1. 技术文章
  2. validation link via email

validation link via email

ε祈祈猫儿з 提交于 2019-11-28 22:06:16

What I like to do is:

  • Generate a unique, random ID in the registration process

  • Store the ID along with the E-Mail address, a "confirmed" field (default: "no") and any additional data in a database table

  • Send out the E-Mail with an URL pointing to activate the unique ID (e.g. domain.com/activate.php?id=102939505595

  • The activation page checks whether the unique key exists and changes the confirmed field to yes (or 1 or whatever).

  • Additionally and optionally, save the confirmation date/time, IP address and user agent.

Insert the user into a table with a 'pending' flag set (or a 'validated' flag not set). They should not be able to do anything until the flag is changed. If you want to be really thorough, actually put them into a users_temp table. Generate a totally random key and associate it with their user ID. The link you email to them should be http://yourwebsite.com/?activate=totallyrandomkeyigeneratedearlier. When you get an activation request, turn on the valid flag for the user with the corresponding random key.

no database needed. you can send all data in the hyperlink signed by hash

I've answered similar question recently even with expiration time.
though it was for the password recovery link, but idea is the same

$token = sha1($time.$email.$salt).dechex(time()).dechex($user_id);
$link = "http://".$domain."/restorepass/?token=$token";

whole token would looks like single hexdecimal number and it would be hard to guess it's meaning.

upon receive just split and decode it back.
Neat, IMO.

Personally I would add there details to the database and have a fields called "active" then when they click the activation link all you need to do is update this one field.

You could also have a "This was not me" link in the email and if they click this you remove all there details.

Generate a unique ID and store this together with the username/password within some temporary database entry for the new user.

$tmpID = uniqid();

Then, adapt the link in you eMail-body to e.g:

$body = "Please click the link to activate your email \n
http://www.activationlink.com/activateAccount?activate=".$tmpID;

If the user requests /activateAccount on your server, check the database entry against the $_GET['activate'] parameter, and set the user activated (if it matches).

In order to make sure your database does not just get more and more entries, you could use a cron-job who clears entries older than e.g. 24h.

Firstly you will need to add 2 column to your database table that holds the users

The column should be called active and activation_hash

When the user registers you need to insert the user to the DB but set the active to 0 and the activation_hash becomes some random md5 of the users email_address,first_name etc with a unique_id() in there, make sure its in MD5 Format and then store that in the activation_hash column.

In your email template add the link for the user to activate such as:

<a href="http://mydomain.registrer.php?process=activate&id=<?php echo $user_id;?>&hash=<?php echo $activation_hash;?>">Activate your account</a>

Then inside your register file or wherever you your pointing the activation link to, just get the user_id & the activation hash via $_GET and validate against your db.

if they do not match then ask the user to enter his password to send another activation hash. otherwise set the column active to 1 so that the rest of your application knows what status the user is.

thats basically it.

Here is my full solution scenario :

CREATE TABLE signup  (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(30) NOT NULL,
password VARCHAR(30) NOT NULL,
email VARCHAR(30) NOT NULL,
token VARCHAR(30) NOT NULL,
verified VARCHAR(50),
registration_date TIMESTAMP,
maxdate TIMESTAMP
);

Add signup page signup.php

Add the following form:

    <form name="signupform" method="post" action="process.php">
    Username:
    <input type="text" name="username">
    <br> Password:
    <input type="text" name="password">
    <br> Email:
    <input type="text" name="email">
    <br>
    <input type="submit" value="Signup">
</form>

Create process.php page:

<?php
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
date_default_timezone_set('America/New_York');
$registration_date = date('Y-m-d H:i:s');
$verified = 0;
$maxdate = date('Y-m-d H:i:s', strtotime($registration_date . ' +1 day'));
$salt = uniqid(mt_rand() , true);
$token = msha1(registration_date . md5($salt));
$sql = "INSERT INTO signup (username, password, email, token, verified, registration_date, maxdate) VALUES ('$username', '$password', '$email', '$token', '$verified', '$registration_date', '$maxdate')";

if (mysqli_query($conn, $sql))
    {
    $msg = 'Please click this link to verify your email: http://www.yourdomain.com/verifyemail.php?token=' . $token;
    mail($email, $subject, $msg);
    }
  else
    {
    echo mysql_error();
    }

?>

afterwards create verifyemail.php :

<?php
$token = $_REQUEST['token'];
date_default_timezone_set('America/New_York');
$current_time = date('Y-m-d H:i:s');
$sql = "SELECT * FROM users WHERE token='$token' AND maxtime >'$current_time' AND verified=0";
$result = mysqli_query($conn, $sql);
$notverified = mysqli_num_rows($result);

if ($notverified)
    {
    $sql = "update signup set verified=1 where token='$token'";
    $result = mysqli_query($conn, $sql);
    if ($result)
        {
        echo 'Email verified';
        }
      else
        {
        echo 'Error';
        }
    }
  else
    {
    echo 'Link expired';
    }

?>
标签
php
mysql
email
activation
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!