piliffe Posted August 11, 2006 Share Posted August 11, 2006 First off - thanks for having a PHP noob such as myself here. I am expecting to learn great things in the coming months.http://piliffe.contrasthost.com/notemateI've been working on this small project. I'm currently trying to implement a simple security measure.Basically on the protection page:http://piliffe.contrasthost.com/notemate/pages/protection.phpUsers need to be able to submit their email address to be "added" to the email protection database. Currently the email protection database is a flat file named emaildb.txt.I don't just want users to be able to add their email address by simply typing their address and pressing submit. I want an email sent to the address they supplied asking them to verify the email address by pressing a link within the email. When the link is pressed it takes them to a page on the NoteMate website and says the email address has been verified and automatically adds their email address to the flatfile.As simple as this may sound I can't seem to be able to be able to create a script capable of doing this.Also on the protection page is the same form for users to do the same as written above to remove their email from the email protection database. Simply supplying and verifying the email address will remove it from the flat file automatically.If anyone can please help me with this I will be so very appreciative.Thank you for your time. Quote Link to comment Share on other sites More sharing options...
logged_with_bugmenot Posted August 11, 2006 Share Posted August 11, 2006 If you're asking how an e-mail verification system should work, you might decide to do it like this:1. When a user enters and submits an e-mail address, generate a random ID and store that in your database with the e-mail address.2. Send an e-mail containing the link verify.php?email=xxxx&id=xxxx to the e-mail address entered.3. When the user clicks on this link, check to see if an e-mail address exists in your database with the ID that was provided.4. If such an e-mail address exists, clear the ID from the database and the e-mail address has been verified. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 11, 2006 Share Posted August 11, 2006 Ummmm... when you finalize the script you might wanna make sure you flat file is above the web root... http://piliffe.contrasthost.com/notemate/emaildb.txt lol Quote Link to comment Share on other sites More sharing options...
Chetan Posted August 11, 2006 Share Posted August 11, 2006 And it would be really difficult in Flat File databases, and they are not even secure.Use Mysql or such. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 11, 2006 Share Posted August 11, 2006 Maybe he doesnt have a mysql database? Lol if you do you should definatly use that... Faster and easier to read from... Quote Link to comment Share on other sites More sharing options...
logged_with_bugmenot Posted August 11, 2006 Share Posted August 11, 2006 Oops I didn't realize he was using a text file instead of a database. In that case you could make the format of the file:[code]409324 email@email.com 230443 email123@mail.com 320340 mail123@email33.com [/code]This file would have to be protected so no one can view it. Whenever someone submits an e-mail address, add a new line to this file. When they click the link in the e-mail, make it go through each line in the file to see if such an e-mail and ID exists.[code]<?php// verify.php$email = trim($_GET['email']);$id = trim($_GET['id']);$lines = @file('emaildb.txt');if($lines !== false){ // go through each line of the file foreach ($lines as $line_num => $line) { list($line_id,$line_email) = split(' ', $line); if($email == $line_email && $id == $line_id) // found e-mail and ID in this line { $fp = @fopen('emaildb.txt','r+'); if($fp !== false){ // remove the ID and space (example: '239484 ') from the file $contents = str_replace($line_id.' ','',fread($fp,filesize($fp)); // rewrite the file with the new contents if(@fwrite($fp,$contents) !== false){ @fclose($fp); $verified = true; } } } }}?>[/code]The above is a quick script I wrote which should help with part of the verification. So all the verified e-mails with exist in this file without a verification ID next to them. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.