注册页面的用户验证电子邮件
Posted
技术标签:
【中文标题】注册页面的用户验证电子邮件【英文标题】:user verification email for registration page 【发布时间】:2013-12-02 13:00:08 【问题描述】:我正在 vb.net 中的网站上实施注册过程。我已经将插入用户详细信息的 sql 写入了我的数据库,其中包括一个随机字符串作为验证码。然后将带有验证链接的电子邮件发送给用户。该链接有一个查询,即验证码。通过该链接,用户被定向到具有 on_load 事件的页面,该事件检查查询字符串中的代码是否与数据库中的相同。每次我测试它时,用户都会被引导回默认页面,这意味着查询字符串验证码与数据库中的验证码不同。请有人告诉我我的代码有什么问题。我怀疑有一些明显的错误,但我对 sql 很陌生,所以不确定它为什么不起作用。
将注册输入详细信息添加到数据库并将验证链接通过电子邮件发送给他们的代码(使用随机字符串更新数据库后:
Imports System.Net
Imports System.Net.Mail
Imports System.Data.SqlClient
Imports System.Collections.Generic
Partial Class Account_Register
Inherits System.Web.UI.Page
Protected Sub RegisterWizard_FinishButtonClick(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.WizardNavigationEventArgs) Handles RegisterWizard.FinishButtonClick
'ADD NEW USER ACCOUNT DETAILS TO USER DATABASE --------------------------------------------------
Dim oPath As String = Server.MapPath("~/app_data/databaseX.mdb")
Dim oReader As System.Data.OleDb.OleDbDataReader = Nothing
Dim oConnection As System.Data.OleDb.OleDbConnection = Nothing
If Not agreeTerms.Checked Then
agreeTerms.ForeColor = Drawing.Color.Red
Return
ElseIf Page.IsValid Then
Dim Letters As New List(Of Integer)
'add ASCII codes for numbers
For i As Integer = 48 To 56
Letters.Add(i)
Next
'lowercase letters
For i As Integer = 97 To 122
Letters.Add(i)
Next
'uppercase letters
For i As Integer = 65 To 90
Letters.Add(i)
Next
'select 8 random integers from number of items in Letters
'then convert those random integers to characters and
'add each to a string and display in Textbox
Dim Rnd As New Random
Dim SB As New System.Text.StringBuilder
Dim Temp As Integer
For count As Integer = 1 To 8
Temp = Rnd.Next(0, Letters.Count)
SB.Append(Chr(Letters(Temp)))
Next
Dim oUserId As Integer = 0
Dim oName As String = txtName.Text
Dim oUserName As String = txtUsername.Text
Dim oPassword As String = txtpsswrd.Text
Dim oActiveAcc As String = "Yes"
Dim oVerCode As String = SB.ToString
Dim oVerUser As String = "No"
Dim ologged As String = "No"
Dim oOrg As String = txtorganiz.Text
Dim oTel As String = txttelephone.Text
Dim oEmail As String = txtEmail.Text
Dim oTown As String = Txttown.Text
Dim oRegStart As String = Date.Today
Dim oSubscribedUser As String = "No"
oConnection = New System.Data.OleDb.OleDbConnection(String.Format("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=0; Jet OLEDB:Database Password=xxxxxxxxx", oPath))
oConnection.Open()
Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")
Dim cmd As New SqlCommand
Dim oCommandSession As New System.Data.OleDb.OleDbCommand("INSERT INTO Users ([Name], Username, [Password], ActiveAccount, VerificationCode, VerifiedUser, LoggedIn, Organisation, Telephone, email, Town, RegistryStart, SubscribedUser)" & _
"VALUES (oName, oUserName, oPassword, oActiveAcc, oVerCode, oVerUser, ologged, oOrg, oTel, oEmail, oTown, oRegStart, oSubscribedUser)", oConnection)
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oName", oName))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oUserName", oUserName))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oPassword", oPassword))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oActiveAcc", oActiveAcc))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oVerCode", oVerCode))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oVerUSer", oVerUser))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@ologged", ologged))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oOrg", oOrg))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oTel", oTel))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oEmail", oEmail))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oTown", oTown))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oRegStart", oRegStart))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oSubscribedUser", oSubscribedUser))
oCommandSession.ExecuteNonQuery()
If Not oConnection Is Nothing Then
If oConnection.State = Data.ConnectionState.Open Then
oConnection.Close()
End If
End If
'SEND REGISTERATION CONFIRMATION EMAIL TO USER ------------------------------------
Dim oReciever As String = txtEmail.Text
Dim mm As New MailMessage("xxxxx@shippingresources.net", oReciever)
mm.Subject = "Registeration complete : Shipping Resources.net"
mm.Body = "<table align='center' width='70%' cellpadding='10' style='text-align: center; border: 3px solid #3366cc; background: #4576ea; color: #333'>" & _
"<tr><td colspan='2' style='background: #3366cc'><img src='http://www.shippingresources.net/Imgs/TitleBanner.png' width='100%' /></td></tr>" & _
"<tr><td colspan='2' style='text-align: left; text-indent: 50px'>Hello " & txtName.Text & ",</td></tr>" & _
"<tr><td colspan='2' style='font-size: 28px; padding: 10px auto 10px auto'><b>You're nearly there. You now just need to click the below link to verify your account</b></td></tr>" & _
"<tr><td colspan='2'><a href='http://www.shippingresources.net/Account/VerifyAccount.aspx?id=oVerCode'>Verify account.</a></td></tr>" & _
"<tr><td colspan='2' style='height: 80px'></td></tr>" & _
"<tr><td colspan='2' style='background: #3366cc'>© Shippingresources.net 2013 <img src='http://www.shippingresources.net/Imgs/logosmall.png' style='position: relative; top: 8px' /></td></tr>" & _
"</table>"
mm.IsBodyhtml = True
Dim smtp As New SmtpClient()
smtp.Host = "mail.shippingresources.net"
smtp.EnableSsl = False
Dim NetworkCred As New System.Net.NetworkCredential()
NetworkCred.UserName = "xxxxxxxxx@shippingresources.net"
NetworkCred.Password = "xxxxxxxxxx"
smtp.UseDefaultCredentials = True
smtp.Credentials = NetworkCred
smtp.Send(mm)
Response.Redirect("~/Default.aspx")
End If
End Sub
End Class
VerifyAccount.aspx 页面后面的代码用于检查随机代码(oVerCode)是否与数据库中的相同,并将数据库列“VerifiedUser”更新为“Yes”:
Imports System.Data.SqlClient
Imports System.Collections.Generic
Partial Class VerAccount
Inherits System.Web.UI.Page
Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
Dim VerifyAccount As String = Request.QueryString("id")
Dim oPath As String = Server.MapPath("app_data/databaseX.mdb")
Dim oValid As Boolean = False
Dim oReader As System.Data.OleDb.OleDbDataReader = Nothing
Dim oConnection As System.Data.OleDb.OleDbConnection = Nothing
Try
oConnection = New System.Data.OleDb.OleDbConnection(String.Format("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=0; Jet OLEDB:Database Password=xxxxxxxx", oPath))
oConnection.Open()
Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")
Dim cmd As New SqlCommand
Dim oParams As New List(Of System.Data.OleDb.OleDbParameter)
oParams.Add(New System.Data.OleDb.OleDbParameter("@VerificationCode", VerifyAccount))
Dim oCommand As New System.Data.OleDb.OleDbCommand( _
"SELECT VerificationCode FROM Users " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommand.Parameters.AddWithValue("?", VerifyAccount)
oReader = oCommand.ExecuteReader()
If oReader.Read() Then
oValid = True
Dim oVerCode = oReader.GetString(oReader.GetOrdinal("VerificationCode"))
End If
Catch ex As Exception
Finally
If Not oReader Is Nothing Then
If Not oReader.IsClosed Then
oReader.Close()
End If
oReader = Nothing
End If
End Try
If oValid Then
Dim oUserVerified As String = "Yes"
Dim oCommandSession As New System.Data.OleDb.OleDbCommand( _
"UPDATE Users SET VerifiedUser = ? " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommandSession.Parameters.AddWithValue("?", oUserVerified)
oCommandSession.Parameters.AddWithValue("?", VerifyAccount)
oCommandSession.ExecuteNonQuery()
Response.Redirect("~/Account/RegistrationComplete.aspx")
Else
Response.Redirect("~/Account/VerificationFailed.aspx")
End If
If Not oConnection Is Nothing Then
If oConnection.State = Data.ConnectionState.Open Then
oConnection.Close()
End If
End If
End Sub
End Class
非常感谢您的帮助:)
【问题讨论】:
您确定 oVerCode 变量的值在电子邮件链接中吗?看起来你可能有一个字符串文字。 谢谢丹,我想是的,除非我误解了你。我声明为字符串,当它生成时,它作为字符串保存到数据库中。 我认为@DanBracuk 在这里有所作为。您为mm.Body
赋值的代码是VerifyAccount.aspx?id=oVerCode'
,而不是VerifyAccount.aspx?id=" & oVerCode & "'
。
【参考方案1】:
使用参数查询满分。您只需要稍微清理一下代码即可。
首先,在 Jet/ACE OLEDB 中,参数纯粹是位置参数。我们可以给它们起名字,但名字会被忽略:重要的是参数是按照它们在 CommandText 中出现的确切顺序定义的。通常我们只使用?
作为参数占位符。
所以,在你的第一种情况下,试试
Dim oCommand As New System.Data.OleDb.OleDbCommand( _
"SELECT VerificationCode FROM Users " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommand.Parameters.AddWithValue("?", VerifyAccount)
oReader = oCommand.ExecuteReader()
[旁注:如果oReader.Read()
返回True
,那么您不需要从 OleDbDataReader 检索值,因为您已经拥有它。 (您只是将它用作 WHERE 子句的参数。)]
然后,稍后,使用类似的东西
Dim oUserVerified As String = "Yes"
Dim oCommandSession As New System.Data.OleDb.OleDbCommand( _
"UPDATE Users SET VerifiedUser = ? " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommandSession.Parameters.AddWithValue("?", oUserVerified)
oCommandSession.Parameters.AddWithValue("?", VerifyAccount)
oCommandSession.ExecuteNonQuery()
【讨论】:
感谢戈德,遗憾的是我仍然无法让我的代码工作并且已经工作了几个小时:(我认为需要了解更多 SQL。试图找出我的错误在哪里( s) 是,我将在上面的原始问题中发布我的所有代码。:)【参考方案2】:感谢两位。有两个问题,首先我很不好意思说出我的道路
数据库错误。同样正如你们俩所建议的,电子邮件链接应该是:
VerifyAccount.aspx?id=" & oVerCode & "'
而不是文字字符串。
非常感谢
【讨论】:
以上是关于注册页面的用户验证电子邮件的主要内容,如果未能解决你的问题,请参考以下文章