[SOLVED] Creating an email validation script for confirming registration email addresses

[twilightnights]

I want to do what the title says.  Create a validation page to verify that a user provided a user address, and then activate the account when they open the email.  Pretty much how any phpbb2 forum is set up.

 

I don't really enjoy copying from scripts, so I have a few questions.

 

1) How do you send an email from a php page? 

 

2) How would I create a (hashed?) value so people couldn't crack the validation thingie without going to the email?  I've seen this md5 thing used for passwords, will that work? How exactly does it work?

 

3) How would I keep track of what emails were sent to decipher the hash or whatever?  Not sure how it works.

[Orio]

Do you know any php...?

 

1) Using the mail() function....

2+3) Create a random hash, store it in the database. Add another column to your table called "activated" set to 0 when someone registers. Send the link to the email passing the hash via url (GET) and then check if there's a user with that hash that his status is 0, and if so change it to 1. Let only people with "activated" set to 1 to log in.

 

Orio.

[twilightnights]

So is the hash something I have to store long time with the user?  Is it something randomly generated?

 

Yes, I know how to query database, if statements, etc. in php but I don't know a lot of the functions.

[Orio]

You can create the hash this way for an example ($password is the user's pass):

$hash = md5(sha1($password).time());

Store it in the database (each user will have one), and then send a link to the email address. Something like this: www.yourdomain.com/activation.php?hash=$hash

Then update the database- Set "activated" to 1 if there's an column that "activated" is set zero and the hash provided is the activation code.

 

Orio.

[twilightnights]

Ok, thank you.