Valhalla Legends Forums Archive | Web Development | How should I make my email verification?

AuthorMessageTime
warz
I'm creating one of those scripts that verify your email address before youre account becomes active when registering, by sending an email to the address you specify.

I'm thinking though - when a user tries to register, what I will do is basically create their account but flag it "unactivated". Ill also store an entry in a different sql table with an 'id' value representing their account, and a 'code' value. Ill send these values in an email to the supplied email (in URL format, much like most other scripts like this do).

For the user to activate, they much properly access my php script and supply their 'id' value with their correct 'code' value. Then, I will flag their account 'activated', delete their table entry in the 'waiting to be activated' table and their account will be fully registered.

What should I base the 'code' value off of, though? I was thinking, since only 1 email may be registered with the same name, I could make the code value the first 10 digits of the MD5 result of their email address. Something similar to...

if($suppliedcode == substr(md5($emailaddress), 0, 10)) then activate!

What do yall think?
June 19, 2006, 5:26 PM
kamakazie
It should be random, otherwise people can create accounts with fake email addresses if they figure out your scheme.
June 19, 2006, 7:02 PM
rabbit
I did something else.  The file is a class, which is a loaded as a module by a sytem I wrote for my senior project.  It works well, but there's some requirements in there (like some of my other classes), though they shouldn't be hard to replace. Take a look:

http://www.liquid-server.org/register.phps

If you want the full site source, talk to me.

[edit]
This will maybe help:
http://www.liquid-server.org/register.form.tpl.phps
June 19, 2006, 9:53 PM
warz
Meh, it's difficult for me to look at other peoples code sometimes - and your code is just confusing to me. I think it's a little more than what I'm needing to do but I appreciate the willingness to share. I managed to get my method running and I think it'll work out fine.
June 20, 2006, 12:27 AM
rabbit
O well.  The MIME headers for the email are down near the bottom, if you need them.
June 20, 2006, 1:16 PM
Quarantine
[me=Warrior]smiles inside[/me]
June 20, 2006, 2:38 PM
rabbit
Glad I could make you happy, Warrior.
June 20, 2006, 5:18 PM
St0rm.iD
Rabbit, that code is downright silly.
June 22, 2006, 8:32 PM
rabbit
Hey, it works and I like it.
June 22, 2006, 10:20 PM
St0rm.iD
Good point. Still silly.
June 24, 2006, 4:01 AM
Quarantine
[quote author=Banana fanna fo fanna link=topic=15197.msg154832#msg154832 date=1151121681]
Good point. Still silly.
[/quote]

[me=Warrior]frowns at BananaFFF[/me]

Actually lol I think it was based off my original module system somewhat but rabbit-ified. I thought  it was a good idea for a CMS I was developing at the time. Of course now instead of creating an interface for modules to communicate with I pass them a reference to the core and have allowable functions monitored on a by-caller basis in PHP.  I think most of this is a result of me overcomplicating everything when I was a novice PHP coder.
June 24, 2006, 2:14 PM
rabbit
It is based (loosely!) off of DTCMS's module system, and yes, I did modify it heavily.  I didn't have a lot of time to write everything, so I went with a basic system I know and had and implementation for.  If you STILL think its silly, go read littlegamers to find out what silly really is.  Good day.
June 24, 2006, 4:16 PM
St0rm.iD
Silly because it's over-engineered. However, "it works well for me" is ALWAYS a certainly reasonable reason for taking a given choice of action.
June 25, 2006, 5:23 AM
rabbit
Yes.  It is overengineered.  But it's also alone.  Looking at the whole site makes it less overengineered looking (though I suppose it all still is).
June 25, 2006, 11:52 AM
warz
i just use php's emailing functions. it's basic, and simple.
June 25, 2006, 7:36 PM
PaiD
Warz: Why is your site forbidden?
June 27, 2006, 4:56 AM
JoeTheOdd
God's gift to the world!
[code]function generateRandomString($length) {
$values = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G",
"H", "I", "J", "K", "L", "M", "N", "O","P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y",
"Z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0");
$random_string = "";
for($i=0; $i < $length; $i++) {
$random_string .= $values[mt_rand(0,61)];
}
return $random_string;
}[/code]

When creating the code, just call generateRandomString(32). The easiest way to do this would be to store it in the database until they try to activate, because any way that you could create the same string twice without storing it could be guessed and cracked.
July 2, 2006, 4:20 PM
Kp
It'd be shorter to write[code]@values = ("a" .. "z", "A" .. "Z", "0" .. "9");[/code]
July 2, 2006, 7:29 PM
rabbit
PHP doesn't have that functionality, but close.  Use the range() function.
July 2, 2006, 8:45 PM
warz
[quote author=Savior link=topic=15197.msg155001#msg155001 date=1151384207]
Warz: Why is your site forbidden?
[/quote]

Sorry, it's currently at www.rafm.org/en/ - i didnt want people messing with it while it was being constructed. It's got a little bit of functionality now, but it's still missing the main purpose. Currently you can register, login and create a group, join a group and view group information.
July 5, 2006, 1:35 PM

Search