Verification Code

[Ads]

I am having some Troubles with Account Verification, it works and all i just can't figure out a good way to check if they User has Verified there account (Through use of Email). I have tried some ways But all come up either Buggy or Just Don't work. So yeah if someone could give me an Example or show me how to make a good one That would be nice..

 

I am Check just make the User stats into an Array, and then Check the array, if the verfy colum =='None' Then they have Verifed anything else means theyb havent yet

[timmy0320]

Make a column "verified" as INT (1). then when they go to login, if it = 0 they havent verified yet, etc. Have the activation email update the database to set the verified as 1

 

Of course when they register, it will be default added in as 0 because they haven't verified.

[haku]

I will tell you how I do it. I dont know if its the right way, but its A way, and it works:

 

When the user is registered, a random 50 character alphanumeric code is generated, then that code is encrypted and stored in the database with their account info in a column called "verification".

 

At the same time, the system sends them an email with a link to a confirmation page, with the original non-encrypted 50 character alphanumeric code tacked on to the end of the URL as a $_GET variable (ex: http://www.your-site.com/confirm.php?code=asdfasdfasdfasdfasdfasdf).

 

Then when the person clicks the links, it takes them to confirm.php. In confirm.php, I grab the 'code' variable from the URL, then I encrypt it, and check it against the database to see if the same code exists in the database. If it does, that code is deleted, and the verification column is set to NULL.

 

When a person tries to log in, I check to see if the verification column is set to NULL. If it is, then they are allowed in. If it isn't, then they aren't allowed in.

[Ads]

I will tell you how I do it. I dont know if its the right way, but its A way, and it works:

 

When the user is registered, a random 50 character alphanumeric code is generated, then that code is encrypted and stored in the database with their account info in a column called "verification".

 

At the same time, the system sends them an email with a link to a confirmation page, with the original non-encrypted 50 character alphanumeric code tacked on to the end of the URL as a $_GET variable (ex: http://www.your-site.com/confirm.php?code=asdfasdfasdfasdfasdfasdf).

 

Then when the person clicks the links, it takes them to confirm.php. In confirm.php, I grab the 'code' variable from the URL, then I encrypt it, and check it against the database to see if the same code exists in the database. If it does, that code is deleted, and the verification column is set to NULL.

 

When a person tries to log in, I check to see if the verification column is set to NULL. If it is, then they are allowed in. If it isn't, then they aren't allowed in.

 

Could I have a look at Your login Script to see how You checked it.

[haku]

For security reasons I cant show you my script. Company policy. But basically, I do this:

 

$password = $_POST['password'];
$username = $_POST['username'];
$login_info = mysql_query("SELECT verification FROM users WHERE password='" . $password . "' AND username='" . $username . "' LIMIT 1") or die("mysql error: " . mysql_error());
if(mysql_num_rows($login_info) == 0)
{
    echo "Either your username or password is incorrect";
}
$verification = mysql_result($login_info, 0, 0);
if($verification == NULL)
{
    echo "You must register your account before you can sign in";
}

 

 

I just wrote this off my head and didn't test it, so there may be a syntax error or two in there. But its the basic general idea.

 

[Ads]

okay, sorry didn;t realise it was a Company Website :S

 

Okay so Just =='NULL'

 

Cool thanx man

[haku]

I believe (going off memory) that you leave the quotes off NULL. If you add quotes, it looks for a string that says NULL, but you want to check to see if the column is NULL. Subtle difference, but it will cause you endless headaches trying to find the problem if you get it wrong.

[Ads]

How do you set a colum to NULL?

[haku]

mysql_query("UPDATE table_name SET column_name=NULL");

 

(again, not tested, just going off memory. Google it if that doesnt work)

[Ads]

lol Cheers Mate