SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Hybrid View

  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Confirming Account Activation From Email?

    Hi,

    I have a piece of code for a registration script which appears to be working fine. It inserts the name, email address and password into the database. It also forwards an email to the submitted email. However I now need to insert a character into the database from the email address to authorise the email. (quite standard)

    However I am completely stuck on how to use the link on the email to activate the account. Should I do it on the page that sends the email or the link that is sent on the email?


    Code:
    <?php
            $_SESSION['userLoggedIn'] = 0;
            $_SESSION['userEmail'] = '';
            $_SESSION['userID'] = '';
       
            // Reset errors and success messages
            $errors = array();
            $success = array();
       
             
            // Register attempt 
            if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
            $firstname = mysql_real_escape_string(trim($_POST['firstname']));
            $surname = mysql_real_escape_string(trim($_POST['surname']));
                    $registerEmail = trim($_POST['email']); 
                    $registerPassword = trim($_POST['password']); 
                    $registerConfirmPassword        = trim($_POST['confirmPassword']); 
                                     
            if(!isset($firstname) || empty($firstname)) {
                    $errors['firstname'] = "Please enter your First Name.";
            }
    
    if(!isset($surname) || empty($surname)) {
                    $errors['surname'] = "Please enter your Surname.";
            }
    $email = "$registerEmail";
    if(!filter_var($email, FILTER_VALIDATE_EMAIL))
      {
                    $errors['falseEmail'] = "Please enter your email address in a valid format.  Example: bobsmith@companyname.com";
      }
     
     
                    if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)     
                            $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; 
                     
                    if($password != $confirmPassword && !$error) {
                    $error = "The passwords you entered did not match.";
            }
    
    
                    if($registerPassword != $registerConfirmPassword) 
                            $errors['registerConfirmPassword'] = 'Your passwords did not match.'; 
                     
                    if(strlen($registerConfirmPassword) < 6 || strlen($registerConfirmPassword) > 12)       
                            $errors['registerConfirmPassword'] = 'Please confirm your password.';   
       
     
    
    if(!$errors){
    $registerPassword = md5($registerPassword);
    $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', '". $registerPassword ."', NOW())";
    
                                                    
             $result = mysql_query($query); // remove the or die(mysql_error()) code after you resolve the error
             if($result){
                      $success['register'] = '
       
       
            Thank you for registering with Website.com.</p>
            You will soon receive a confirmation email.  Please click the confirmation link.';
                            
       
                     
    $query = mysql_query("SELECT * FROM users WHERE email = '". $registerEmail ."' OR email = '". $email ."'");
    $emailduplicate = null;
    if (mysql_num_rows($query) > 0)
    {
    $emailduplicate = 'Email Address is Already in Use.  Please <a href="http://www.website.com/test/activation.php?userid=Y">Retrieve Your Password</a>.';
    }         
       
       
                      $message = '
    <html>
    <body>
    <p>Welcome to Website.com</p>
    <a href="http://www.website.com/test/activation.php?activation=Y">Click Here</a> to activate your account.
    
    </body>
    </html>
    ';
                     
                     
                      mail(mysql_real_escape_string($registerEmail), 'Website.com Confirmation', $message, 'From: info@website.com' . "\r\n".'MIME-Version: 1.0' . "\r\n".'Content-type: text/html; charset=iso-8859-1' . "\r\n");
                     
              }
       }
       }
      
       
            ?>

  2. #2
    SitePoint Zealot
    Join Date
    Jun 2011
    Location
    Kolding, Denmark
    Posts
    108
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    My approach would be to generate a random hash string upon registering account and marking the account as pending activation. Also a good idea to store those activation hashes in separate table. Then use the hash string in activation link, which is emailed to user. When user clicks activation link, validate and delete the hash and mark corresponding account as activated.

  3. #3
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thanks, but I dont know how to communicate with the database when someone click on the link. I dont how to insert the hash into the database.

    Should I use insert code on the page that send the email or on the activation.php page which the link points to.

    www.website.com/activation.php?=randomhash

  4. #4
    SitePoint Zealot
    Join Date
    Jun 2011
    Location
    Kolding, Denmark
    Posts
    108
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    The hash has to be saved into database before sending it to user. You insert the hash into database same way you insert users in your code.
    To handle link in activation.php, use the $_GET['activation_hash'] to access the hash variable, if the link in the email is website.com/activation.php?activation_hash=123

  5. #5
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    So on the page that sends the link does this send the hash to the database and with the email to the user.

    When someone clicks on the link does the activation.php send (and match) the activation hash to the database?

    So I am doing two inserts or just one?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •