How to use PHP to write a secure login and registration system with email verification function?

How to use PHP to write a secure login and registration system with email verification function?

In the Internet era, security is the aspect that users are most concerned about when it comes to online websites and applications. In order to protect the security of users' accounts and information, we need to add some security features to the login and registration system, such as email verification. This article will introduce how to use PHP to write a secure login registration system with email verification function.

1. Create database

First, we need to create a database to store user information. Using the MySQL database, create a data table named "users" containing the following fields: id, username, email, password, and verified.

CREATE TABLE users (
id INT(11) AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
verified INT(1) NOT NULL DEFAULT 0
);

2. Registration function

Write the PHP code for the registration function. After the user fills out the registration form and submits it, we need to verify the user's input and save the user's information to the database.

<?php
// 获取表单输入数据
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];

// 验证用户输入

// 检查用户名是否已被注册

// 检查邮箱格式是否正确

// 生成一个随机验证码字符串
$verificationCode = bin2hex(random_bytes(16));

// 将用户信息保存到数据库
$query = "INSERT INTO users (username, email, password, verification_code) VALUES ('$username', '$email', '$password', '$verificationCode')";
mysqli_query($connection, $query);

// 发送验证邮件
$to = $email;
$subject = '账号激活邮件';
$message = '请点击以下链接激活您的账号：https://example.com/verify.php?code=' . $verificationCode;
$headers = 'From: noreply@example.com' . "
" .
'Reply-To: noreply@example.com' . "
" .
'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

// 提示用户验证邮件已发送
echo '注册成功！请检查您的邮箱并点击验证链接进行账号激活。';
?>

3. Verification function

Write PHP code for verification function. When the user clicks the verification link, we need to check whether the verification code in the link is valid and update the user's "verified" field in the database to 1, indicating that the account has been verified.

<?php
$verificationCode = $_GET['code'];

// 在数据库中查找匹配的验证代码
$query = "SELECT * FROM users WHERE verification_code = '$verificationCode' LIMIT 1";
$result = mysqli_query($connection, $query);

// 如果找到匹配的验证代码，更新用户的“verified”字段
if (mysqli_num_rows($result) > 0) {
    $user = mysqli_fetch_assoc($result);
    $userId = $user['id'];

    $updateQuery = "UPDATE users SET verified = 1 WHERE id = '$userId'";
    mysqli_query($connection, $updateQuery);

    echo '邮箱验证成功！您可以登录了。';
} else {
    echo '无效的验证链接。';
}
?>

4. Login function

Write the PHP code for the login function. After the user fills out the login form and submits it, we need to verify whether the email and password entered by the user match the records in the database.

<?php
$email = $_POST['email'];
$password = $_POST['password'];

// 在数据库中查找匹配的邮箱和密码
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password' LIMIT 1";
$result = mysqli_query($connection, $query);

// 如果找到匹配的记录，表示登录成功
if (mysqli_num_rows($result) > 0) {
    $user = mysqli_fetch_assoc($result);
    $verified = $user['verified'];

    if ($verified) {
        echo '登录成功！';
    } else {
        echo '账号尚未激活，请检查您的邮箱并点击验证链接进行账号激活。';
    }
} else {
    echo '邮箱或密码输入错误。';
}
?>

Through the above steps, we successfully used PHP to write a secure login registration system with email verification function. Users need to provide a valid email address when registering and activate the account by clicking the link in the verification email. This kind of system can effectively ensure the security of users' accounts and information. When a user logs in, we also check whether the account has been verified to provide a better user experience.

Of course, in practical applications, we still need to further improve the system, such as adding functions such as password encryption and safe exit, to ensure that user information is more secure and reliable. But this basic login registration system already provides us with a good starting point.

I hope this article can help you understand how to use PHP to write a secure login and registration system with email verification function. Strengthening the security of websites and applications is important to protect users and data, and I hope you can effectively apply this knowledge in practical applications.

The above is the detailed content of How to use PHP to write a secure login and registration system with email verification function?. For more information, please follow other related articles on the PHP Chinese website!