST) {
    $username   = $_POST['username'];
    $password   = $_POST['password'];
    $c_password = $_POST['c_password'];
    if($_POST['username']) {
        if ( $password == $c_password ) {
            $db_name     = 'db';
            $db_user     = 'user1';
            $db_password = 'myPassword';
            $server_url  = 'localhost';
            $mysqli = new mysqli('localhost', $db_user, $db_password, $db_name);
            /* check connection */
            if (mysqli_connect_errno()) {
                error_log("Connect failed: " . mysqli_connect_error());
                echo '{"success":0,"error_message":"' . mysqli_connect_error() . '"}';
            } else {
            $hash = md5( rand(0,1000) ); 
            $stmt = $mysqli->prepare("INSERT INTO users (username, password, hash) VALUES (?, ?, ?)");
                $password = md5($password);
                $stmt->bind_param('sss', $username, $password, $hash);
                /* execute prepared statement */
                $stmt->execute();
                if ($stmt->error) {
                error_log("Error: " . $stmt->error); 
                }
                $success = $stmt->affected_rows;
                /* close statement and connection */
                $stmt->close();
                /* close connection */
                $mysqli->close();
                error_log("Success: $success");
                if ($success > 0) {

                $to      = $username; // Send email to our user
                $subject = 'Signup | Verification'; // Give the email a subject 
                $message = '
                Thanks for signing up!
                Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.
                ------------------------
                Username: '.$username.'
                Password: '.$password.'
                ------------------------
                Please click this link to activate your account:
                http://www.mywebsite.ch/verify.php?email='.$username.'&hash='.$hash.'
                '; // Our message above including the link
                $headers = 'From:noreply@mywebsite.ch' . "'r'n"; // Set from headers
                mail($to, $subject, $message, $headers); // Send our email

                error_log("User '$username' created.");
                echo '{"success":1}';
                } 
                else {
                    echo '{"success":0,"error_message":"Username Exist."}';
                }
            }
        } 
        else {
            echo '{"success":0,"error_message":"Passwords does not match."}';
        }
    } 
    else {
        echo '{"success":0,"error_message":"Invalid Username."}';
    }
}
else {
    echo '{"success":0,"error_message":"Invalid Data."}';
}

这是我的验证代码：

//verify.php
header('Content-type: application/json');
$mysqli = new mysqli("localhost", "user", "myPassword", "db");
if (mysqli_connect_errno()) {
    error_log("Connect failed: " . mysqli_connect_error());
    echo '{"success":0,"error_message":"' . mysqli_connect_error() . '"}';
    } 
    else 
    {
        if(isset($_GET['username']) && !empty($_GET['username']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
         $username = mysqli_real_escape_string($GET['username']);
         $hash = mysqli_real_escape_string($GET['hash']);
    $stmt = $mysqli->query("SELECT username, hash, active FROM users WHERE username='".$username."' AND hash='".$hash."' AND active='0'"); 
    $match  = mysqli_num_rows($stmt);
    if($match > 0){
        // We have a match, activate the account
        $mysqli->query("UPDATE users SET active='1' WHERE username='".$username."' AND hash='".$hash."' AND active='0'");
        echo "Your account has been activated, you can now log in.";
    }
}

    else{
        // No match -> invalid url or account has already been activated.
        echo "The url is either invalid or you already have activated your account.";
    }

}
else{
    // Invalid approach
    echo "Invalid approach, please use the link that has been sent to your E-mail.";
}

我收到了一封用户名和哈希相同的电子邮件，它保存在数据库中，但仍然不起作用。相反，我得到的输出是"无效方法，请使用已发送到您的电子邮件的链接"。

我认为这是一个逻辑错误，因为在这里成为一个线程之前，我研究了很多，改变了很多。

注意：我知道，我不应该使用md5，而应该使用PHP中给定的函数。我向你保证，我会把这段代码带到PHP的最新阶段，但首先我想让它发挥作用。事实上，我是这个领域的新手，所以对于任何错误，我都提前道歉。

如有任何帮助，我们将不胜感激。

您的上一个else语句以前没有任何if？这里有整份文件吗？问题一定在if语句中。

if(???){
    [...]
}else{
    // Invalid approach
    echo "Invalid approach, please use the link that has been sent to your E-mail.";
}

一旦缩进，若/else使用，您的代码看起来就不太好了

if () {
} 
else{
    if(){
        if(){
        }
    }
    else{ 
    }
}
else{
    // Invalid approach
    echo "Invalid approach, please use the link that has been sent to your E-mail.";
}

除了Gauthier的答案外，还有其他错误。

在signup.php中，您可以定义类似的URL

http://www.mywebsite.ch/verify.php?email='.$username.'&hash='.$hash.'

但是，在verify.php中，您的$_GET应该使用

$_GET['email']

不是

$_GET['username']

同样作为提醒，检查isset()和!empty()是多余的。

该部分应该更像这个

if (isset($_GET['email']) && isset($_GET['hash'])) {
    $username = mysqli_real_escape_string($GET['email']);
    $hash = mysqli_real_escape_string($GET['hash']);
    ....