Button to send email

[SaranacLake]

I am creating a Registration form and want to have a command button in the middle of the form that, when clicked, will send the user an email with an activation code.

How can I do that?

When the user clicks the button, I would like it to fire off an email, however I do not want the user to be taken off of the form or to lose anything the entered.

I suppose you would normally do this with JavaScript, but since I don't know that, I am looking for a PHP solution for now.

Thanks.

[kicken]

If you don't want the page changed, you have to use both javascript and PHP.

PHP has to send the email from the server.

Javascript needs to make a request to the server so it knows when to send the email.

Your button would trigger a javascript function that makes a request to the server using AJAX.  You would pass whatever information the server needs to send the email (ie, their email address).

If your using jQuery, this is relatively simple using jQuery.post().  If your using a different library search for it's ajax functions.  If you're not using a library, I suggest you do. If you're stubborn and don't want to use a library, look up XMLHttpRequest.

 

If you don't mind a reload so long as the info is preserved, the post your form data to a PHP script that will send the email.  Have that script then output the same form will all the fields pre-filled using the data from the $_POST variables.

[ginerjm]

You state that you don't want to lose anything or leave the form.  How important is it that this email needs to be sent right now??  Have you done any data validation (of the form's data fields) prior to sending off the email?  How do you know that what you are (perhaps) sending in that mail is valid/correct?  

You can easily return the user to the same screen and its form contents by simply saving the values in php vars that are then place into the html code of the form using simple php code.  That way your php script can check the inputs, verify they are correct and then send the email OR return all of the data to the user to be corrected.  Check the "value=" attribute of an html 'input' tag.

[SaranacLake]

11 hours ago, kicken said:

If you don't want the page changed, you have to use both javascript and PHP.

PHP has to send the email from the server.

Javascript needs to make a request to the server so it knows when to send the email.

Your button would trigger a javascript function that makes a request to the server using AJAX.  You would pass whatever information the server needs to send the email (ie, their email address).

If your using jQuery, this is relatively simple using jQuery.post().  If your using a different library search for it's ajax functions.  If you're not using a library, I suggest you do. If you're stubborn and don't want to use a library, look up XMLHttpRequest.

 

If you don't mind a reload so long as the info is preserved, the post your form data to a PHP script that will send the email.  Have that script then output the same form will all the fields pre-filled using the data from the $_POST variables.

I want to learn JavaScript, but what you described would take too long for right now.

So if I go the PHP route, you are saying I would have to submit the form to fire off an email and then reload the same form, right?

Pseudo-code like this maybe...

	if ($_POST['submit']=="Send Security Code"){
	   // Send email here
	   callPHPMailer( );
	   exit();
	}
	

 

Then I could use "sticky" fields to retain most of the data the user entered right?

 

[SaranacLake]

4 hours ago, ginerjm said:

You state that you don't want to lose anything or leave the form.  How important is it that this email needs to be sent right now??  Have you done any data validation (of the form's data fields) prior to sending off the email?  How do you know that what you are (perhaps) sending in that mail is valid/correct?  

You can easily return the user to the same screen and its form contents by simply saving the values in php vars that are then place into the html code of the form using simple php code.  That way your php script can check the inputs, verify they are correct and then send the email OR return all of the data to the user to be corrected.  Check the "value=" attribute of an html 'input' tag.

This is a combination Registration and Payment form.

The user is creating an account AND paying for an online subscription all at once.  (I've done lots of research on this, and all of the experts say that if you can do all of this on ONE page versus the old-fashioned way of multiple screens then you will have much better conversion rates!)

So on this form, the user enters Name, Username, Email - then I want to take that email and make sure it works so I have a "Send code to my email" button - and then after that comes Password and so on, although they should have entered anything in those fields yet.  So I guess the reason I was unsure if reloading the form was avoidable is so I didn't lose the initial fields.

Since I don't know JavaScript yet, I do form validation when the form is submitted using PHP.  If it fails, I reload the form.

So I guess that would be the "catch" in this approach is that I wouldn't have validated the email field yet, although I guess I could validate that field when the form is submitted with partial data.

On a side note, how important/beneficial do you think it is to send an email trying to verify if the email is valid and accessible?

Is that "old-school" or does it have any value in what I am doing?

Since I use email to communicate with customers/users, I want to make sure I have a valid email on file.  Then again, I buy stuff online all of the time and a lot of ecommerce sites just trust you that you gave them a valid email to send a receipt to.

So what do you think about all of that?

 

[cyberRobot]

For new accounts, I would personally collect all the information up front. Ask them to create their email and/or username, password, etc. The same page could also ask them to supply the payment information. Once the registration process is complete, you could run the process for validating the email.

If it's really important for your website for that email to be valid, you could prevent the person from accessing the content that's hidden behind the login until the email validation process is complete. Alternatively, you could grant them access, but just have a note across the page saying their email address hasn't been validated. Then explain why validating the email address is important.

Edited August 23, 2019 by cyberRobot
minor re-wording

[Barand]

The process you described aboved only verifies to the user that they entered the email correctly. It does nothing to verify it from your point of view. Until they respond to your email to verify receipt within a prescribed timeframe, you have no idea whether the email was valid or not.

[cyberRobot]

1 hour ago, Barand said:

Until they respond to your email to verify receipt within a prescribed timeframe, you have no idea whether the email was valid or not.

The OP mentioned there would be an activation code in the email. I'm guessing there will be a form on the website that asks for the code to verify the email is indeed valid.

[SaranacLake]

2 hours ago, cyberRobot said:

For new accounts, I would personally collect all the information up front. Ask them to create their email and/or username, password, etc. The same page could also ask them to supply the payment information. Once the registration process is complete, you could run the process for validating the email.

If it's really important for your website for that email to be valid, you could prevent the person from accessing the content that's hidden behind the login until the email validation process is complete. Alternatively, you could grant them access, but just have a note across the page saying their email address hasn't been validated. Then explain why validating the email address is important.

That is what I have...  When a new customer decides to subscribe, I now have a one-page registration and check-out page where they enter Username, Email, Password, Sign TOS, Name, Address, Tele #, and Credit Card Details.

The point of my OP is that after the Name, Username, and Email, I want them to click on a button label "Send Security Code to my email", the click a button, it fires off an email with an activation link to the email they entered just a second ago, they then paste that code in the form, and continue filling out things like Password, Billing Address, CC Details.

I would just assume know from my end that the email is valid *before* I give them an account, but I want to avoid this being a multiple page registration process like websites did in the past and even how this website does it today.

 

 

[SaranacLake]

1 hour ago, Barand said:

The process you described aboved only verifies to the user that they entered the email correctly. It does nothing to verify it from your point of view. Until they respond to your email to verify receipt within a prescribed timeframe, you have no idea whether the email was valid or not.

Correct. 

But when they click the "Send a security code to my email" and then presumably go check their email address and copy & paste the security code into the field directly beow the button they just clicked, then I will know that their email address is valid.

 

[SaranacLake]

Here is a crude mockup...

	Complete your subscription in a few easy steps...
	Step 1: Confirm items
	<< shopping cart details here >>>
	 
	Step 2: Enter Account Details
	Name: ____________
	Username: _________
	Email Address: _____________
	<< Send a "Security Code" to my email >>     <===== user would click here
	Security Code: ____________  (**Paste the code from the email you just received)
	Password: ___________
	Confirm Password: _____________
	 
	Step 3: Sign Member TOS
	__link to Member TOS____
	Type "I agree with the Member TOS": __________________
	 
	Step 4: Make Payment
	Cardholder: _________
	Credit card #: ____________
	and so on...
	 
	

 

 

[ginerjm]

I don't know what sources told you that combining two distinct activities into one form is the "best" way to do it.   IMHO - register your people first.  Get them to respond to an email in order to confirm everything is accurate.  THEN let them begin the payment process/ordering steps, whatever.  Doesn't make sense that someone tells you otherwise.

[SaranacLake]

4 hours ago, ginerjm said:

I don't know what sources told you that combining two distinct activities into one form is the "best" way to do it.   IMHO - register your people first.  Get them to respond to an email in order to confirm everything is accurate.  THEN let them begin the payment process/ordering steps, whatever.  Doesn't make sense that someone tells you otherwise.

I'm just going off of what all of the UI/UX experts says is the best way to lessen "cart adandonment".

I've read tons of articles and research studies so I trust that these people know more than me.  Besides, what their research shows makes sense.

Either way, will the approach we have been talking above work?

[cyberRobot]

On 8/23/2019 at 4:02 PM, SaranacLake said:

That is what I have...  When a new customer decides to subscribe, I now have a one-page registration and check-out page where they enter Username, Email, Password, Sign TOS, Name, Address, Tele #, and Credit Card Details.

The point of my OP is that after the Name, Username, and Email, I want them to click on a button label "Send Security Code to my email", the click a button, it fires off an email with an activation link to the email they entered just a second ago, they then paste that code in the form, and continue filling out things like Password, Billing Address, CC Details.

Does your website monitor the number of abandoned carts and the number of completed purchases? If not, that would be something worth looking into so it's easier to tell whether fixes like the one you are describing actually improve the number of completed purchases.

For what it's worth, adding email verification in the middle of the order process seems like it would lead to the cart being abandoned more often. Visitors may not want to provide their actual email address. They may just want temporary access to your content. Be aware that forcing someone to verify their email doesn't necessarily mean you will receive valid email addresses. It's very easy to create a new email address, get the code from the message sent from your website, and abandon the new email address. I've done this myself several times in the past. Of course, I haven't done this with an account that required a credit card. I'm guessing it's not too difficult to get a temporary card for that step too.  Or they may just decide your content isn't worth providing an email that you might use for marketing purposes...or sell to spammers. This is also a decision I've made with many content providers.

For some visitors, they may not feel like they have the time to go through the extra step to verify the email. Perhaps they don't remember their email password and they're not at the computer with all their password sticky notes.

Now if you collect the money up front and give them access to the website content, everyone gets what they really need. You can always remind them to verify their email later. I'm not really sure why the email verification process is that critical. The only time I can think of where that would be important is if you were auto-billing people. However, it seems like that should be a separate from where people opt into being charged to be re-subscribed in the future. That would be the form where you want to make sure the email is verified. That way you can send reminders in advance before charging the card down the road.

[SaranacLake]

On 8/26/2019 at 9:04 AM, cyberRobot said:

Does your website monitor the number of abandoned carts and the number of completed purchases? If not, that would be something worth looking into so it's easier to tell whether fixes like the one you are describing actually improve the number of completed purchases.

Well, as mentioned above, the plan on checkout was to immediately ask for an email and then have a button labeled "Send security code to my email" and when/IF they click on that button, then I send an email with the security code PLUS I create a record in the database, so at that point I could track the cart abandonment.  Of course, if they don't make it past that first field and clicking on that button, then I don't have a way to track cart abandonment unless I used JavaScript which is the whole reason I am trying to do things like described above!  😁

 

 

On 8/26/2019 at 9:04 AM, cyberRobot said:

For what it's worth, adding email verification in the middle of the order process seems like it would lead to the cart being abandoned more often. Visitors may not want to provide their actual email address. They may just want temporary access to your content. Be aware that forcing someone to verify their email doesn't necessarily mean you will receive valid email addresses. It's very easy to create a new email address, get the code from the message sent from your website, and abandon the new email address. I've done this myself several times in the past. Of course, I haven't done this with an account that required a credit card. I'm guessing it's not too difficult to get a temporary card for that step too.  Or they may just decide your content isn't worth providing an email that you might use for marketing purposes...or sell to spammers. This is also a decision I've made with many content providers.

Valid points, however, if you are joining a paid membership site to get access to premium content and you have to pay with a credit card and you don't trust the website owner, then you've got issues?!

I think most people expect to have to give out a valid email address during an ecommerce transaction.  I just want to be doubly sure their email address is valid and not phat-fingered because that is how they log in and how I sending billing details, receipts, password resets, and so on.

Even this website requires a valid email except that it requires that you validate the email in more steps that the experts say it should take.  So I'm not trying to do anything that isn't being done here.

 

On 8/26/2019 at 9:04 AM, cyberRobot said:

For some visitors, they may not feel like they have the time to go through the extra step to verify the email. Perhaps they don't remember their email password and they're not at the computer with all their password sticky notes.

The idea is that you enter your email, click a button check your email, copy&paste the code and you can proceed checking out.  (In theory that would take an extra 30-60 seconds.)

It might be a pain, but it is for everyone's benefit.

 

 

On 8/26/2019 at 9:04 AM, cyberRobot said:

Now if you collect the money up front and give them access to the website content, everyone gets what they really need. You can always remind them to verify their email later. I'm not really sure why the email verification process is that critical. The only time I can think of where that would be important is if you were auto-billing people. However, it seems like that should be a separate from where people opt into being charged to be re-subscribed in the future. That would be the form where you want to make sure the email is verified. That way you can send reminders in advance before charging the card down the road.

If you phat-fingered your email, you wouldn't get admin emails and I wouldn't know and you wouldn't know that any time soon.

Then we'd have to figure that out, and I'd have to go in and update your database record.  PLUS, if you contacted me after the fact, how could I be entirely sure that you are the customer and not a hacker trying to hijack the customer's account?  There is a security factor in requiring email verification and payment all in one shot.

 

[cyberRobot]

Just to clarify, I have no objections to what you are trying to accomplish. Having a valid email address can lessen the headaches involved with managing someone's account.

My overall point was that the sign-up process should be as simple as possible, if your goal is to avoid cart abandonment. The priority is to collect the money you need to keep the website running and for the customer to have access to the content they want. Requiring email validation is a secondary goal in my opinion. I also think the customer should have the option to opt out of the email validation process, at their own risk.

I personally would have the customer complete the sign-up form and payment details. Once that's done, the system would run the email verification process. Until the person verifies the email, the website could display a message whenever they log in about their email not being verified. Then it's up to the customer to do their part. As a bonus, all of this can be done without JavaScript.

[SaranacLake]

4 hours ago, cyberRobot said:

Just to clarify, I have no objections to what you are trying to accomplish. Having a valid email address can lessen the headaches involved with managing someone's account.

That's good

 

4 hours ago, cyberRobot said:

My overall point was that the sign-up process should be as simple as possible, if your goal is to avoid cart abandonment. The priority is to collect the money you need to keep the website running and for the customer to have access to the content they want. Requiring email validation is a secondary goal in my opinion. I also think the customer should have the option to opt out of the email validation process, at their own risk.

I personally would have the customer complete the sign-up form and payment details. Once that's done, the system would run the email verification process. Until the person verifies the email, the website could display a message whenever they log in about their email not being verified. Then it's up to the customer to do their part. As a bonus, all of this can be done without JavaScript.

 

I understand your concern, but felt my solution was pretty unobtrusive.

Let me explain again to make sure you follow me...

 

Use-case

**************

- User chooses a subscription plan (one click)

- System presents checkout page

- The very first field asks for the user's email address.

- Below that is a button labeled "Send 'security code' to my email"

- System sends user an email with the code

- System creates a record in database including the user's email

- User checks e-mail

- User pastes the 'security code' into the second field on the form

- User completes remaining fields (e.g. credit card #, billing address, etc)

- User clicks "Submit order"

 

That above process is no different from any other checkout process online - and probably a lot shorter than most - other than I do ask the user to take two additional steps...

1.) Click a button

2.) Past a code from your email into the form

 

Do you really think anyone would protest to something so simple?

 

I understand that I could take their money and then later on ask them to validate their email before they log in, but in my humble opinion the above process is easier on everyone, but you can of course disagree!  🙂

 

 

 

 

[kicken]

9 hours ago, SaranacLake said:

Do you really think anyone would protest to something so simple?

I would, possibly.  Depends a lot on what your trying to sell and how badly I need it.  I've left quite a few sites that I otherwise might have given money too simply because they required me to create an account.

IMO, the best sites are the ones that let you just "get your shit and get out", with an option to create an account later if you so desire.  Most of the time I'm just trying to get one thing and have no intention of ever coming back to said site, so making an account is an extra step that provides zero value.  If I do end up back at the site a second or third them then I may go ahead and setup an account.

Another downside to requiring even email verification is that email isn't always nearly instant.  I've had multiple times where a site sends me an email either for verification, password reset, whatever and ten minutes later I'm still waiting for it.  Somewhere either on there end or at one of their providers the email got delayed.  If I'm trying to go through your process and that verification email is lost/delayed any longer then about a minute, there's a high probability I won't bother finishing the process.

Unless an accurate email/account is vital to the operation of your site, it's best to avoid such things if possible, leaving it to the user to decide if they want it's worth it to them to set that stuff up.

 

All that said, if you feel such a task is necessary for your site  or what to do it anyway, implementing the actual verification isn't all that hard.  As I mentioned above, the best way would be to use some Javascript to trigger the email when they click the button.  Using jQuery, such a script might look something like:

Email: <input type="email" name="email" id="email">
<button type="button" id="sendVerification">
 Send verification code
</button>
Enter code: <input type="text" name="verification">

$('#sendVerification').click(function(){
    var email = $('#email').val();
    $.post('sendVerification.php', {email: email}).then(function(){
        alert('Email sent');
    });
});

Your sendVerification.php script would then generate the random code and send the email.  Store the code in $_SESSION and when the user submits the form you can check the code they entered against the code that was sent.

 

 

[cyberRobot]

18 hours ago, SaranacLake said:

Do you really think anyone would protest to something so simple?

Yes, people are notoriously impatient creatures. I had someone honk at me the other day because I made a complete stop at a stop sign. Making a complete stop probably only takes 5 seconds. I don't know how many times I've heard of people complaining about how long it takes for a stop light to turn green (probably 120 seconds on average). I may have complained myself once...or more times. I know I definitely have a problem with watching advertisements before YouTube videos, which can usually be skipped after about 5 seconds. Many times I'll decide the video isn't worth the wait. Especially when the ad isn't skippable.

As for online accounts, kicken's summary describes my feelings well. The only thing I would add / stress is there are products that I wanted and services that I wanted to use, but I really don't want to deal with anymore passwords or accounts. So I really need to want something (or kind of want several somethings) before I'm able to convince myself to create another account.

With that said, feel free to proceed however you like. I'm not here to say you can't do something. 😊

[SaranacLake]

10 hours ago, kicken said:

I would, possibly.  Depends a lot on what your trying to sell and how badly I need it.  I've left quite a few sites that I otherwise might have given money too simply because they required me to create an account.

IMO, the best sites are the ones that let you just "get your shit and get out", with an option to create an account later if you so desire.  Most of the time I'm just trying to get one thing and have no intention of ever coming back to said site, so making an account is an extra step that provides zero value.  If I do end up back at the site a second or third them then I may go ahead and setup an account.

I agree with you, but you didn't read what I am trying to do...  😉

IF I was selling physical products, I agree 100% that having a "Guest Checkout" - requiring no account sign up - is crucial.

BUT, to be clear, I am selling a *subscription* to my websites and the premium content which you can only get with a paid membership.

The easiest way to understand is to think of an online newspaper/magazine like Fortune or the Wall Street Journal.

Companies like this may offer some free content so people can get comfortable with what they have to offer, but especially with the WSJ in modern times, unless you get a paid subscription, you basically cannot access any of their online newspaper.

That being said...

If you are buying a subscription to an online newspaper/magazine, then it follows that you'd need an account, right?

All I'm making people do is help me to verify - one time - that I have your valid, working email address when you create your account, because if you give a bigus email or phat-finger your email address, then it create a real PITA for me afterwards, PLUS then *I* would be suspicious if I had a paid account and some random person is emailing me saying, "I am the real Kicken, so please give me access to Kicken's account and account details."

See the issue?

 

 

10 hours ago, kicken said:

Another downside to requiring even email verification is that email isn't always nearly instant.  I've had multiple times where a site sends me an email either for verification, password reset, whatever and ten minutes later I'm still waiting for it.  Somewhere either on there end or at one of their providers the email got delayed.  If I'm trying to go through your process and that verification email is lost/delayed any longer then about a minute, there's a high probability I won't bother finishing the process.

Okay, that is a valid argument.

 

10 hours ago, kicken said:

Unless an accurate email/account is vital to the operation of your site, it's best to avoid such things if possible, leaving it to the user to decide if they want it's worth it to them to set that stuff up.

As described above, a user must have an account to access premium content via their paid subscription.

And since I am dealing with an account and money, obviously a valid email is also important.  (You can't set up an AppleID or buy things off of Apple app store without a valid email and credit card on file, right?)

 

10 hours ago, kicken said:

All that said, if you feel such a task is necessary for your site  or what to do it anyway, implementing the actual verification isn't all that hard.  As I mentioned above, the best way would be to use some Javascript to trigger the email when they click the button.  Using jQuery, such a script might look something like:

Email: <input type="email" name="email" id="email">
<button type="button" id="sendVerification">
 Send verification code
</button>
Enter code: <input type="text" name="verification">

$('#sendVerification').click(function(){
    var email = $('#email').val();
    $.post('sendVerification.php', {email: email}).then(function(){
        alert('Email sent');
    });
});

Your sendVerification.php script would then generate the random code and send the email.  Store the code in $_SESSION and when the user submits the form you can check the code they entered against the code that was sent.

 

Thanks for the code.

However, since I don't know JavaScript and would like to better learn it before using it, I was hoping to do the same thing using PHP...

I outlined the flow above in my last post, but to be clear...

The user would choose a subscription plan by clicking on a "Select" (or "Checkout") button and checkout.php would load with a form just displaying this...

	Checkout Page
	Username: ________________
	Email Address: _______________
	<<Send "Security Code" to my email>>  (button) 
	

 

When they click that button, I would...

- Save the Username and Email to the $_SESSION

- Generate a Security Code

- INSERT the Username, Email, and Security Code into the Member table

- Email the Security Code

- Reload Checkout.php displaying the prepopulated Username and Email fields, PLUS all of the other fields (e.g. Password, Credit Card details, etc.)

 

When the user clicks "Process Order", I would...

- Run an UPDATE query to store the hashed password, user's name, billing address, telephone # into the Member record.

- The credit card details would be sent to the payment process.

- The order processed.

- A confirmation page displays and confirmation email sent.

 

So by my calculations, I could do everything I need using just PHP - although for v2.0 using JavaScript would be more efficient.

Follow me?

 

[SaranacLake]

1 hour ago, cyberRobot said:

As for online accounts, kicken's summary describes my feelings well. The only thing I would add / stress is there are products that I wanted and services that I wanted to use, but I really don't want to deal with anymore passwords or accounts. So I really need to want something (or kind of want several somethings) before I'm able to convince myself to create another account.

With that said, feel free to proceed however you like. I'm not here to say you can't do something. 😊

I agree when I am buying a product.

But if someone is buying *access* to a website, then people must understand that requires an account - and thus registration - plus it sorta follows that the company needs to make sure it has a valid email and payment details.

I could validate the email address after I take payment, but it just seems easier to do things all at once.  (I personally find it more annoying when I go though some process only to find out that there are still MORE forms to fill out?!) 🙄

If you want to buy music or apps from Apple, you *must* have a valid email and payment details before they give you access.  And before I could post on PHPFreaks, I had to validate my email address - thank God it is free here!

My website will have LOTS of *free* content, but like many sites with exclusive news and articles and with expert advice and analysis, if you want access to THAT information, then you will need to create an account, validate your email address, and pay $40 for a one-year subscription to my website.

If you aren't ready to pay, then surf the free content of my site with no account required.

I am hoping that is a very *reasonable* business proposition...  🙂

 

[cyberRobot]

1 hour ago, SaranacLake said:

And before I could post on PHPFreaks, I had to validate my email address - thank God it is free here!

Do you? I honestly don't remember. I've been a PHPFreaks member for quite a while. So I don't really remember the process. I'm also guessing that process has changed.

 

On 9/3/2019 at 6:53 PM, SaranacLake said:

I just want to be doubly sure their email address is valid and not phat-fingered

For what it's worth, most websites I visit that require an email address during the account creation process just have two email address fields. The form then compares the two fields to make sure they match.

I honesty don't think I've seen too many websites sending verification codes for users to copy / paste into the website. The verification code process mostly seems to be used before someone can reset their password on a website or with multi-factor authentication.

 

1 hour ago, SaranacLake said:

So by my calculations, I could do everything I need using just PHP - although for v2.0 using JavaScript 

Yes, there is a way to do that without JavaScript. You would just need to send the request back to the server. Basically, the customer would fill in their username, email address, and I would add the password field in the first form. Clicking the send my security code button would send the information back to the server using a normal POST request. The server would then display a second form where it asks for the security code that was sent to their email. The second form could also ask for the payment information. The second form sends the information back to the server. The server then displays the confirmation page.

Edited September 5, 2019 by cyberRobot
formatting

[SaranacLake]

3 hours ago, cyberRobot said:

Do you? I honestly don't remember. I've been a PHPFreaks member for quite a while. So I don't really remember the process. I'm also guessing that process has changed.

Well, PHPFreaks doesn't make you paste a code, but when you create an account you do receive an activation email where you have to click on a link to activate your account before you can log in.

 

3 hours ago, cyberRobot said:

For what it's worth, most websites I visit that require an email address during the account creation process just have two email address fields. The form then compares the two fields to make sure they match.

Understood, except that doesn't help for people like me who type their email in the first field, do ctrl+A, then ctrl+C, then ctrl+V in the second field, ensuring that I have two *wrong* emails!!  😋

 

 

3 hours ago, cyberRobot said:

I honesty don't think I've seen too many websites sending verification codes for users to copy / paste into the website. The verification code process mostly seems to be used before someone can reset their password on a website or with multi-factor authentication.

Doing what I described above would help me as the website operator.

If I implement it as described, is it that big of a deal to people buying a subscription?

 

 

3 hours ago, cyberRobot said:

Yes, there is a way to do that without JavaScript. You would just need to send the request back to the server. Basically, the customer would fill in their username, email address, and I would add the password field in the first form. Clicking the send my security code button would send the information back to the server using a normal POST request. The server would then display a second form where it asks for the security code that was sent to their email. The second form could also ask for the payment information. The second form sends the information back to the server. The server then displays the confirmation page.

Right.

 

[cyberRobot]

3 hours ago, SaranacLake said:

If I implement it as described, is it that big of a deal to people buying a subscription?

That all depends on the person. Some will be fine, some won't, others will we be somewhere in between. To be honest, you'll never make everyone happy. The best you can do is try something and see how things go. If you're not getting the results you want, you can always adjust. Depending on how big your audience is and how much time you have for testing, you could develop 2 separate options of the sign-up process. One would require the users to validate the email address. The other would skip the validation. You could then use A/B testing to see which option results in more website signups. More information about A/B testing can be found here:
https://en.wikipedia.org/wiki/A/B_testing

[kicken]

3 hours ago, SaranacLake said:

If I implement it as described, is it that big of a deal to people buying a subscription?

If your goal is ease of use for the end user to maximize sales, then you could reduce the friction some while still gaining most of the benefits.

As was mentioned before, don't make the verification required to process the transaction, but rather do it after the fact.  There's really no need for the user to enter a code, most places just send a link with a unique code in the URL.  User clicks the link and the email is verified.   Show the user a notice on login that their email needs to be verified still, and possibly lock out their account until verification is complete after some time.

If it were me, I'd probably have a process such as:

1. User selects a subscription type
2. Gather account & payment information
3. Create account, send verification email
4. Let the user access what they paid for.
5. After 3-7 days, restrict the account if the email is still unverified. 

That works around potential email delays and gets the user to their content the quickest.  You could do the double email field as an additional measure to try and catch people fat-fingering their email.  In most cases though the user will probably enter it correctly, get the verification email, and click the link on their own time without issue.

If the user does fat-finger their email (intentially enter an invalid one) they will get their content for a while, but then have to correct the problem.  Allow a user to change their email if their account is restricted due to no verification.  Depending on the level of security you want, maybe require the password as well to re-start the verification process.

A third option to minimize end-user friction would be to let them use something like google, facebook or twitter to login instead of creating an account.  A lot of people prefer that these days as it's one less account/password to have to remember.  I know I personally am far more likely to hit the 'Login with Google' button than I am the 'Create an account' button.