My website already has an advanced user login / registration system (). However, I want to send an email to new users to verify my email address. If they have not clicked on the link, they will not be able to access their account. I am with semi-experience PHP and MySQL, so please explain in depth.
Edit: I am using the verify.php for file with GET (for example, verify.php? D = 51773199320 ))
$ secret = $ _GET ['d']; $ Result = mysql_query ("Valid from selected users where hidden = $ secret"); While ($ line = mysql_fetch_array ($ result)) {$ valid = $ line ['legal']; } If ($ valid == "") {resonance "is a problem with verification code.
} Otherwise ($ Valid == "1") {Resonance "Your account is already verified.
"; } Else {mysql_query ("Please update user valid = '1' where secret = $ secret"); Echo "Thank you, your account is now verified and you are free to use exclusive features!
Lt; br & gt; "; } Is it safe?
The easiest way is to register unverified users at all.
Ask them for an email address and send an email with a link that has closed this address with a hash. After receiving this link, you can start the registration process.
Something like this
$ secret = "35onoi2 = -7 #% g03kl"; $ Email = urlencode ($ _ POST ['email']); $ Hash = MD5 ($ _ POST ['email']. $ Secret); $ Link = "http://example.com/register.php?email=$email&hash=$hash"; Add 2 hidden fields to the registration form in your and your register.php - Emails and hashes, cache their received values from GET.
Finally, process registration and investigation,
if (MD5 ($ _ POST ['email']. $ Secret) == $ _POST ['hash' ]) {// Continue registration. }
Comments
Post a Comment