Implementing Email Verification for Login and Registration with PHP
This article explains how to build a secure email‑verification login and registration system using PHP and MySQL, covering database schema creation, user registration with verification code generation and email sending, verification link handling, and login validation, with full code examples.
With the growth of the Internet, login and registration functions are crucial, and email verification is commonly used to protect account security.
Create Database and Table Structure
First, a MySQL database and a users table are created to store registration information.
<code>CREATE DATABASE `userdb`;
USE `userdb`;
CREATE TABLE `users` (
`id` INT(11) NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
`email` VARCHAR(50) NOT NULL,
`password` VARCHAR(255) NOT NULL,
`is_verified` INT(1) NOT NULL DEFAULT '0',
`verification_code` VARCHAR(255),
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;</code>Registration Function Implementation
A register.php page collects name, email and password, generates a random verification code, stores the user record, and sends a verification email.
<code><?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$verification_code = md5(uniqid(rand(), true));
// Insert user into database
$conn = new mysqli('localhost','username','password','userdb');
$sql = "INSERT INTO users (name, email, password, verification_code) VALUES ('$name', '$email', '$password', '$verification_code')";
if ($conn->query($sql) === TRUE) {
// Send verification email
$subject = "请验证您的邮箱";
$message = "请点击以下链接完成验证:\n";
$message .= "http://yourdomain.com/verify.php?code=$verification_code";
$headers = "From: [email protected]";
mail($email, $subject, $message, $headers);
echo "注册成功,请前往您的邮箱验证账户!";
} else {
echo "注册失败,请稍后再试!";
}
$conn->close();
}
?>
</code>Email Verification Function Implementation
When the user clicks the verification link, the script checks the code, updates the is_verified field, and reports success or failure.
<code><?php
if (isset($_GET['code']) && !empty($_GET['code'])) {
$verification_code = $_GET['code'];
$conn = new mysqli('localhost','username','password','userdb');
$sql = "SELECT id FROM users WHERE verification_code='$verification_code' AND is_verified=0";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$sql = "UPDATE users SET is_verified=1 WHERE verification_code='$verification_code'";
if ($conn->query($sql) === TRUE) {
echo "验证成功!";
} else {
echo "验证失败,请稍后再试!";
}
} else {
echo "无效的验证码!";
}
$conn->close();
}
?>
</code>Login Function Implementation
The login script verifies the email, password, and that the account has been verified.
<code><?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$email = $_POST['email'];
$password = $_POST['password'];
$conn = new mysqli('localhost','username','password','userdb');
$sql = "SELECT id FROM users WHERE email='$email' AND password='$password' AND is_verified=1";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "登录成功!";
} else {
echo "登录失败,请检查邮箱和密码是否正确,或者邮箱是否已验证!";
}
$conn->close();
}
?>
</code>These examples provide a basic email‑verification login/registration system; in production you should also add password hashing, rate limiting, and other security measures.
php中文网 Courses
php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.