我已经在我的网站上有一个高级用户登录/注册系统(
colemansystems.psm2.co.uk).但是,我想向新用户发送一封电子邮件,以验证他们的电子邮件地址.如果他们没有点击链接,他们将无法访问他们的帐户.我对PHP和MySQL有半经验,所以请深入解释.
编辑:我用于verify.php文件的代码(用户用GET点击的链接(例如,verify.php?d = 51773199320))
$secret = $_GET['d'];
$result = mysql_query("SELECT valid FROM users WHERE secret=$secret");
while ($row = mysql_fetch_array($result))
{
$valid = $row['valid'];
}
if ($valid == "") {
echo"There seems to be a problem with the verification code.
";
}
elseif ($valid == "1")
{
echo"Your account is already verified.
";
}
else
{
mysql_query("UPDATE users SET valid = '1' WHERE secret=$secret");
echo "Thank you, your account is now verified and you are free to use the exclusive features!
";
}
这是安全吗?