Unique identifier link value receiving failure in PHP isset GET

≯℡__Kan透↙ 提交于 2020-01-05 06:27:28

问题


I'm trying to verify registration via email with sending of unique identifier link to user.

I use it from remote server. Server, username, password, database values are correct, works fine with other .php-s, only difference verify.php has connection included, instead require 'connection.php';, but I'm not sure if connection produces following failure.

Sends:

$message = "<p>Hello, dear $user</p><a href='https://mypage.info/php/reg/verify.php?vkey=$vkey'>Confirm Account</a>";

and receives on email:

https://mypage.info/php/reg/verify.php?vkey=4bf65cf02210b304143589e6dc3714c0

link to verify.php, but php throws Something went wrong, or if instead die I'll check echo 'VKey: '. $vkey; or echo $mysqli->error; shows nothing.

Seems like by some reason if (isset($_GET['vkey'])) does not receives vkey correctly. I'm not sure what I'm doing wrong here:

Alert! This example code shows insecure method since accepts SQL parameters directly from user input. Requires Prepared Statements and Bound Parameters, real_escape_string()

<?php
  if (isset($_GET['vkey'])) {
     $vkey = $_GET['vkey'];
     $mysqli = NEW MySQLi ('server','username','password','db');
     $resultSet = $mysqli->query("SELECT verified, vkey FROM registration WHERE verified = 0 AND vkey = '$vkey' LIMIT 1");

     if ($resultSet->num_rows == 1)
     {
         $update = $mysqli->query("UPDATE registration SET verified = 1 WHERE vkey = '$vkey' LIMIT 1");

         if($update){
            echo "Your account has been verified. You may now login.";
         } else {
            echo $mysqli->error;
         }
     } 
     else 
     {
         echo "This account invalid or already verified";
     }
    } else {
     die("Something went wrong");
  }
?>

回答1:


Your code looks in the $_POST array instead of $_GET

  if (isset($_GET['vkey'])) {
     $vkey = $_GET['vkey'];



回答2:


SUGGESTION: instrument everything possible, and post back what you find.

For example:

<?php
  echo "vkey=" . $_GET['vkey'] . "...<br/>";
  if (isset($_GET['vkey'])) {
     $vkey = $_GET['vkey'];
     echo "vkey=" . $vkey . "...<br/>";
     $mysqli = NEW MySQLi ('server','username','password','db');
     echo "mysqli: SUCCEEDED...<br/>";
     $resultSet = $mysqli->query("SELECT verified, vkey FROM registration WHERE verified = 0 AND vkey = '$vkey' LIMIT 1");
     echo "resultSet: SUCCEEDED...<br/>";

     echo "resultSet->num_rows=" . $resultSet->num_rows . "...<br/>";
     if ($resultSet->num_rows == 1)
     {
         $update = $mysqli->query("UPDATE registration SET verified = 1 WHERE vkey = '$vkey' LIMIT 1");
         echo "update: SUCCEEDED...<br/>");

         if($update){
            echo "Your account has been verified. You may now login.";
         } else {
            echo $mysqli->error;
         }
     } 
     else 
     {
         echo "This account invalid or already verified";
     }
    } else {
      echo "ERROR STATE: " . $mysqli->error . "...<br/>";
     die("Something went wrong");
  }
?>

And no, I can't think of "... why md5 string" could be the culprit. But I think the above instrument (or similar) might help us determine EXACTLY where the problem is occurring ... and thus how to resolve it.

'Hope that helps...



来源:https://stackoverflow.com/questions/57813383/unique-identifier-link-value-receiving-failure-in-php-isset-get

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!