0
私はこのコードを持っています(新しいユーザーにサインアップし、アカウントに有効なメールを送信するフォームです)。ユーザーにアクティベーションを送信新しいアカウントのメール
<?php
if(isset($_POST['submited'])) {
$msg="";
$RFname = clean_text($_POST['RFname']);
$RLname = clean_text($_POST['RLname']);
$USERname = clean_text($_POST['UserName']);
$USERpassword = $_POST['UserPass'];
$USERpassword2 = $_POST['UserPassConfirm'];
$USERemail = $_POST['UserEmail'];
$USERwebsite = $_POST['WebSite'];
$hash = clean_text(md5(rand(0,1000)));
if($USERpassword !== $USERpassword2) {
$msg = "<span class='errorMessges'>Confirm passwords did not match</span>";
}
elseif($check=$db->query("select 1 from loginaccess where Email ='".$USERemail."'")){
if(mysqli_num_rows($check) > 0) {
$msg = "<span class='errorMessges'>This email already taken</span>";
}
elseif(empty($_SESSION['6_letters_code']) || strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0){
$msg = "<span class='errorMessges'>Human code verification invalid</span>";
}
else{
$putData = " insert into loginaccess (id, FUname, LUname, Uname, Pword, Email, Website, hash) value ('', '$RFname', '$RLname', '$USERname', '$USERpassword', '$USERemail', '$USERwebsite', '$hash')";
$inputResult = $db -> query ($putData) or die ('$db->error');
if ($inputResult){
$msg = "<span class='successMessgaes'>You have been successfully registered</span>";
// Send email to our user
$to='$USERemail';
$subject ='Signup | Verification';
$message ='
Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.
------------------------
Username: '.$USERname.'
Password: '.$USERpassword.'
------------------------
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$USERemail.'&hash='.$hash.'
';
$headers = 'From:[email protected]' . "\r\n";
mail($to, $subject, $message, $headers);
}else{
$msg = "<span class='errorMessges'>There was an error please try again later</span>";
}
}
}
}
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<table width="762" border="0" cellspacing="5" cellpadding="5">
<tr>
<td colspan="2" class="socialAndPeopleByName">Personal information</td>
<td colspan="2"><span class="socialAndPeopleByName">Account information</span></td>
</tr>
<tr>
<td width="91" class="registrationInfo"><span class="red">*</span> First name</td>
<td width="203"><label for="textfield"></label>
<span id="sprytextfield1">
<input name="RFname" type="text" class="registrationFeild" id="textfield" />
<span class="textfieldRequiredMsg"><br>
First name is required.</span></span></td>
<td width="148"><span class="red">*</span><span class="registrationInfo"> User name</span></td>
<td width="255"><span id="sprytextfield5">
<input name="UserName" type="text" class="registrationFeild" id="textfield5" />
<span class="textfieldRequiredMsg"><br>
User name is required.</span></span></td>
</tr>
<tr>
<td class="registrationInfo"><span class="red">*</span> Last name</td>
<td><span id="sprytextfield2">
<input name="RLname" type="text" class="registrationFeild" id="textfield2" />
<span class="textfieldRequiredMsg"><br>
Last name is required.</span></span></td>
<td><span class="red">*</span><span class="registrationInfo"> Password</span></td>
<td><span id="sprypassword1">
<input name="UserPass" type="password" class="registrationFeild" id="textfield7" />
<span class="passwordRequiredMsg"><br>
Password is required.</span><span class="passwordMaxCharsMsg"><br>
Password can't be more then 20 letter</span><span class="passwordMinCharsMsg"><br>
Password can't be less then 6 letter</span></span></td>
</tr>
<tr>
<td class="registrationInfo"><span class="red">*</span> Valid email</td>
<td><span id="sprytextfield3">
<input name="UserEmail" type="text" class="registrationFeild" id="textfield3" />
<br>
<span class="textfieldRequiredMsg">Valid email is required.</span><span class="textfieldInvalidFormatMsg">Invalid email format.</span></span></td>
<td><span class="red">*</span><span class="registrationInfo"> Confirm Password</span></td>
<td><span id="sprypassword2">
<input name="UserPassConfirm" type="password" class="registrationFeild" id="textfield8" />
<span class="passwordRequiredMsg"><br>
Please confirm your password</span></span></td>
</tr>
<tr>
<td class="registrationInfo">Web site</td>
<td><span id="sprytextfield4">
<input name="WebSite" type="text" class="registrationFeild" id="textfield4" />
<br>
<span class="textfieldInvalidFormatMsg">Invalid format</span></span></td>
<td><span class="registrationInfo"><span class="red">*</span> Prove you are human</span></td>
<td><img src="includes/captcha.php?rand=<?php echo rand(); ?>" align="absmiddle" id='captchaimg' /> <a href="javascript: refreshCaptcha();"><img src="images/refreshIcon.jpg" alt="Refresh" width="18" height="25" border="0" align="absmiddle" /></a> <input name="6_letters_code" type="text" class="registrationFeildSmall" id="6_letters_code" /></td>
</tr>
<tr>
<td colspan="3"><?php if(!empty($msg)) {echo $msg;} ?></td>
<td><input name="submited" type="submit" class="signUpItem" id="submited" value="" /></td>
</tr>
</table>
</form>
ユーザーが、私はそれをしてください、ここで任意のアイデアをやるべきだと思う を提出するとき、私はただのメールを送信しません。
私は私が使っていた無料のホスティングを変更したが、まだ送信していないユーザーに任意のヘルプを確認
おかげ
サイドノート:いくつかのSQLインジェクションポイントがあります。 – ChrisK
もう1つの注意点として、パスワードをプレーンテキストで保存したり、電子メールでパスワードを送信したりしないでください。どちらも大きなセキュリティ問題です。 – Scott
ChrisK私が避けることができるSQLインジェクションポイントは何ですか? –