2

中小企業の Web サイトに招待制の登録システムを実装しようとしています。管理者は、従業員の個人的な電子メールを入力して、確認コードを送信することができます。

従業員が電子メールのリンクをクリックすると、登録ページにリダイレクトされます。(何を表示するかを決定するためにスイッチを使用)

問題は、以前に登録ページを作成したのですが、この招待コードにそれを実装するのに問題があります。招待コードは「echo」を使用してテキストを表示しますが、元の登録ページには、php、html、および css を使用して作成されたテーブル内にフォームがあります。私の質問は、互換性があるようにコードを変更するにはどうすればよいかということです。

コードについては、以下を参照してください。

INVITE.php

mysql_select_db($database_connSQL, $connSQL);
$query_RecInvite = "SELECT * FROM invite_codes";
$RecInvite = mysql_query($query_RecInvite, $connSQL) or die(mysql_error());
$row_RecInvite = mysql_fetch_assoc($RecInvite);
$totalRows_RecInvite = mysql_num_rows($RecInvite);

/*
This script assumes you already have a database setup, with a connection string in place.
First, we'll need to create our table...
Copy/paste the following SQL code into the database you'll be using.

CREATE TABLE `invite_codes` (
    `id` int(11) NOT NULL auto_increment,
    `invite_code` varchar(35) NOT NULL default '',
    `time_stored` int(11) NOT NULL default '0',
    PRIMARY KEY  (`id`)
) TYPE=MyISAM ;

*/
function genRandomString($length) {
    $chars = "0123456789abcdefghijklmnopqrstuvwxyz";
    for ($p = 0; $p < $length; $p++) {
        $string .= $chars[mt_rand(0, strlen($chars))];
    }
    return $string;
}
function clean($str) {
    $value = mysql_escape_string(stripslashes(htmlspecialchars($str)));
    return $value;
}
function sendEmail($mailto,$mailsubject,$mailcontent,$mailfrom) {
    if($mailto == '' || $mailsubject == '' || $mailcontent == '' || $mailfrom == '') {
        return false;
    } else {
        $headers = 'From: '.$mailfrom."\r\n".
        'Reply-To: '.$mailfrom."\r\n" .
        'X-Mailer: PHP/'.phpversion();
        if(mail($mailto, $mailsubject, $mailcontent, $headers)) {
            return true;
        } else {
            return false;
        }
    }
}
function checkEmail($email) {
    if(!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { return false; }
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for($i = 0; $i < sizeof($local_array); $i++) {
        if(!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
            return false;
        }
    }
    if(!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) { return false; }
        for($i = 0; $i < sizeof($domain_array); $i++) {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
                return false;
            }
        }
    }
    return true;
}
(empty($_GET['go']))?($go = 'home'):($go = $_GET['go']);
switch($go) {
    case 'home':
        echo 'This is an invite code example..<br />Generate a new invite code:<br />
            <form action="?go=generate" method="post">
            <input name="submit" type="submit" value="Generate" />
            </form>';
    break;
    case 'generate':
        $invite_code = genRandomString(25); // genRandomString( INT )
        echo 'This is a random invite code: <b>'.$invite_code.'</b><br />Let&#39;s go ahead and toss this into our database...';
        if(mysql_query("INSERT INTO invite_codes (id,invite_code,time_stored) VALUES ('','".$invite_code."','".mktime()."')")) {
            echo '<br />Insertion successful<br /><br />Use code to invite a friend:<br />';
            echo '<p><form action="?go=invite" method="post">
                <input type="text" name="email" id="email" value="" />
                <input type="hidden" name="code" id="code" value="'.$invite_code.'" />
                <input name="submit" type="submit" value="Invite" />
                </form></p>';
        } else { echo 'Whoops! Something went horribly wrong, and we couldn&#39;t store the code :('; }
    break;
    case 'invite':
        if(!empty($_POST['email'])) {
            if(checkEmail($_POST['email'])) {
                $thisDomain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
                $mailcont = "Someone has invited you to an invite only website!\nYour invite code is: ".$_POST['code'].".\n\nYou can use it at http://www.".$thisDomain."/newTATCS/login/invite.php?go=register&hash=".$_POST['code'];
                if(sendEmail($_POST['email'],'You have been invited!',$mailcont,'noreply@'.$thisDomain)) {
                    echo 'Your invite was dispatched to '.$_POST['email'].'<br /><br />Go back <a href="?go=home">home</a>';
                } else { echo 'Whoops! Something went horribly wrong, and we couldn&#39;t send the email :('; }
            } else { 'Whoops! Looks like the email address you selected is invalid :('; }
        } else { 'Whoops! It looks like you didn&#39;t actually add an email address...'; }
    break;
    case 'register':
        if(!empty($_POST['code'])) {
            $code = clean($_POST['code']); // Because SQL injections are annoying :)
            $query = mysql_query("SELECT id FROM invite_codes WHERE invite_code = '".$code."'");
            if(mysql_num_rows($query) == 1) {
                $fetch = mysql_fetch_object($query);
                echo 'Congratulations, the invite code was found!<br />We&#39;re going to remove it from the database now...';
                if(mysql_query("DELETE FROM invite_codes WHERE id = '".$fetch->id."'")) {
                    echo '<br />Code removed!';
                } else { echo 'Whoops! Something went horribly wrong, and we couldn&#39;t remove the code :('; }
            } else { echo 'Sorry, that code is invalid.'; }
        } else {
            echo 'This website is closed to the public. You will need an invite code to continue registration.
                <p><form action="?go=register" method="post">
                <input type="text" name="code" id="code" value="'.$_GET['hash'].'" />
                <input name="submit" type="submit" value="Check" />
                </form></p>';
        }
    break;
}
?>

REGISTER.php

<form id="register" name="register" method="POST" action="<?php echo $editFormAction; ?><?php echo $loginFormAction; ?>">
      <div class="leftRegister">
        <table width="278" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td width="278">Saultation<br />
              <select name="salutation" id="salutation">
                <option selected="selected">Mr.</option>
                <option>Mrs.</option>
                <option>Ms.</option>
                <option>Dr.</option>
                <option>Prof.</option>
            </select></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td><table width="278" border="0" cellpadding="0" cellspacing="0">
              <tr>
                <td width="138">Name<br /></td>
                <td width="140">&nbsp;</td>
              </tr>
              <tr>
                <td valign="top"><span id="sprytextfield1">
                  <input name="firstname" class="regFirstname" type="text" id="firstname" />
                  <br />
                  <span class="textfieldRequiredMsg">Enter your First name .</span></span></td>
                <td width="140" valign="top"><span id="sprytextfield2">
                  <input type="text" class="regLastname" name="lastname" id="lastname" />
                  <br />
                  <span class="textfieldRequiredMsg">Enter your Last name.</span></span></td>
              </tr>
            </table></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td>Personal Email<br />
              <span id="sprytextfield9">
              <input type="text" name="email" id="email" />
              <br />
              <span class="textfieldRequiredMsg">Please enter your personal email.</span></span></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td>Create a password<br />
              <span id="sprypassword1">
              <input type="password" name="password" id="password" />
              <br />
            <span class="passwordRequiredMsg">Please choose a password that contain at least<br />
1 letter and 1 number for maximum security.</span><span class="passwordMinCharsMsg">Minimum number of characters not met.<br />
Password must contain at least  5 characters.</span><span class="passwordInvalidStrengthMsg">Password must contain at least 1 letter and 1 number.</span></span></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td>Confirm your password<br />
              <span id="spryconfirm1">
              <input type="password" name="passwordcheck" id="passwordcheck" />
            <span class="confirmRequiredMsg"><br />
            Please make sure your password matches</span><span class="confirmInvalidMsg"><br />
            The values don't match.</span></span></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td>Birthday<br />
              <select name="BirthMonth">
                <option value="1">January</option>
                <option value="2">February</option>
                <option value="3">March</option>
                <option value="4">April</option>
                <option value="5">May</option>
                <option value="6">June</option>
                <option value="7">July</option>
                <option value="8">August</option>
                <option value="9">September</option>
                <option value="10">October</option>
                <option value="11">November</option>
                <option value="12">December</option>
              </select>
              <select name="BirthDay">
                <?php
    for ($i=1; $i<=31; $i++)
    {
     echo "<option value='$i'>$i</option>";
    }
   ?>
              </select>
              <select name="BirthYear">
                <?php
    for ($i=2006; $i>=1900; $i=$i-1)
    {
     echo "<option value='$i'>$i</option>";
    }
   ?>
            </select></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
        </table>
      </div>

      <div class ="rightRegister">
        <table width="280" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td colspan="2">Address
              <br />
              <span id="sprytextfield3">
              <input type="text" name="address" id="address" />
              <br />
              <span class="textfieldRequiredMsg">Please enter your address</span></span></td>
          </tr>
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td colspan="2">City<br />
              <span id="sprytextfield4">
              <input type="text" name="city" id="city" />
              <br />
            <span class="textfieldRequiredMsg">Please enter your city.</span></span></td>
          </tr>
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td width="108" valign="top">State/Province<br />
              <span id="sprytextfield5">
              <input type="text" name="state" id="state" class="regState" />
            <span class="textfieldRequiredMsg">State  required.</span></span></td>
            <td width="144" valign="top">Zip/Postal Code<br />
              <span id="sprytextfield6">
              <input type="text" name="postalcode" id="postalcode" class="regPostalcode" />
              <span class="textfieldRequiredMsg"><br />
Zip Code required.</span><span class="textfieldMaxCharsMsg"><br />
Enter  5-digit Zip code.</span></span></td>
          </tr>
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td colspan="2">Homephone
              <span id="sprytextfield7"><br />
              <input type="text" name="homephone" id="homephone" />
              <br />
              <span class="textfieldRequiredMsg">Please enter  phone number.</span></span></td>
          </tr>
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td colspan="2">Cellphone<br />
              <span id="sprytextfield8">
              <input type="text" name="cellphone" id="cellphone" />
              <br />
            <span class="textfieldRequiredMsg">Please enter your cellphone number.</span></span></td>
          </tr>
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td colspan="2" align="right"><span class="submit">
              <input type="submit" value="Submit" />
            </span></td>
          </tr>
          <tr>
            <td colspan="2" align="right">&nbsp;</td>
          </tr>
        </table>
        <p>&nbsp;</p>
      </div>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <input type="hidden" name="MM_insert" value="register" />
    </form>
  </div>
4

1 に答える 1

3

登録ページで、クエリ文字列 ( site.php?code=ajiofdjasoiej39048) から招待コードを取得します。次に、その招待コードを持つ行がデータベースに存在するかどうかを確認します。存在する場合は、登録フォームを表示します。それ以外の場合は、エラー メッセージを表示します。送信時にコードを再度確認し、ユーザーが正常に登録されたら、DB から招待コードを削除します。

また、php_mysql は非推奨です。代わりに MySQLi または PDO を使用してください。

于 2012-06-27T20:48:00.590 に答える