Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Website Email Validation

Posted on 2007-03-17
8
Medium Priority
?
222 Views
Last Modified: 2012-05-05
Hi,

I am looking to implement quite a common bit of functionality on my website. I have a login page where users provide their login details and are then signed up to become members. Unfortunately the website is getting invalid website addresses used to create the accounts. Ive seen on some websites that when you sign up they send an email to the specified email address with a link, which when clicked validates the address and finalises the account creation. This is what I would like to implement on my website account setup.

I am using PHP and MySQL on the website.

Thanks in advance for any advice posted.

0
Comment
Question by:Benjamin297
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 28

Expert Comment

by:gamebits
ID: 18739899
vSignup 2.5 available here offer this feature as well as many others, free to use, excellent script, if you don't want to use this script you can always have a look at the code and see how it is implemented.

http://www.beanbug.net/vScripts.php
0
 
LVL 9

Accepted Solution

by:
under_dog earned 500 total points
ID: 18739904
What you want to do is:

1/ When the user signs up generate a random 10-15 digit code and save it to your users table. Make sure it's unique to that user.

2/ Have a field in your users table called "validated" or something similar. Make it boolean.

3/ When the user signs up send them a link to your "validation" page which will include in the URL string the code you generated in step 1.

4/ When they arrive at the validation page look up the code they have arrived with in your database and update the "validated" field to true.

5/ On the login page when you check the username and password, also check the "validated" field.

Extra:

- You can also include a datetime field for when they initially signup and regularly delete all the rows where they haven't validated in say 3 days to keep your db nice and clean.
0
 
LVL 4

Assisted Solution

by:HTorres
HTorres earned 500 total points
ID: 18746332
you want code samples ?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Benjamin297
ID: 18751098
If youve got them then that would be great!
0
 
LVL 4

Expert Comment

by:HTorres
ID: 18751319


first, the registration part
<?
  // check if the user already exists
  $sql = "select * from users where username = '" . $usuario . "' limit 1; " ;
  $result = mysql_query($sql, $dbh );
  $numrows = mysql_numrows($result);
 
  if ($numrows >= 1) { $reason=$reason . "<li> The username you specified already exists, please choose another one<br>" }
  if ($field3=="") { $reason=$reason . "<li> Field 3 cannot be empty"; }
  //additional validation, as... email syntax, another required fields
 
  if ($reason!="")
    {
      // Says reeason(s)
      echo $reason;
    } echo {
      // it does not exist, and the rest of info its ok.

      #$vocales="aeiou";
      #$consonantes="bcdfghjklmnpqrstvwxyz";
      $numeros="0123456789";
     
      $randomsec="";
     
      $randomsec=$randomsec . substr($numeros, rand(0,9),1);
      // adds one number
      $randomsec=$randomsec . substr($numeros, rand(0,9),1);
      // adds one number
      $randomsec=$randomsec . substr($numeros, rand(0,9),1);
      // adds one number
      $randomsec=$randomsec . substr($numeros, rand(0,9),1);
      // adds one number
      $randomsec=$randomsec . substr($numeros, rand(0,9),1);
      // adds one number
      $randomsec=$randomsec . substr($numeros, rand(0,9),1);
     
      // insert
      $sql = "INSERT INTO users ( username,   validated, randomsec,   field3, field4, field5, field6, field7 ) " .  
                       " VALUES ('$username', '0',      '$randomsec', '0',    '0',    '0',    '0',    '0',   ) ";
      $result = mysql_query($sql, $dbh );

      //notify                    
      $confirmacion="
     
      YourSite.com
      Your slogan
     
      We are glad you become a new member!!!
     
      Please confirm your registration using this link
      http://www.yoursite.com/confirmations.php?userid=" . urlencode($username) . "&rs=" . md5($randomsec) . "
     
      Thank you again and have a nice day.
     
      YourSite.com
      Member Registration
     
      Powered by YourCompany.com" ;
     
      mail($useremail, "Registration", $confirmacion ,
      "From: do-not-reply@yoursite.com\r\n" .                        
      "Reply-To: do-not-reply@yoursite.com\r\n" .
      "X-Mailer: PHP/" . phpversion() . "\r\n"  );

      echo "An email has been sent to the mail address " . $useremail . " please confirm your registration.";      

    }
   
?>
0
 
LVL 4

Expert Comment

by:HTorres
ID: 18751423
second, the confirmations.php file

<?
// creates db connection
....

if ($userid=="" or $rs=="")
  {
    echo " please use the link provided in the mail sent to you ... ";
  } else {

    // queries
    $userid=urldecode($userid);
    $sql = "select * from users where username = '" . $userid . "' limit 1; " ;
    $result = mysql_query($sql, $dbh );
    $numrows = mysql_numrows($result);
   
    $row=mysql_fetch_assoc($result)
    if ( md5($row[randomsec])==$rs )
      {
        // saves it
        $sql = "update users set validated='1' where `username`='" . $userid . "' ; ";
        $result = mysql_query($sql, $dbh );
        echo "thank you, welcome... go here and there, and here it is al the extra blah blah blah";
      } else {
        echo " please use the link provided in the mail sent to you ... ";
      }
  }
?>
0
 
LVL 4

Expert Comment

by:HTorres
ID: 18751493
you can get rid of the line
 $numrows = mysql_numrows($result);
in the confirmations.php file.

no need of that.

hope this helps you.

this can be easily override by using a 2prong account.

the nicest way to confirm registration is one i saw.  They charge you $0.01 and in your account statement they provide a number.  since noone can fake an account statement, its 100% sure, the only disadvantage is that this last procedure takes about 2~4 days.
0
 
LVL 4

Expert Comment

by:HTorres
ID: 18751532
works even better if you use something like this in your form

<tr>
<td align=right> eMail </td>
<td> <input type=text name=email1>@<input type=text name=email2> </td>
</tr>
and a confirmation field
<tr>
<td align=right> confirm </td>
<td> <input type=text name=email1a>@<input type=text name=email2a> </td>
</tr>
and confirmation code before your insert secuence

if ($email1!=$email1a or $email2!=$email2a or $email1=="" or $email2=="" or $email1a=="" or $email2a=="" )
{
$reason=$reason . "<li> Please check your email";
}

0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question