Send activation email to user
https://stackoverflow.com/questions/2016710
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How would I do to check if a email actially exists? Cant understand how sites do to send mails with a unique link that the users clicks to validate that he is the owner of email =/
Make a 2 new columns called activationkey and activated and store some random string, send an email with the activationkey, and update the users activated =1 that match that activation link
register.php?a=activate&key=9cdfb439c7876e703e307864c9167a15
Any better ideas?
Solution
I generally send a link that contains the userid, and the activation key. When they visit my activation script, if I find a match, I activate them.
When they register, I'll generate maybe 32 chars of upper/lower case alphanumeric characters and set it as the activation key. At this point, you can create a field called 'activated,' or you can assume the user is not activated if they have an activation key.
uid | email | key ------------------------------------------------------------ 001 | j.smith@mysite.com | e09141f3f5a17fed6222fc0279b9afdf ------------------------------------------------------------ 002 | mary.tyler@abc.com | ------------------------------------------------------------
When the user accesses the activation script, simply check for the provided key along with the provided id and if a match is found, erase the key from the user record on file (or update your boolean 'activated' field) and open the doors up.
If the provided email address doesn't exist, no loss. You can routinely remove all rows with keys after a month of inactivity.
OTHER TIPS
One alternative to activation keys is to just send a generated password to the user email, if the user logs in he is activated (and of course, should be able to change the password to what he prefers).
There's no easy way to check if an email actually exists programatically. There are some ways (pinging the mailserver,etc) but none that are proven to work with every mailserver's setup. Forcing the user to activate their account via a link like you described is the best way to do it. Also, you may wish to have some kind of recurring script like a cron-job that removes un-activated members after a certain period of time (which would require another column in your table, timestamp).
This is useful because if a user signs up but never activates their account and deletes the email, and you are using their email as an id (just an example), they will never be able to complete the activation. Alternately, if they try to log in you can simply re-send the activation email to that address again.
Just make sure in the email you are specifying all the headers (reply-to, from, etc) so your email doesn't get flagged as spam.
