PHP implements email verification and account activation after user registration

When we register members on many websites, after the registration is completed, the system will automatically send an email to the user's mailbox. The content of this email is a URL link. The user needs to click and open this link to activate the account previously registered on the website. . Membership functions can be used normally only after activation is successful.

This article will use examples to explain how to use PHP+Mysql to complete the functions of registering an account, sending activation emails, verifying activation accounts, and handling URL link expiration.

Business process

1. User submits registration information.

2. Write to the database. The account status is not activated at this time.

3. Encrypt the username, password or other identifying characters to form an activation identification code (you can also call it an activation code).

4. Send the constructed activation identification code into a URL to the email address submitted by the user.

5. The user logs in to the email and clicks on the URL to activate.

6. Verify the activation identification code. If correct, activate the account.

Prepare the data table

The field Email in the user information table is very important. It can be used to verify users, retrieve passwords, and even for website parties, it can be used to collect user information for email marketing. The following is the user information table t_user Table structure:

CREATE TABLE IF NOT EXISTS `t_user` ( 
  `id` int(11) NOT NULL AUTO_INCREMENT, 
  `username` varchar(30) NOT NULL COMMENT '用户名', 
  `password` varchar(32) NOT NULL COMMENT '密码', 
  `email` varchar(30) NOT NULL COMMENT '邮箱', 
  `token` varchar(50) NOT NULL COMMENT '帐号激活码', 
  `token_exptime` int(10) NOT NULL COMMENT '激活码有效期', 
  `status` tinyint(1) NOT NULL DEFAULT '0' COMMENT '状态,0-未激活,1-已激活', 
  `regtime` int(10) NOT NULL COMMENT '注册时间', 
  PRIMARY KEY (`id`) 
) ENGINE=MyISAM  DEFAULT CHARSET=utf8;

HTML

Place a registration form on the page, and users can enter registration information, including username, password and email.

<form id="reg" action="register.php" method="post"> 
    <p>用户名：<input type="text" class="input" name="username" id="user"></p> 
    <p>密 码：<input type="password" class="input" name="password" id="pass"></p> 
    <p>E-mail：<input type="text" class="input" name="email" id="email"></p> 
    <p><input type="submit" class="btn" value="提交注册"></p> 
</form>

Necessary front-end verification is required for user input. Regarding the form verification function, it is recommended that you refer to the article on this site: Examples explaining the application of the form verification plug-in Validation. This article skips the front-end verification code. In addition, there should be There is an input box that requires the user to re-enter the password, so I just skipped it because I was lazy.

register.php

Users submit registration information to register.php for processing. register.php needs to complete two major functions: writing data and sending emails.

First of all, it contains the two necessary files, connect.php and smtp.class.php. These two files are included in the download package provided outside. You are welcome to download.

include_once("connect.php");//连接数据库 
include_once("smtp.class.php");//邮件发送类

Then we need to filter the information submitted by the user and verify whether the username exists (the front end can also verify).

$username = stripslashes(trim($_POST['username'])); 
$query = mysql_query("select id from t_user where username='$username'"); 
$num = mysql_num_rows($query); 
if($num==1){ 
    echo '用户名已存在，请换个其他的用户名'; 
    exit; 
}

Then we encrypt the user password and construct the activation identification code:

$password = md5(trim($_POST['password'])); //加密密码 
$email = trim($_POST['email']); //邮箱 
$regtime = time(); 
 
$token = md5($username.$password.$regtime); //创建用于激活识别码 
$token_exptime = time()+60*60*24;//过期时间为24小时后 
 
$sql = "insert into `t_user` (`username`,`password`,`email`,`token`,`token_exptime`,`regtime`)  
values ('$username','$password','$email','$token','$token_exptime','$regtime')"; 
 
mysql_query($sql);

In the above code, $token is the constructed activation identification code, which is composed of the user name, password and current time and is encrypted by md5. $token_exptime is used to set the expiration time of the activation link URL. The user can activate the account within this time period. In this example, the activation is valid within 24 hours. Finally, these fields are inserted into the data table t_user.

When the data is inserted successfully, call the email sending class to send the activation information to the user's registered mailbox. Pay attention to forming the constructed activation identification code into a complete URL as the activation link when the user clicks. The following is the detailed code:

if(mysql_insert_id()){ 
    $smtpserver = ""; //SMTP服务器，如：smtp.163.com 
    $smtpserverport = 25; //SMTP服务器端口，一般为25 
    $smtpusermail = ""; //SMTP服务器的用户邮箱，如xxx@163.com 
    $smtpuser = ""; //SMTP服务器的用户帐号xxx@163.com 
    $smtppass = ""; //SMTP服务器的用户密码 
    $smtp = new Smtp($smtpserver, $smtpserverport, true, $smtpuser, $smtppass); //实例化邮件类 
    $emailtype = "HTML"; //信件类型，文本:text；网页：HTML 
    $smtpemailto = $email; //接收邮件方，本例为注册用户的Email 
    $smtpemailfrom = $smtpusermail; //发送邮件方，如xxx@163.com 
    $emailsubject = "用户帐号激活";//邮件标题 
    //邮件主体内容 
    $emailbody = "亲爱的".$username."：<br/>感谢您在我站注册了新帐号。<br/>请点击链接激活您的帐号。<br/> 
    <a href=&#39;http://www.helloweba.com/demo/register/active.php?verify=".$token."&#39; target= 
&#39;_blank&#39;>http://www.helloweba.com/demo/register/active.php?verify=".$token."</a><br/> 
    如果以上链接无法点击，请将它复制到你的浏览器地址栏中进入访问，该链接24小时内有效。"; 
    //发送邮件 
    $rs = $smtp->sendmail($smtpemailto, $smtpemailfrom, $emailsubject, $emailbody, $emailtype); 
    if($rs==1){ 
        $msg = &#39;恭喜您，注册成功！<br/>请登录到您的邮箱及时激活您的帐号！&#39;;     
    }else{ 
        $msg = $rs;     
    } 
} 
echo $msg;

There is also a very easy-to-use and powerful email sending class to share with everyone: use PHPMailer to send emails with attachments and support HTML content. You can use it directly.

active.php

If nothing goes wrong, the email you filled in when registering your account will receive an email from helloweba. At this time, you can directly click the activation link and let active.php handle it.

active.php receives the submitted link information and obtains the value of the parameter verify, which is the activation identification code. Query and compare it with the user information in the data table. If there is a corresponding data set, determine whether it has expired. If it is within the validity period, set the status field in the corresponding user table to 1, which means it has been activated. This completes the activation function. .

include_once("connect.php");//连接数据库 
 
$verify = stripslashes(trim($_GET['verify'])); 
$nowtime = time(); 
 
$query = mysql_query("select id,token_exptime from t_user where status='0' and  
`token`='$verify'"); 
$row = mysql_fetch_array($query); 
if($row){ 
    if($nowtime>$row['token_exptime']){ //24hour 
        $msg = '您的激活有效期已过，请登录您的帐号重新发送激活邮件.'; 
    }else{ 
        mysql_query("update t_user set status=1 where id=".$row['id']); 
        if(mysql_affected_rows($link)!=1) die(0); 
        $msg = '激活成功！'; 
    } 
}else{ 
    $msg = 'error.';     
} 
echo $msg;

After successful activation, you find that the token field is no longer useful, you can clear it. Next, we will explain the function for users to retrieve passwords, and also use email verification, so stay tuned.