E-mail login confirmation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mikebr
Forum Contributor
Posts: 243
Joined: Sat Sep 28, 2002 7:05 am

E-mail login confirmation

Post by mikebr »

I don't know what to call this as I don't know what it is referenced by, I have a MySQl database up and running with a login system but as the members don't need to pay anything to join up I would like to put some sort of security in place so any kids or otherwise can't just join up and then abuse the service for a laugh. I have come across somewhere "although I can't remember where" users of a service need to wait until the application sends them an e-mail to which they must reply so therefor validating the e-mail address the member used to sign up with and on replying their membership is enabled, what I don't know is how to put something like this in place, OK I can get the application to send an e-mail on the user joining up but hoe do I get the application to actnolage the reply and enable the membership? or maybe just give me some idea of what this is called so I can do a search to get some information on it, it would be good if this was or could be done with php..

Thanks in advance.
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Note: These are merely ideas, I've written many of these type systems

Method no.1
User's signup at which time you send them a confirmation emails which will contain a link to validate their status. Create a row in MySQL called "status" set this to 0 by default and when the user clicks on your validation link it will change the status from 0 to 1, thus allowing them to use their password and enter your website with it.

Method no.2
User's signup and you automatically set their password to a random value that has been md5() encrypted at the same time you email them that password. They won't be able to login with out that password, user's that do receive the email obviously have a valid address and can always login and change their password to something else.
Post Reply