Hi guys,
I am building a system and want to use email activation to start the users account. When a user registers i need to generate an email to the users email address with an activation link back to my web site, but I am not sure how to go about this. Any ideas please help.
Thank you
Email activation
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Email activation
Wrong forum. Anyways it's easy.
Generate a unique ID using time() and md5() or similar approach.
Create a record in a table similar to this:
keycode is the key generated above.
Send the email with a link in it similar to this:
http://www.mysite.com/validate_user.php ... _GOES_HERE
Now when that user receives the email they click on the link at which point the script checks the key and if it's valid, the user account is created or enabled.
You would also have an expiry date associated with each request, which is why the time field is needed. So before you validate the user account, you might check to ensure all expired records are deleted and disabled user accounts removed as well -- basic clean up.
Generate a unique ID using time() and md5() or similar approach.
Create a record in a table similar to this:
Code: Select all
pkid, userid, time, keycodeSend the email with a link in it similar to this:
http://www.mysite.com/validate_user.php ... _GOES_HERE
Now when that user receives the email they click on the link at which point the script checks the key and if it's valid, the user account is created or enabled.
You would also have an expiry date associated with each request, which is why the time field is needed. So before you validate the user account, you might check to ensure all expired records are deleted and disabled user accounts removed as well -- basic clean up.
Re: Email activation
Thanks alot Hockney.
you mentioned wrog forum, which forum should i go to, am new around here
Thanks again.
you mentioned wrog forum, which forum should i go to, am new around here
Thanks again.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Email activation
IMHO this was more a PHP code question or T & D maybe...then again...I have posted in the wrong forums on many communities where I have been a member longer than 99% of the other members...so even veterans fubar once in a while. 
Re: Email activation
Apparently it was the right forumHockey wrote:Wrong forum. Anyways it's easy.
Generate a unique ID using time() and md5() or similar approach.
Basing your random on time() (or similar) isn't secure at all. Everybody knows the time, and can bruteforce a 10 second interval with 10000 guesses. And let me guess that your activation code doesn't offer any bruteforce protection
Code: Select all
$better_token = md5(uniqid(mt_rand(), true));This will be better, but maybe still not good enough: it doesn't say where does it take its additional entropy from, so take it with a pinch of salt.
Re: Email activation
Thanks for the security heads up Mordred.
Will try out your technique.
If I may ask, whats the best way to perform an efficient and easy way of performing a full-text or fuzzy search of comments stored in a database using php.
Thanks again.
Will try out your technique.
If I may ask, whats the best way to perform an efficient and easy way of performing a full-text or fuzzy search of comments stored in a database using php.
Thanks again.