2
我正在尝试为小型企业网站实施仅限邀请的注册系统。管理员可以输入员工的个人电子邮件并将验证码发送给他/她。PHP和mySQL仅邀请注册
当员工点击电子邮件中的链接时,他将被重定向到注册页面。 (用于确定显示内容的开关)
事情是我之前做过注册页面,而且我很难将其应用于此邀请代码。邀请码使用“回显”来显示文本,而原始注册页面在使用php,html和css创建的表格中有一个表单。我的问题是如何修改代码以使它们兼容。
请参阅下面的代码:
INVITE.php
mysql_select_db($database_connSQL, $connSQL);
$query_RecInvite = "SELECT * FROM invite_codes";
$RecInvite = mysql_query($query_RecInvite, $connSQL) or die(mysql_error());
$row_RecInvite = mysql_fetch_assoc($RecInvite);
$totalRows_RecInvite = mysql_num_rows($RecInvite);
/*
This script assumes you already have a database setup, with a connection string in place.
First, we'll need to create our table...
Copy/paste the following SQL code into the database you'll be using.
CREATE TABLE `invite_codes` (
`id` int(11) NOT NULL auto_increment,
`invite_code` varchar(35) NOT NULL default '',
`time_stored` int(11) NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
*/
function genRandomString($length) {
$chars = "abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$string .= $chars[mt_rand(0, strlen($chars))];
}
return $string;
}
function clean($str) {
$value = mysql_escape_string(stripslashes(htmlspecialchars($str)));
return $value;
}
function sendEmail($mailto,$mailsubject,$mailcontent,$mailfrom) {
if($mailto == '' || $mailsubject == '' || $mailcontent == '' || $mailfrom == '') {
return false;
} else {
$headers = 'From: '.$mailfrom."\r\n".
'Reply-To: '.$mailfrom."\r\n" .
'X-Mailer: PHP/'.phpversion();
if(mail($mailto, $mailsubject, $mailcontent, $headers)) {
return true;
} else {
return false;
}
}
}
function checkEmail($email) {
if(!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { return false; }
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for($i = 0; $i < sizeof($local_array); $i++) {
if(!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if(!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) { return false; }
for($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
(empty($_GET['go']))?($go = 'home'):($go = $_GET['go']);
switch($go) {
case 'home':
echo 'This is an invite code example..<br />Generate a new invite code:<br />
<form action="?go=generate" method="post">
<input name="submit" type="submit" value="Generate" />
</form>';
break;
case 'generate':
$invite_code = genRandomString(25); // genRandomString(INT)
echo 'This is a random invite code: <b>'.$invite_code.'</b><br />Let's go ahead and toss this into our database...';
if(mysql_query("INSERT INTO invite_codes (id,invite_code,time_stored) VALUES ('','".$invite_code."','".mktime()."')")) {
echo '<br />Insertion successful<br /><br />Use code to invite a friend:<br />';
echo '<p><form action="?go=invite" method="post">
<input type="text" name="email" id="email" value="" />
<input type="hidden" name="code" id="code" value="'.$invite_code.'" />
<input name="submit" type="submit" value="Invite" />
</form></p>';
} else { echo 'Whoops! Something went horribly wrong, and we couldn't store the code :('; }
break;
case 'invite':
if(!empty($_POST['email'])) {
if(checkEmail($_POST['email'])) {
$thisDomain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$mailcont = "Someone has invited you to an invite only website!\nYour invite code is: ".$_POST['code'].".\n\nYou can use it at http://www.".$thisDomain."/newTATCS/login/invite.php?go=register&hash=".$_POST['code'];
if(sendEmail($_POST['email'],'You have been invited!',$mailcont,'[email protected]'.$thisDomain)) {
echo 'Your invite was dispatched to '.$_POST['email'].'<br /><br />Go back <a href="?go=home">home</a>';
} else { echo 'Whoops! Something went horribly wrong, and we couldn't send the email :('; }
} else { 'Whoops! Looks like the email address you selected is invalid :('; }
} else { 'Whoops! It looks like you didn't actually add an email address...'; }
break;
case 'register':
if(!empty($_POST['code'])) {
$code = clean($_POST['code']); // Because SQL injections are annoying :)
$query = mysql_query("SELECT id FROM invite_codes WHERE invite_code = '".$code."'");
if(mysql_num_rows($query) == 1) {
$fetch = mysql_fetch_object($query);
echo 'Congratulations, the invite code was found!<br />We're going to remove it from the database now...';
if(mysql_query("DELETE FROM invite_codes WHERE id = '".$fetch->id."'")) {
echo '<br />Code removed!';
} else { echo 'Whoops! Something went horribly wrong, and we couldn't remove the code :('; }
} else { echo 'Sorry, that code is invalid.'; }
} else {
echo 'This website is closed to the public. You will need an invite code to continue registration.
<p><form action="?go=register" method="post">
<input type="text" name="code" id="code" value="'.$_GET['hash'].'" />
<input name="submit" type="submit" value="Check" />
</form></p>';
}
break;
}
?>
REGISTER.php
<form id="register" name="register" method="POST" action="<?php echo $editFormAction; ?><?php echo $loginFormAction; ?>">
<div class="leftRegister">
<table width="278" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="278">Saultation<br />
<select name="salutation" id="salutation">
<option selected="selected">Mr.</option>
<option>Mrs.</option>
<option>Ms.</option>
<option>Dr.</option>
<option>Prof.</option>
</select></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><table width="278" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="138">Name<br /></td>
<td width="140"> </td>
</tr>
<tr>
<td valign="top"><span id="sprytextfield1">
<input name="firstname" class="regFirstname" type="text" id="firstname" />
<br />
<span class="textfieldRequiredMsg">Enter your First name .</span></span></td>
<td width="140" valign="top"><span id="sprytextfield2">
<input type="text" class="regLastname" name="lastname" id="lastname" />
<br />
<span class="textfieldRequiredMsg">Enter your Last name.</span></span></td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Personal Email<br />
<span id="sprytextfield9">
<input type="text" name="email" id="email" />
<br />
<span class="textfieldRequiredMsg">Please enter your personal email.</span></span></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Create a password<br />
<span id="sprypassword1">
<input type="password" name="password" id="password" />
<br />
<span class="passwordRequiredMsg">Please choose a password that contain at least<br />
1 letter and 1 number for maximum security.</span><span class="passwordMinCharsMsg">Minimum number of characters not met.<br />
Password must contain at least 5 characters.</span><span class="passwordInvalidStrengthMsg">Password must contain at least 1 letter and 1 number.</span></span></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Confirm your password<br />
<span id="spryconfirm1">
<input type="password" name="passwordcheck" id="passwordcheck" />
<span class="confirmRequiredMsg"><br />
Please make sure your password matches</span><span class="confirmInvalidMsg"><br />
The values don't match.</span></span></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Birthday<br />
<select name="BirthMonth">
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="BirthDay">
<?php
for ($i=1; $i<=31; $i++)
{
echo "<option value='$i'>$i</option>";
}
?>
</select>
<select name="BirthYear">
<?php
for ($i=2006; $i>=1900; $i=$i-1)
{
echo "<option value='$i'>$i</option>";
}
?>
</select></td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</div>
<div class ="rightRegister">
<table width="280" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2">Address
<br />
<span id="sprytextfield3">
<input type="text" name="address" id="address" />
<br />
<span class="textfieldRequiredMsg">Please enter your address</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">City<br />
<span id="sprytextfield4">
<input type="text" name="city" id="city" />
<br />
<span class="textfieldRequiredMsg">Please enter your city.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td width="108" valign="top">State/Province<br />
<span id="sprytextfield5">
<input type="text" name="state" id="state" class="regState" />
<span class="textfieldRequiredMsg">State required.</span></span></td>
<td width="144" valign="top">Zip/Postal Code<br />
<span id="sprytextfield6">
<input type="text" name="postalcode" id="postalcode" class="regPostalcode" />
<span class="textfieldRequiredMsg"><br />
Zip Code required.</span><span class="textfieldMaxCharsMsg"><br />
Enter 5-digit Zip code.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">Homephone
<span id="sprytextfield7"><br />
<input type="text" name="homephone" id="homephone" />
<br />
<span class="textfieldRequiredMsg">Please enter phone number.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">Cellphone<br />
<span id="sprytextfield8">
<input type="text" name="cellphone" id="cellphone" />
<br />
<span class="textfieldRequiredMsg">Please enter your cellphone number.</span></span></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2" align="right"><span class="submit">
<input type="submit" value="Submit" />
</span></td>
</tr>
<tr>
<td colspan="2" align="right"> </td>
</tr>
</table>
<p> </p>
</div>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<input type="hidden" name="MM_insert" value="register" />
</form>
</div>
非常感谢!有效!现在我正试图为用户设置一个链接,以便在代码弄糟的情况下重新发送确认电子邮件。我如何确保invite.php中的电子邮件安全并且无法通过更改电子邮件来修改? 例如, 起初我想我可能会做'domain.com/[email protected]&code=“abcasdklh54654' ,然后在错误页面,上面写着一个链接: ”代码无效,点击这里重新发送确认邮件“ ,但我意识到这样做意味着用户可以轻松操纵网址来更改电子邮件。 我应该如何避免这种情况? – alchuang
将代码旁边的电子邮件地址存储在同一张表中]在你的数据库中。 – Lusitanian