I'm developing a website with using struts2 and hibernate as back end. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? i needsome example to do this....
Asked
Active
Viewed 2,417 times
0
-
This is too broad a question for SO. Basically, you have a form submitted to your server-side code, generate a unique token for the registration, create a record with a "pending" flag or similar in your database (including the token), then you send an email (perhaps via the Java Mail API) containing the token to the email address. You show a page where they can supply the token. They follow a link or copy-and-paste the token into a page and send that in along with their login information. The fact they supplied the token and their login info tells you they got the email and it's them. – T.J. Crowder Jun 14 '12 at 07:50
-
this has nothing to do with struts2 – Ashish Gupta Jun 14 '12 at 07:53
4 Answers
2
I have never messed around with struts, but basically what you could do would be to send an email with a link which directs to a specific page. When a user signs up to your website you could save, amongst other things, the email address of the user, the time stamp of the registration and also a key (could be the hash of the email and password, for instance).
You then construct the link and include the email and key in the query string. Once that the user clicks the link, in your page you make a check to see that the user is still within some time frame (optional) and that the email given matches the given key (which you have stored in the database).
If the email and key match, then activate the account.
npinti
- 51,780
- 5
- 72
- 96
-
I'd suggest to use random keys. At least use a secret ingredient (-> salt) in the hashes, otherwise an attacker who knows how you calculate the keys can calculate the keys, too, and won't need to be able to receive the email. Other than that, this is how email checks are usually done. – user1252434 Jun 14 '12 at 08:00
-
@user1252434: I agree with your solution. I just wanted to provide some basic, trivial example which could get the OP started in the right direction. – npinti Jun 14 '12 at 08:04
-
thanks npinti for ur suggestion. i just now completed sending URL to mail. but i don't have any idea, how to encrypt and decrypt the URL. can u help me – Ashok.N Jun 16 '12 at 11:29
-
@Ashok.N: That is why you need to generated key (be it from a hashed value or some secure key, which would be recommended). The key will provide you with a manner to identify the email since it is highly unlikely that someone else, besides yourself will know what the key and email pair are. This will eliminate the need for encrypting/decrypting the URL. – npinti Jun 18 '12 at 05:05
1
This is broad question but I am answering based on verification
1. You need a signup page with form example /signup.jsp
2. After basic fields and email validation, generate a code xyzcode for this email,
3. Send email to user email, using a mail server with a link to your link validation page like
/validate.jsp?code=xyzcode (mail server setup and sending email is beyond the scope of the answer)
4. On validate.jsp check code and validate any email with this code otherwise give respective error message.
maaz
- 4,371
- 2
- 30
- 48
-
and better you generate a random token, so you do not need to encrypt the token. – maaz Jun 16 '12 at 11:54
0
There are multiple approaches but I am suggesting one which will be easy and as per standard..
In user table add extra column as Status [which can take two values either inactive or Active]
create one more table(emailauthentication) where columns will be (key,emaiId)..
Now what u have to do is after user click submit with registration data...gnerate a dynamic key..could be timestamp+emailId(or anything dynamic and unique) and create record in user table with status as inactive and create record in emailauthentication table with this generated key and emaiId..now after record is created generate a URL which could be like
<a href="doAuthenticationForUser?authenticationId='dynamicKey'"/>Click to authenticate</a>
Now when user clicks this URL then in the action class or Service for this authenticationId find the emailId and make the column status as active..
Rajesh
- 2,934
- 8
- 42
- 71
0
It is true it is quite big to answer the question.
I knew one link which has the best answer given by BalusC
Here is link:better answer.
I have implemented in my project. I hope this link will help others.
Thanks for reading.
Community
- 1
- 1
Aniket Kulkarni
- 12,825
- 9
- 67
- 90