When you are programming with PHP, I have a habit of not liking to use ready-made library files, such as Phplib or other similar libraries, in this system, I also intend to write a library file, it needs to process authentication, confirm email, update the account (password, email) and so on.
<?php
function User_change_email ($password 1, $new _email, $user _name) {
Global $feedback, $hidden _hash_var;
if (Validate_email ($new _email)) {
$hash =md5 ($new _email. $hidden _hash_var);
file://Change the unordered code value confirmed in the database, but do not change the email
FILE://sends a confirmation email with a new authentication code.
$user _name=strtolower ($user _name);
$password 1=strtolower ($password 1);
$sql = "UPDATE user SET confirm_hash= ' $hash ' WHERE user_name= ' $user _name ' and password= '". MD5 ($password 1). "'";
$result =db_query ($sql);
if (! $result | | db_affected_rows ($RESULT) < 1) {
$feedback. = ' Error-incorrect User Name Or Password ';
return false;
} else {
$feedback. = ' confirmation Sent ';
User_send_confirm_email ($new _email, $hash);
return true;
}
} else {
$feedback. = ' New Email address appears Invalid ';
return false;
}
}
function User_confirm ($hash, $email) {
/*
When the user clicks on the related connection of authenticated email, connect to a confirmation page, the page will call this function,
*/
Global $feedback, $hidden _hash_var;
File://verify that they didn "t tamper with the" email address
$new _hash=md5 ($email. $hidden _hash_var);
if ($new _hash && ($new _hash== $hash)) {
file://found this record in the database.
$sql = "SELECT * from user WHERE confirm_hash= ' $hash '";
$result =db_query ($sql);
if (! $result | | db_numrows ($RESULT) < 1) {
$feedback. = ' Error-hash not Found ';
return false;
} else {
file://confirm Email and set account number to be activated
$feedback. = ' User account updated-you Are now logged in ';
User_set_tokens (Db_result ($result, 0, ' user_name '));
$sql = "UPDATE user SET email= ' $email ', is_confirmed= ' 1 ' WHERE confirm_hash= ' $hash '";
$result =db_query ($sql);