2012-04-15 7 views
0

私はこのコードを持っています(新しいユーザーにサインアップし、アカウントに有効なメールを送信するフォームです)。ユーザーにアクティベーションを送信新しいアカウントのメール

<?php 
     if(isset($_POST['submited'])) { 
      $msg=""; 

      $RFname = clean_text($_POST['RFname']); 
      $RLname = clean_text($_POST['RLname']); 
      $USERname = clean_text($_POST['UserName']); 
      $USERpassword = $_POST['UserPass']; 
      $USERpassword2 = $_POST['UserPassConfirm']; 
      $USERemail = $_POST['UserEmail']; 
      $USERwebsite = $_POST['WebSite']; 
      $hash = clean_text(md5(rand(0,1000))); 

      if($USERpassword !== $USERpassword2) { 
      $msg = "<span class='errorMessges'>Confirm passwords did not match</span>"; 
      } 

      elseif($check=$db->query("select 1 from loginaccess where Email ='".$USERemail."'")){ 
      if(mysqli_num_rows($check) > 0) { 
       $msg = "<span class='errorMessges'>This email already taken</span>"; 
      } 

      elseif(empty($_SESSION['6_letters_code']) || strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0){ 
      $msg = "<span class='errorMessges'>Human code verification invalid</span>"; 
      } 

      else{ 
       $putData = " insert into loginaccess (id, FUname, LUname, Uname, Pword, Email, Website, hash) value ('', '$RFname', '$RLname', '$USERname', '$USERpassword', '$USERemail', '$USERwebsite', '$hash')"; 

       $inputResult = $db -> query ($putData) or die ('$db->error'); 

       if ($inputResult){ 
       $msg = "<span class='successMessgaes'>You have been successfully registered</span>"; 

       // Send email to our user 
$to='$USERemail'; 
$subject ='Signup | Verification'; 
$message =' 

Thanks for signing up! 
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. 

------------------------ 
Username: '.$USERname.' 
Password: '.$USERpassword.' 
------------------------ 

Please click this link to activate your account: 

http://www.yourwebsite.com/verify.php?email='.$USERemail.'&hash='.$hash.' 

'; 

$headers = 'From:[email protected]' . "\r\n"; 
mail($to, $subject, $message, $headers); 

        }else{ 
         $msg = "<span class='errorMessges'>There was an error please try again later</span>"; 
        } 
       } 
      } 
     } 
    ?> 

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post"> 

<table width="762" border="0" cellspacing="5" cellpadding="5"> 
    <tr> 
    <td colspan="2" class="socialAndPeopleByName">Personal information</td> 
    <td colspan="2"><span class="socialAndPeopleByName">Account information</span></td> 
    </tr> 
    <tr> 
    <td width="91" class="registrationInfo"><span class="red">*</span> First name</td> 
    <td width="203"><label for="textfield"></label> 
     <span id="sprytextfield1"> 
     <input name="RFname" type="text" class="registrationFeild" id="textfield" /> 
     <span class="textfieldRequiredMsg"><br> 
     First name is required.</span></span></td> 
    <td width="148"><span class="red">*</span><span class="registrationInfo"> User name</span></td> 
    <td width="255"><span id="sprytextfield5"> 
     <input name="UserName" type="text" class="registrationFeild" id="textfield5" /> 
     <span class="textfieldRequiredMsg"><br> 
     User name is required.</span></span></td> 
    </tr> 
    <tr> 
    <td class="registrationInfo"><span class="red">*</span> Last name</td> 
    <td><span id="sprytextfield2"> 
     <input name="RLname" type="text" class="registrationFeild" id="textfield2" /> 
     <span class="textfieldRequiredMsg"><br> 
     Last name is required.</span></span></td> 
    <td><span class="red">*</span><span class="registrationInfo"> Password</span></td> 
    <td><span id="sprypassword1"> 
    <input name="UserPass" type="password" class="registrationFeild" id="textfield7" /> 
    <span class="passwordRequiredMsg"><br> 
    Password is required.</span><span class="passwordMaxCharsMsg"><br> 
    Password can't be more then 20 letter</span><span class="passwordMinCharsMsg"><br> 
    Password can't be less then 6 letter</span></span></td> 
    </tr> 
    <tr> 
    <td class="registrationInfo"><span class="red">*</span> Valid email</td> 
    <td><span id="sprytextfield3"> 
    <input name="UserEmail" type="text" class="registrationFeild" id="textfield3" /> 
    <br> 
    <span class="textfieldRequiredMsg">Valid email is required.</span><span class="textfieldInvalidFormatMsg">Invalid email format.</span></span></td> 
    <td><span class="red">*</span><span class="registrationInfo"> Confirm Password</span></td> 
    <td><span id="sprypassword2"> 
     <input name="UserPassConfirm" type="password" class="registrationFeild" id="textfield8" /> 
     <span class="passwordRequiredMsg"><br> 
     Please confirm your password</span></span></td> 
    </tr> 
    <tr> 
    <td class="registrationInfo">Web site</td> 
    <td><span id="sprytextfield4"> 
     <input name="WebSite" type="text" class="registrationFeild" id="textfield4" /> 
     <br> 
     <span class="textfieldInvalidFormatMsg">Invalid format</span></span></td> 
    <td><span class="registrationInfo"><span class="red">*</span> Prove you are human</span></td> 
    <td><img src="includes/captcha.php?rand=<?php echo rand(); ?>" align="absmiddle" id='captchaimg' /> <a href="javascript: refreshCaptcha();"><img src="images/refreshIcon.jpg" alt="Refresh" width="18" height="25" border="0" align="absmiddle" /></a>  <input name="6_letters_code" type="text" class="registrationFeildSmall" id="6_letters_code" /></td> 
    </tr> 
    <tr> 
    <td colspan="3"><?php if(!empty($msg)) {echo $msg;} ?></td> 
    <td><input name="submited" type="submit" class="signUpItem" id="submited" value="" /></td> 
    </tr> 
</table> 
</form> 

ユーザーが、私はそれをしてください、ここで任意のアイデアをやるべきだと思う を提出するとき、私はただのメールを送信しません。


私は私が使っていた無料のホスティングを変更したが、まだ送信していないユーザーに任意のヘルプを確認

おかげ

+2

サイドノート:いくつかのSQLインジェクションポイントがあります。 – ChrisK

+3

もう1つの注意点として、パスワードをプレーンテキストで保存したり、電子メールでパスワードを送信したりしないでください。どちらも大きなセキュリティ問題です。 – Scott

+0

ChrisK私が避けることができるSQLインジェクションポイントは何ですか? –

答えて

0

お返事ありがとうございました。メールを送信する際に多くの間違いがありましたが、これは正しいものです。

if ($inputResult){ 

$to = "$USERemail"; $subject = "Signup | Verification"; $email = "$UserEmail"; $message=' 
Thanks for signing up! 
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below. 

------------------------ 
Username: '.$USERname.' 
Password: '.$USERpassword.' 
------------------------ 

Please click this link to activate your account: 

http://www.yourwebsite.com/verify.php?email='.$USERemail.'&hash='.$hash.' 
'; 
$headers = "From: $UserEmail"; $sent = mail($to, $subject, $name, $message, $headers) ; if($sent) {print "<p style='color:#090'>Your mail was sent successfully</p>"; } else {print "We encountered an error sending your mail"; } 
$msg = "<span class='successMessgaes'>You have been successfully registered</span>"; 
0

は「php.iniの

  • で次のプロパティを確認してくださいオプションsendmail_path '
  • ' sendmail_from '

正しく設定してください。

+0

sendmail_from:値なし sendmail_path:/ usr/sbin/sendmail -t -i –

+0

私はホストを変更しましたが、 –

関連する問題