How to add email verification to my PHP register script

StackOverflow https://stackoverflow.com/questions/18033063

  •  23-06-2022
  •  | 
  •  

Question

I have recently made a login and register script which works fine but I want it to more secure from spammers and I was wondering if anyone know how to make an email verification system.

How could I make this script add email verification to it. I hope this made sense

    <?php 
    require("php/bp-connection.php"); 

    if(!empty($_POST)) 
    { 
        if(empty($_POST['username'])) 
        { 
            die("Please enter a username."); 
        } 

        if(empty($_POST['password'])) 
        { 
            die("Please enter a password."); 
        } 

        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { 
            die("Invalid E-Mail Address"); 
        } 

        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                username = :username 
        "; 

        $query_params = array( 
            ':username' => $_POST['username'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            die("Failed to run query: " . $ex->getMessage()); 
        } 

        $row = $stmt->fetch(); 

        if($row) 
        { 
            die("This username is already in use"); 
        } 

        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 

        $query_params = array( 
            ':email' => $_POST['email'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            die("Failed to run query: " . $ex->getMessage()); 
        } 

        $row = $stmt->fetch(); 

        if($row) 
        { 
            die("This email address is already registered"); 
        } 

        $query = " 
            INSERT INTO users ( 
                username, 
                password, 
                salt, 
                email 
            ) VALUES ( 
                :username, 
                :password, 
                :salt, 
                :email 
            ) 
        "; 

        $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 

        $password = hash('sha256', $_POST['password'] . $salt); 

        for($round = 0; $round < 65536; $round++) 
        { 
            $password = hash('sha256', $password . $salt); 
        } 

        $query_params = array( 
            ':username' => $_POST['username'], 
            ':password' => $password, 
            ':salt' => $salt, 
            ':email' => $_POST['email'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 

            die("Failed to run query: " . $ex->getMessage()); 
        } 

        header("Location: login.php"); 

        die("Redirecting to login.php"); 
    } 

?> 
<html lang="en">
<head>
    <title>Register | BinaryPaw</title>

    <link rel="shortcut icon" href="favicon.ico" type="icon" />
    <link rel="stylesheet" href="css/bp-grid.css" type="text/css" />
    <link rel="stylesheet" href="css/bp-styles.css" type="text/css" />
</head>

<body>
<?php
    include 'php/bp-siteBar.php';
?>

<div class="container">
    <?php
        include 'php/bp-sideBar.php';
    ?>

    <div class="span4">
        <h1>User Registration</h1>
    <form action="register.php" method="post"> 
        <div class="space1">
            <label>Username</label> 
        </div>

        <div class="space2">
            <input type="text" name="username" class="username" value="" /> 
        </div>

        <div class="space1">
            <label>Email</label> 
        </div>

        <div class="space2">
            <input type="text" name="email" class="email" value="" /> 
        </div>

        <div class="space1">
            <label>Password</label> 
        </div>

        <div class="space2">
            <input type="password" name="password" class="password" value="" /> 
        </div>

        <div class="space3">
            <input type="submit" class="submit" value="Register" />
        </div>
    </form>
    </div>

    <div class="space3"></div>

    <div class="span10" id="footer">
        <h6>Created by Mathew Berry &copy2013 </h6>
    </div>
</div>
</body>
Was it helpful?

Solution

its simple send a code to user email address and create a page to verify the code and if code verify then register the user

if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');

$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();

$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);

echo "An Activation Code Is Sent To You Check You Emails";
}

to verify the code

if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
    while($row=mysql_fetch_array($select))
    {
        $email=$row['email'];
        $password=$row['password'];
    }
    $insert_user=mysql_query("insert into verified_user values('','$email','$password')");
    $delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}

OTHER TIPS

its simple send a code to user email address and create a page to verify the code and if code verify then register the user

if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');

$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();

$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);

echo "An Activation Code Is Sent To You Check You Emails";
}

to verify the code

if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
    while($row=mysql_fetch_array($select))
    {
        $email=$row['email'];
        $password=$row['password'];
    }
    $insert_user=mysql_query("insert into verified_user values('','$email','$password')");
    $delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}

complete tutorial here http://talkerscode.com/webtricks/account-verification-system-through-email-using-php.php

You can add captcha to prevent from spammer on your form. It is more secure than anything else.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top