How to use PHP and email verification to implement a secure login and registration system?

How to use PHP and email verification to implement a secure login and registration system?

With the development of the Internet, more and more information and services require users to log in to access. In order to ensure user security, we can implement a secure login and registration system through email verification. This article will introduce how to implement such a system using PHP and email verification.

1. Implementation of registration function

1. Create database and tables

First, we need to create a database named "users" and add it in Create a table named "users". The structure of the table is as follows:

CREATE TABLE users (
id int(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
username varchar(255) NOT NULL,
email varchar(255) NOT NULL,
password varchar(255) NOT NULL,
code varchar(255) NOT NULL,
active tinyint(1) NOT NULL DEFAULT '0'
);

2. Registration page

Create a page named "register.php", which is used to display the registration form for users to fill in.

<form method="post" action="">
  <input type="text" name="username" placeholder="用户名" required><br>
  <input type="email" name="email" placeholder="邮箱" required><br>
  <input type="password" name="password" placeholder="密码" required><br>
  <input type="submit" name="register" value="注册">
</form>

3. Registration logic

Add the following PHP code in the "register.php" page to handle the user's registration request.

if (isset($_POST['register'])) {
  $username = $_POST['username'];
  $email = $_POST['email'];
  $password = $_POST['password'];
  $code = md5(uniqid(rand()));

  $insert_query = "INSERT INTO users (username, email, password, code) 
                   VALUES ('$username', '$email', '$password', '$code')";
  mysqli_query($connection, $insert_query);

  $to = $email;
  $subject = "验证您的邮箱";
  $message = "点击以下链接验证您的邮箱：

";
  $message .= "https://example.com/verify.php?email=$email&code=$code";
  $headers = "From: example@example.com";

  mail($to, $subject, $message, $headers);

  echo "请检查您的邮箱以完成注册。";
}

The above code will insert the registration information filled in by the user into the database, generate a unique verification code, and send it to the user via email for verification.

2. Implementation of the login function

1. Login page

Create a page named "login.php", which is used to display the login The form is filled out by the user.

<form method="post" action="">
  <input type="email" name="email" placeholder="邮箱" required><br>
  <input type="password" name="password" placeholder="密码" required><br>
  <input type="submit" name="login" value="登录">
</form>

2. Login logic

Add the following PHP code in the "login.php" page to handle the user's login request.

if (isset($_POST['login'])) {
  $email = $_POST['email'];
  $password = $_POST['password'];

  $login_query = "SELECT * FROM users WHERE email='$email' AND password='$password' AND active='1'";
  $result = mysqli_query($connection, $login_query);

  if (mysqli_num_rows($result) == 1) {
    echo "登录成功！";
  } else {
    echo "登录失败，请检查您的邮箱和密码。";
  }
}

The above code will query the database to see if there is a user matching the email address and password filled in by the user, and the user's account has been verified by email.

3. Implementation of email verification function

1. Verification page

Create a page named "verify.php", which is used for verification The user's email address.

<?php
$email = $_GET['email'];
$code = $_GET['code'];

$update_query = "UPDATE users SET active='1' WHERE email='$email' AND code='$code'";
mysqli_query($connection, $update_query);

echo "您的邮箱已通过验证，现在可以登录了！";
?>

The above code will update the "active" field of the corresponding user column in the database to 1, indicating that the email has been verified.

Through the above steps, we have implemented a safe and reliable login and registration system. Users need to fill in the correct email address when registering, and verify by clicking on the link in the email to complete the registration. When logging in, it will also be checked whether the user's email has been verified. This method can effectively prevent malicious registration and login operations and improve system security.

The above is the method and sample code introduced in this article to implement a secure login and registration system using PHP and email verification. Hope this helps!

The above is the detailed content of How to use PHP and email verification to implement a secure login and registration system?. For more information, please follow other related articles on the PHP Chinese website!