Verification code

[alivec]

well im useing

<?
function createRandomPassword() {



    $chars = "abcdefghijkmnopqrstuvwxyz0123456789";

    srand((double)microtime()*100000);

    $i = 0;

    $pass = '' ;



    while ($i <= 7) {

        $num = rand() % 33;

        $tmp = substr($chars, $num, 1);

        $pass = $pass . $tmp;

        $i++;

    }

to create a random code.. i am planning on using this on my website for the verification code in the register.. but now that i have made this i cannot figure out how to verify that the code this generates is the code the user enters into the text box. thank you.

 

if i posted this in the wrong forum im sorry i wasn't sure where to post this question.

[rhodesa]

In your users table I would add two columns:

date_activated

activation_code

 

When someone registers, you will want to add all their info into your users table, but leave date_activated null and populate activation_code with the code you send in the email. On your site, when you authenticate someone, make sure you filter out anything where date_activated is NULL.

 

Then, when someone activates, you query for that username & activation_code. If they match, remove the activation code and add NOW() to date_activated.

 

That is my recommended solution. Does it make sense?

[alivec]

no i am really new to SQL i had help with it before but.. now i'm on my own and would like to continue and learn at the same time. so can you explain it in simpler terms?

[Guardian-Mage]

Yes this is the wrong forum. You should have posted in the PHP Help forum. Anyhow, you should use php sessions.

[rhodesa]

Verification codes don't have to do with PHP sessions. Those are for after a user has logged in.

 

Do you have anything set up yet? Registration Form, Login Form, MySQL Tables, authentication script, etc? I can help you fill in the gaps, but unfortunately don't have the time to help you from scratch.

[haku]

Ya, that session comment was a little random.

[alivec]

i have a login form, registration form and mySQL tables.

[haku]

So create a table in your database that has two columns - one holds the image name, and the other holds the verification code. When someone types in the code, check it against the image name in the database. If they match, the person entered the right code. If they don't match, they didn't.

 

I don't know if this is the way this is usually done, but its a way you can do it.

[alivec]

thats the thing thought its not an image.. the output is like this..  Your verification code is: cqaoyyj4 is there a way to check it still?

[haku]

Sorry, I misunderstood the initial problem. I thought you were using one of those things that requires someone to input the distorted text in an image in order to proceed.

 

If its a code like that, store the info in your database. When the person enters that info, check it against the database.

[rhodesa]

Step 1) Add info to USERS table. When the person fills out the registration form, I assume the script it submits to adds the users info to the USERS table, generates the code, and then sends them an email with it. There are some small changes you will need to make. Alter your USERS table so there is a new nullable column called activation_code. The SQL should look something like:

ALTER TABLE users ADD activation_code VARCHAR(16) NULL;

I made the field 16 characters in case you decide to make the verification longer in the future. Now, move the part where you generate the verification code to before mysql INSERT command. Store it in a variable, then use that variable to add it to the activation_code column in your INSERT. Then, use the same variable when sending the email later on in the script.

 

Still with me? Now the new user should have all their info in our table, including the verification code, and an email should have been sent to them with the same verification code.

 

Step 2) Verification Page. Now create a new page (or add it below the login form if you want) for a user to enter their email (I assume you are using email as your username) and the verification code you provided in the email. When they submit the code, search the table for the username and matching code. If you find it, update that record by setting the activation_code field to NULL with a mysql UPDATE command. The code for that will look something like:

<?php
  //Assuming you are connected to the DB
  $email = mysql_real_escape_string(trim($_POST['email'])); //Escape invalid characters
  $code = mysql_real_escape_string(trim($_POST['code'])); //Escape invalid characters
  if(!strlen($email) || !strlen($code))
    die("Email or code not entered");
  $result = mysql_query("UPDATE `users` SET `activation_code` = NULL WHERE `email` = '{$email}' AND `activation_code` = '{$code}' LIMIT 1")
    or die("Query Error: ".mysql_error());
  if(!mysql_affected_rows($result))
    die("Username not found");
  print "Username activated";
?>

 

Now, your user registration process is complete. One last step though:

 

Step 3) Filter out users. Since users can be in the USERS table, but not be activated, we have to make sure we filter them out. So, in your login script, add a WHERE `activation_code` IS NULL to your query when looking up the user. This will make sure those with codes still won't be part of the results.

 

Does that explain it well for you?