简单注册机制

简单的用户注册页面，通常包含这些元素：用户名，邮箱，密码，重复密码，验证码。

对这些元素，都需要加以验证，以确保不被恶意攻击。

注册机制

    if (strtolower($captcha) != strtolower($_SESSION['captcha'])) {

        //MESSAGE_CAPTCHA_WRONG;

    } else if (empty($user_name)) {

        //MESSAGE_USERNAME_EMPTY;

    } else if (empty($user_password) || empty($user_password_repeat)) {

        //MESSAGE_PASSWORD_EMPTY;

    } else if ($user_password !== $user_password_repeat) {

        //MESSAGE_PASSWORD_BAD_CONFIRM;

    } else if (strlen($user_password) < 6) {

        //MESSAGE_PASSWORD_TOO_SHORT;

    } else if (strlen($user_name) > 64 || strlen($user_name) < 2) {

        //MESSAGE_USERNAME_BAD_LENGTH;

    } else if (!preg_match('/^[a-z\d]{2,64}$/i', $user_name)) {

        //MESSAGE_USERNAME_INVALID;

    } else if (empty($user_email)) {

        //MESSAGE_EMAIL_EMPTY;

    } else if (strlen($user_email) > 64) {

        //MESSAGE_EMAIL_TOO_LONG;

    } else if (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {

        //MESSAGE_EMAIL_INVALID;
        // finally if all the above checks are ok

    } else {

        //Check whether the user exist!

        //用户密码Hash存储。
        //$hash_cost_factor = (defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null);
        //$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT, array('cost' => $hash_cost_factor));PHP 5.5

        //Insert into db.

        //Send Email with veryfication.

        //$user_activation_hash = sha1(uniqid(mt_rand(), true)); 验证HASH写入DB

        //写入Session
    }

验证机制

    //用户进入邮箱，点击验证URL。

    $link = EMAIL_VERIFICATION_URL.'?id='.urlencode($user_id).'&verification_code='.urlencode($user_activation_hash);

    //update db，激活用户