I don't know what to call this as I don't know what it is referenced by, I have a MySQl database up and running with a login system but as the members don't need to pay anything to join up I would like to put some sort of security in place so any kids or otherwise can't just join up and then abuse the service for a laugh. I have come across somewhere "although I can't remember where" users of a service need to wait until the application sends them an e-mail to which they must reply so therefor validating the e-mail address the member used to sign up with and on replying their membership is enabled, what I don't know is how to put something like this in place, OK I can get the application to send an e-mail on the user joining up but hoe do I get the application to actnolage the reply and enable the membership? or maybe just give me some idea of what this is called so I can do a search to get some information on it, it would be good if this was or could be done with php..
Thanks in advance.
E-mail login confirmation
Moderator: General Moderators
Note: These are merely ideas, I've written many of these type systems
Method no.1
User's signup at which time you send them a confirmation emails which will contain a link to validate their status. Create a row in MySQL called "status" set this to 0 by default and when the user clicks on your validation link it will change the status from 0 to 1, thus allowing them to use their password and enter your website with it.
Method no.2
User's signup and you automatically set their password to a random value that has been md5() encrypted at the same time you email them that password. They won't be able to login with out that password, user's that do receive the email obviously have a valid address and can always login and change their password to something else.
Method no.1
User's signup at which time you send them a confirmation emails which will contain a link to validate their status. Create a row in MySQL called "status" set this to 0 by default and when the user clicks on your validation link it will change the status from 0 to 1, thus allowing them to use their password and enter your website with it.
Method no.2
User's signup and you automatically set their password to a random value that has been md5() encrypted at the same time you email them that password. They won't be able to login with out that password, user's that do receive the email obviously have a valid address and can always login and change their password to something else.