Jump to content

Verification code


alivec

Recommended Posts

well im useing

<?
function createRandomPassword() {



    $chars = "abcdefghijkmnopqrstuvwxyz0123456789";

    srand((double)microtime()*100000);

    $i = 0;

    $pass = '' ;



    while ($i <= 7) {

        $num = rand() % 33;

        $tmp = substr($chars, $num, 1);

        $pass = $pass . $tmp;

        $i++;

    }

to create a random code.. i am planning on using this on my website for the verification code in the register.. but now that i have made this i cannot figure out how to verify that the code this generates is the code the user enters into the text box. thank you.

 

if i posted this in the wrong forum im sorry i wasn't sure where to post this question.

Link to comment
Share on other sites

In your users table I would add two columns:

date_activated

activation_code

 

When someone registers, you will want to add all their info into your users table, but leave date_activated null and populate activation_code with the code you send in the email. On your site, when you authenticate someone, make sure you filter out anything where date_activated is NULL.

 

Then, when someone activates, you query for that username & activation_code. If they match, remove the activation code and add NOW() to date_activated.

 

That is my recommended solution. Does it make sense?

Link to comment
Share on other sites

Verification codes don't have to do with PHP sessions. Those are for after a user has logged in.

 

Do you have anything set up yet? Registration Form, Login Form, MySQL Tables, authentication script, etc? I can help you fill in the gaps, but unfortunately don't have the time to help you from scratch.

Link to comment
Share on other sites

So create a table in your database that has two columns - one holds the image name, and the other holds the verification code. When someone types in the code, check it against the image name in the database. If they match, the person entered the right code. If they don't match, they didn't.

 

I don't know if this is the way this is usually done, but its a way you can do it.

Link to comment
Share on other sites

Sorry, I misunderstood the initial problem. I thought you were using one of those things that requires someone to input the distorted text in an image in order to proceed.

 

If its a code like that, store the info in your database. When the person enters that info, check it against the database.

Link to comment
Share on other sites

Step 1) Add info to USERS table. When the person fills out the registration form, I assume the script it submits to adds the users info to the USERS table, generates the code, and then sends them an email with it. There are some small changes you will need to make. Alter your USERS table so there is a new nullable column called activation_code. The SQL should look something like:

ALTER TABLE users ADD activation_code VARCHAR(16) NULL;

I made the field 16 characters in case you decide to make the verification longer in the future. Now, move the part where you generate the verification code to before mysql INSERT command. Store it in a variable, then use that variable to add it to the activation_code column in your INSERT. Then, use the same variable when sending the email later on in the script.

 

Still with me? Now the new user should have all their info in our table, including the verification code, and an email should have been sent to them with the same verification code.

 

Step 2) Verification Page. Now create a new page (or add it below the login form if you want) for a user to enter their email (I assume you are using email as your username) and the verification code you provided in the email. When they submit the code, search the table for the username and matching code. If you find it, update that record by setting the activation_code field to NULL with a mysql UPDATE command. The code for that will look something like:

<?php
  //Assuming you are connected to the DB
  $email = mysql_real_escape_string(trim($_POST['email'])); //Escape invalid characters
  $code = mysql_real_escape_string(trim($_POST['code'])); //Escape invalid characters
  if(!strlen($email) || !strlen($code))
    die("Email or code not entered");
  $result = mysql_query("UPDATE `users` SET `activation_code` = NULL WHERE `email` = '{$email}' AND `activation_code` = '{$code}' LIMIT 1")
    or die("Query Error: ".mysql_error());
  if(!mysql_affected_rows($result))
    die("Username not found");
  print "Username activated";
?>

 

Now, your user registration process is complete. One last step though:

 

Step 3) Filter out users. Since users can be in the USERS table, but not be activated, we have to make sure we filter them out. So, in your login script, add a WHERE `activation_code` IS NULL to your query when looking up the user. This will make sure those with codes still won't be part of the results.

 

Does that explain it well for you?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.