alapimba Posted February 8, 2008 Share Posted February 8, 2008 Hello, i have a form so people can register to receive a newsletter. But i want to make it better and after people register i want an e-mail to be sent to the email used to registered and then the person confirm it clicking on a link. Basicly like all forums do. I just don't know how to generate the page that the link will point to. I assume that lets say people will enter name, email and age. then after people click register that date will be add to my db and i'll send a mail asking to click the link x. so far i know how to do that. but then that link x needs to have some data like blabla.com/confirm.php?mail=alalala@hotmail.com, right? And on the confirm page it will have some code that update the field with the e-mail alalala@hotmail.com and activate it. I'm just lost on which code should be writen on the confirm.php page and how this should be done more saftly because this way some smart guy know that if he write "blabla.com/confirm.php?mail=the email he wants to register" on his browser it will activate without problem Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 8, 2008 Share Posted February 8, 2008 Use MySQL when a user register they add a row to the table that has EmailID Email Registration_Key Activated Set the activated to = 0 and the registration_key to some random 16-32 key string Then send an email with a link to mysite.com/activate.php?email=EMAILENTERED&Key=KEYGENERATED Then on activate a simple query <?php $q = "Update `emails` set activated='1' where key = '$_GET['key']' and Email = '$_get['email']"; $r = mysql_query($q) or die(mysql_error()); if(mysql_num_rows($r) >0){ #They are activated/where activated } else{ #The key/email combo is invalid } ?> Very crude but simple Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 8, 2008 Share Posted February 8, 2008 As for the last part of your question, the security measure so it isn't just joe@gmail.com in the url, run a md5 on their email and use that as the activation url. When someone goes to confirm.php and mail isset then you will change the row in the db that to activated. Quick example: if (isset($_GET['mail'])) { $result = mysql_query("UPDATE users SET confirmation='true' WHERE email=('".md5($_POST['mail'])."')") or DIE(mysql_error()); echo "thanks for confirming your account"; } Something like that.. edit: after seeing above post, you won't need the registration_key as long as you're doing the md5. It's basically doing the same thing, they just don't really know what you're checking against. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 8, 2008 Share Posted February 8, 2008 MD5 isn't any more secure since the algrothim ins't salted and public. Use a random key generator Quote Link to comment Share on other sites More sharing options...
alapimba Posted February 12, 2008 Author Share Posted February 12, 2008 and if that random key... repeats the number for any reason? ??? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 12, 2008 Share Posted February 12, 2008 duplicate keys are irrelavent as there are two pieces of data you will never have an issue because you have many userids but each userid only needs 1 activation code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.