Page 1 of 1
Email activation
Posted: Mon Jul 21, 2008 1:37 pm
by lynchpin
Hi guys,
I am building a system and want to use email activation to start the users account. When a user registers i need to generate an email to the users email address with an activation link back to my web site, but I am not sure how to go about this. Any ideas please help.
Thank you
Re: Email activation
Posted: Mon Jul 21, 2008 1:56 pm
by alex.barylski
Wrong forum. Anyways it's easy.
Generate a unique ID using time() and md5() or similar approach.
Create a record in a table similar to this:
keycode is the key generated above.
Send the email with a link in it similar to this:
http://www.mysite.com/validate_user.php ... _GOES_HERE
Now when that user receives the email they click on the link at which point the script checks the key and if it's valid, the user account is created or enabled.
You would also have an expiry date associated with each request, which is why the time field is needed. So before you validate the user account, you might check to ensure all expired records are deleted and disabled user accounts removed as well -- basic clean up.
Re: Email activation
Posted: Mon Jul 21, 2008 2:53 pm
by lynchpin
Thanks alot Hockney.
you mentioned wrog forum, which forum should i go to, am new around here
Thanks again.
Re: Email activation
Posted: Mon Jul 21, 2008 6:40 pm
by alex.barylski
IMHO this was more a PHP code question or T & D maybe...then again...I have posted in the wrong forums on many communities where I have been a member longer than 99% of the other members...so even veterans fubar once in a while.

Re: Email activation
Posted: Tue Jul 22, 2008 3:27 am
by Mordred
Hockey wrote:Wrong forum. Anyways it's easy.
Generate a unique ID using time() and md5() or similar approach.
Apparently it was the right forum

Basing your random on time() (or similar) isn't secure at all. Everybody knows the time, and can bruteforce a 10 second interval with 10000 guesses. And let me guess that your activation code doesn't offer any bruteforce protection
Code: Select all
$better_token = md5(uniqid(mt_rand(), true));
(modified example from the docs --> mt_rand() instead of rand())
This will be better, but
maybe still not good enough: it doesn't say where does it take its additional entropy from, so take it with a pinch of salt.
Re: Email activation
Posted: Tue Jul 22, 2008 5:53 am
by lynchpin
Thanks for the security heads up Mordred.
Will try out your technique.
If I may ask, whats the best way to perform an efficient and easy way of performing a full-text or fuzzy search of comments stored in a database using php.
Thanks again.