verify a user via e-mail in PHP

Question

I\'m actually creating a web application using PHP and seek help verifying a user. As with certain websites, when you register, an e-mail is sent to you with a confirmation

Answer 1

just like with CSRF protection you generate an unique token.

$token =  md5(uniqid(rand(), TRUE));

You store that value in your session for that email and when the user clicks link in email(you pass token via the query-string) you compare the two values.

To make it more secure you could just as with CSRF add a time-limit.