Page 2 of 2

Posted: Wed Mar 03, 2004 8:20 pm
by Wee-Man
if i was to do it my way i would need to cloak the url, how can i do this so that the user does not have to put a real email and just go to that page nd validate.

Posted: Wed Mar 03, 2004 8:20 pm
by Wee-Man
<span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> too many questions, sorry.

Posted: Wed Mar 03, 2004 8:22 pm
by Illusionist
ya that'd work.

Posted: Wed Mar 03, 2004 8:22 pm
by tim
both methods discussed will work...

which one can u code n know what your doing is the true question.

Posted: Wed Mar 03, 2004 8:23 pm
by Wee-Man
and any idea how to cloak a url so that the user cannot reuse the url instead of folowing the email, i didnt understand how to randomize a url.

Posted: Wed Mar 03, 2004 10:32 pm
by infolock
save it to a database, check the urls as they come to the page, if the url is the same as one that's in the database, remove the record. then, if they come back with the same url, tell them to go away.

of course you'd have to generate some sort of random character string, but there are functions to do that for ya ;)

Posted: Thu Mar 04, 2004 2:23 am
by Wee-Man
ok heres what im going to do,

when they sign up have in the database:
username,email,password,
then invisible to the user there will be reg,verify

then they get emailed there "verify" number which is randomized and sent to the database and to the via email and on the opage is a bow wich they put the varify number in, once its entered the php / sql looks up that number and when they hit ok it changes reg from'0' to '1' os they are registered.

will this work?

Posted: Thu Mar 04, 2004 3:13 am
by JayBird
i would NOT do it like that, gives the user more to do than necessary (trust me, these web surfers are lazy sod).

Do it like this

User signs up giving email, username and password

Insert this in DB along with a random code

Send the user an email with a link something like http://www.yoursite.com/verify.php?emai ... j23hk23k34

Now, when the user clicks that link, verify.php takes the email, user and code from the url and tests them against the DB.

If there is a row in the DB that contains all three pieces of information, user is verified, otherwise decline verification.

There is no need to cloak anything.

Mark

Posted: Thu Mar 04, 2004 3:53 am
by Wee-Man
buti dont have a clue how to do that....


i have worked on the idea i came up with and have got this

Code: Select all

<?php
include("dogs.inc");	//The database connect script
?>

<html>
<head>
<title>Verifcation</title>
</head>
</body>

<?php

	$sql ="SELECT id FROM user WHERE id= '".$_POST['id']."'"; 
	$sql ="SELECT verify FROM user WHERE verify='".$_POST['verify']."'";
if ($_POST['verify'] = 1)
{
$insert = "INSERT INTO users(
		verify,)VALUES(0)"
or die("You are already verified");
}

?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Verify:</td><td>
<input type="text" name="<?php echo @$id ?>" maxlength="40">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Verify">
</td></tr>
</table>
</form>
the rest is in the register where it ads the user id etc[quote][/quote]

Posted: Thu Mar 04, 2004 4:04 am
by Wee-Man
i cant seem to find a decent verify script either to work of :(

Posted: Thu Mar 04, 2004 4:41 am
by JayBird
just give it a try and see what you come up with, you can only do it wrong, and when you do, come back here and we will help (again)

one not, combine your queries

Instead of...

Code: Select all

$sql ="SELECT id FROM user WHERE id= '".$_POST['id']."'"; 
   $sql ="SELECT verify FROM user WHERE verify='".$_POST['verify']."'";
do this

Code: Select all

$sql ="SELECT id, verify FROM user WHERE id= '".$_POST['id']."' AND verify='".$_POST['verify']."'";
The way you are going to be doing it, by the user clicking a link, you will actually need to use $_GET instead of $_POST.

Mark

Posted: Thu Mar 04, 2004 5:41 am
by Wee-Man
ok, and will what i have done above work?

Posted: Thu Mar 04, 2004 5:45 am
by JayBird
the code you show above is incomplete i.e. you haven't executed the queries or anything...but you already knew that :roll:

Mark

Posted: Thu Mar 04, 2004 6:05 am
by Wee-Man
yeah, on my register file, i get a syntax error, i need serious help putting the mail() and then the verfiy page sorted out. im just brain blocked on this one.