通过邮件激活用户账户

Question

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> 
<body> 
<?php 

require_once('database_detail.php'); 
if(isset($_POST['submit'])) 
{ 
$dbc=mysqli_connect(cname,chost,cpwd,cdb); 
$username=mysqli_real_escape_string($dbc,trim($_POST['username'])); 
$password=mysqli_real_escape_string($dbc,trim($_POST['password'])); 
$confirm=mysqli_real_escape_string($dbc,trim($_POST['confirm'])); 
$email=mysqli_real_escape_string($dbc,trim($_POST['email'])); 
$phone=mysqli_real_escape_string($dbc,trim($_POST['phone'])); 
    if(!empty($username) && !empty($password) && !empty($confirm) && !empty($email) &&  !empty($phone)) 
    { 
      if($password==$confirm) 
      { 
       $query="select * from user where  user_username='$username'"; 
       $data=mysqli_query($dbc,$query); 
       if(mysqli_num_rows($data)== 0) 
       { 
        $random=rand(1000,10000); 
        $query="insert into  user(user_username,user_password,user_email,user_phone,date,random)". 
         "values('$username',SHA('$password'),'$email','$phone',now(),'$random')"; 
        mysqli_query($dbc,$query); 
        $message="Account created successfully, kindly  visit the following link to activate your account"."\n"."localhost/login? activation=".$random; 
        $to=$email; 
        $subject="Account Activation"; 
         mail($to,$subject,$message,'From:'.'xyz@gmail.com'); 
        echo 'Account created successfully. kindly visit  your email addres and activate your account.'; 
       exit(); 

       } 
       else 
      { 
       echo 'same username exists'; 
       $username=""; 
       } 
      } 
      else echo 'Enter the same password in both'; 
    } 
    else echo 'Enter all the fields'; 
} 
?> 

<fieldset> 
<legend>signup</legend> 
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST" > 
Username:<input type="text" id="username" name="username" /> 
Password:<input type="password" name="password" id="password" /> 
Email<input type="text" name="email" id="email" /> 
Contact number<input type="text" name="phone" id="phone" /> 
Confirm Password:<input type="password" name="confirm" id="confirm" /> 
</fieldset> 
<input type="submit" name="submit" value="Sign up" /> 
</form> 
</body> 
</html> 

因此，这是用于邮寄用激活邮件注册唯一用户名密码的用户。现在我生成一个随机数，我将该特定的随机数存储在用户的数据库中，并且数据库中还有一个激活字段，它可以是0或1（对于未激活或未激活）。现在当用户登录时，我们检查激活字段，如果没问题，我们继续，否则我们检查url的$ _GET [激活]字段，如果它与存储在数据库中的随机数匹配，则继续返回激活错误。 现在是我们如何做到这一点或有其他方式。另外我如何删除一段时间后未激活的账户。

Answer 1

我不会用rand（）创建激活密钥。有可能两个人获得相同的号码。

所以我总是使用SHA1（）与用户名和当前时间。

---

对于灭活的账户的自动删除：

可以创建一个cronjob自动检查登记时间和当前时间之间的差。

Answer 2

检查：How to Generate secure activation link

user603003权说，cron的，用来执行调度操作简单的Linux程序，我个人用它来删除会话文件。如何使用cron

Here is the format of a cron job file: 

[min] [hour] [day of month] [month] [day of week] [program to be run] 

where each field is defined as 
[min] Minutes that program should be executed on. 0-59. Do not set as * or the program will be run once a minute. 
[hour] Hour that program should be executed on. 0-23. * for every hour. 
[day of month] Day of the month that process should be executed on. 1-31. * for every day. 
[month] Month that program whould be executed on. 1-12 * for every month. 
[day of week] Day of the week. 0-6 where Sunday = 0, Monday = 1, ...., Saturday = 6. * for every day of the week. 
[program] Program to be executed. Include full path information. 

Here are some examples: 

0,15,30,45 * * * * /usr/bin/foo 

Will run /usr/bin/foo every 15 minutes on every hour, day-of-month, month, and day-of-week. In other words, it will run every 15 minutes for as long as the machine it running.