我正在努力保护我的成员系统。因此,如果有人想创建一个帐户,他需要通过电子邮件激活它。
现在,当我收到一封带有激活码的电子邮件时:他说We cannot find that email这很奇怪,因为电子邮件在数据库中。
我得到了一个名为activate.php 的脚本
<?php
if (isset($_GET['succes']) === true && empty ($_GET['succes']) === true) {
?>
<h2>Thanks, your account has been activated!</h2>
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = trim($_GET['email']);
$email_code = trim($_GET['email_code']);
$user = new User();
if($user->email_exists($email) === false) {
echo 'We cannot find that email';
} else if ($user->activate($email, $email_code) === false) {
echo 'problem activate your account';
}
}
?>
在classes目录中,我得到了一个名为User.php的文件激活功能
function activate ($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
require_once '../config.php';
if ($db->get($db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
$db->query("UPDATE `users` SET `group` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
以及email_exists函数:
function email_exists($email) {
return ($this->_db->get($this->_db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
从url 插入/获取电子邮件时使用urlencode和urldecode功能
$email = urldecode(trim($_GET['email']));
...
$url = 'http://site/?email='urlencode($email);
检查此项:
function email_exists($email) {
var_dump($email);exit;
return ($this->_db->get($this->_db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}