tlbaqua Posted October 3, 2015 Share Posted October 3, 2015 I have a database, and a auth code is created and assigned to that user and until the user activates theyre account they cannot use it. i have everything done except for verifying the user and changing the users active status from 0 to 1, 1 being activated.. screenshot of my database is attached, aswell as some other files... thankyou to the genius who helps me class.user.php dbconfig.php home.php index.php logout.php sign-up.php Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted October 3, 2015 Share Posted October 3, 2015 So what exactly is the problem? If you expect somebody to wade through your entire codebase and implement the feature for you, I don't think that will happen. By the way, you should consider hashing the activation codes instead of storing them as plaintext. While the codes are not as critical as, say, the passwords, it would still be annoying if some joker finds them out and activates all accounts at once. A very simple hash algorithm like SHA-256 is sufficient for the codes, since they're purely random. So upon registration, you generate a code, send the plaintext code to the user and store the SHA-256 hash of it in the database. Upon verification, you hash the user-provided token and check if this hash is present in your database. 1 Quote Link to comment Share on other sites More sharing options...
drose379 Posted October 15, 2015 Share Posted October 15, 2015 I can help go through your current code and get this crucial feature working for you, as well as check out your existing code and make sure it is secure. Please reply here if you are interested. Quote Link to comment Share on other sites More sharing options...
Zane Posted October 16, 2015 Share Posted October 16, 2015 Add another column to your database named auth_code or something. Create a single script that takes one GET parameter x. When the user finishes form submission, create a random auth_code, store it in the database table, send the code as a link to the aforementioned script which does something like this: if(isset($_GET['x']) { // Search the database for the auth_code // If it exists, then return the id of the user and set them to `active` } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.