Jump to content

User must activate listing using activation link sent to email

Modernvox

By Modernvox
in PHP Coding Help

 Share

Recommended Posts

Modernvox Regular Member

Modernvox

Posted
Posted

Hi again Girlz & Boyz,

 

This is more of a question then problem. I've been reading about email verification and need more input from the experienced.

 

I would like to allow users to post a simple ad without having to create a membership/login. I want to allow them to create and submit the ad, but before it goes live I want to validate there email by just using a link (Like craigslist does)  I don't want to use the activation code route.

 

I have the simple form set up Title, Details and email fields.

 

What is the best way to go about such an endeavor? (That is after I confirm all fields are submitted correctly)

 

A link to a good tutorial would be great as well:-)

 

Thanks in advance.

Link to comment
Share on other sites
p2grace Newbie

p2grace

Posted
Posted

This is actually easier than it sounds.  Upon saving the record in your database, have a field called "hash" or something similar where you save an md5() of the current timestamp with some salt.  Then email the activation link to the user using the hash.

 

e.g. the link would be something like http://www.yoursite.com/activate/?h=23kjl4jlkdslkj23kl4jlksdflkjl2. 

 

You'd use the hash to lookup the record and mark it as a valid email.

 

If you have further questions, be specific to which part you need help with.  Are you familiar with writing emails in php?

Link to comment
Share on other sites
Modernvox Regular Member

Modernvox

Posted
  • Author
Posted

This is actually easier than it sounds.  Upon saving the record in your database, have a field called "hash" or something similar where you save an md5() of the current timestamp with some salt.  Then email the activation link to the user using the hash.

 

e.g. the link would be something like http://www.yoursite.com/activate/?h=23kjl4jlkdslkj23kl4jlksdflkjl2. 

 

You'd use the hash to lookup the record and mark it as a valid email.

 

If you have further questions, be specific to which part you need help with.  Are you familiar with writing emails in php?

 

WOW....MD5, Timestamp and Salt, sounds like futuristic fast food!  I don't understand either?

Thanks though, I will go read  buddski's recommendation :-\

Link to comment
Share on other sites
p2grace Newbie

p2grace

Posted
Posted

You can do this, I have never done it myself so I cannot give you accuracy results or anything but its a good read nonetheless

http://www.devshed.com/c/a/PHP/Email-Address-Verification-with-PHP/5/

 

Note that this method does not prove the user is using their own email address, just that an mx record for that email address does exist.  I can help walk you through an actual email verification (versus a validation) structure.

Link to comment
Share on other sites
p2grace Newbie

p2grace

Posted
Posted

1.) Add a hash field to your db table (varchar 30 default null)

1a.) If you don't already have a field that denotes the email has been verified, add that as well. (tinyint 1 default 0)

2.) In your submission logic, add the following

 

<?php
$hash = rand().md5(time());
// then add this hash to your insert query
?>

 

3.) Use a mailer function (I prefer pear but any php mail function works)  A very simple implementation is in the link below.

 

http://email.about.com/od/emailprogrammingtips/qt/How_to_Send_Email_from_a_PHP_Script.htm

 

In the body of the email send a link to a script on your website to verify the email address.  (e.g. http://www.yoursite.com/verify/?h=h2k3lsjhdfkjsdlfksjdlfdksjf) where the h= is the hash from step 2.

 

4.) Write a script at the same location as the url specified in the email that checks for the $_GET variable "h", checks to see if a record with that hash exists, and if it does mark the record is emailVerified = 1

 

Make sense?

Link to comment
Share on other sites
p2grace Newbie

p2grace

Posted
Posted

Because the only way the user can verify their email address is by clicking on the unique link from their email inbox.  The other way only validates the mx record exists, but it doesn't ensure the user is using their own email address.  The method I just outlined forces the user to go to their own email inbox and click the unique link, thereby proving the email address is theirs.

 

Link to comment
Share on other sites
Modernvox Regular Member

Modernvox

Posted
  • Author
Posted

Because the only way the user can verify their email address is by clicking on the unique link from their email inbox.  The other way only validates the mx record exists, but it doesn't ensure the user is using their own email address.  The method I just outlined forces the user to go to their own email inbox and click the unique link, thereby proving the email address is theirs.

 

Thank you P2grace, I will put some time in today attempting this.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.