How can I verify when a visitor registers on my website, that the email he/she has used is valid. I would like to email them a link which they can click to prove their membership, how can this be done?
Asked
Active
Viewed 406 times
0
-
you want to verify the email id or want to also check if the email id exist ? – Sourav Apr 07 '11 at 03:04
-
It depends largely on your hosting solution what the best answer is here, but you can start by looking at PHPMailer – therealsix Apr 07 '11 at 03:07
-
possible duplicate of [Easiest way for php email verification link.](http://stackoverflow.com/questions/3794959/easiest-way-for-php-email-verification-link) – Your Common Sense Apr 07 '11 at 06:53
5 Answers
5
At a high level, what you want to do is roughly the following:
- When a user registers, create a secret code that the user can't figure out himself
- This can be something that is randomly assigned like a random string
- This can also be something that you can calculate programmatically (but that the user can't) like an MD5 of the user's email address concatenated to a secret string; doing this could save you a database column since you wouldn't have to store it
- Save the secret code and send it to the user in the form of a link in an email
- Set up a listener at that link, and if the codes match, "activate the user"
As for how to do this step-by-step, tutorials abound.
Steven
- 17,796
- 13
- 66
- 118
2
Create a unique random number, and store it in a table alongside their user ID. Email them a message with a link to a page that accepts the random number as input. If they have the correct random number, then mark their account active.
squawknull
- 5,131
- 2
- 17
- 27
1
If you're using PHP 5.2 or greater, one option is the filter_var function...
if (filter_var('email@example.com', FILTER_VALIDATE_EMAIL) !== FALSE)
TaylorOtwell
- 7,177
- 7
- 32
- 42
-
-
I don't think he wants to just validate the format of the email. He wants to validate that the email is a real email address that belongs to the user. So, he wants to send a confirmation email with a link that the user must click on. If the user enters a bogus email, he cannot validate his account and log in. – squawknull Apr 07 '11 at 03:08
1
Going to go with the following approach.
User registers. Database is updated with their details and a flag added for active/not active. Email is sent to registered email address with link. Link goes to a page that can confirm the email address as valid and update the database.
No idea what environment your working in and making a few assumptions, this is roughly how you go about it.
I assume you are already persisting the user registration? You for the following will want to generate a hash of some kind and insert this along with the user/member details...
$hash = substr(md5(uniqid()), 0, 5);
Do you feel confident in constructing an email view and sending it with phpMailer or similar? If so, do so, with a link that when its hit, will grab the member_id and the member_hash and so something like the following... I used PDO here, again, so many ways to do what you want... whatever is best for you.
// PDO Instance
$pdo = $this->actionServer->getDataSource('PDO');
$findMember = $pdo->prepare('SELECT * FROM member WHERE member.member_id = :memberId AND member.member_hash = :memberHash AND hidden = 1');
$findMember->bindParam(':memberId', $memberId);
$findMember->bindParam(':memberHash', $memberHash);
$findMember->execute();
$findMemberResult = $findMember->fetch(PDO::FETCH_ASSOC);
if (empty($findMemberResult)) {
$this->log->error('Could not find member based on ID and Hash combination');
throw new HTTPException(404);
}
/**
* Could use a method like below to approve
*/
protected function approveMember($memberId, $pdo) {
$sql = 'UPDATE member SET member.hidden = 0 WHERE member.member_id = :memberId';
$updateMember = $pdo->prepare($sql);
$updateMember->bindParam(':memberId', $memberId);
$updateMember->execute();
}
Hopefully that helps!
Cheerio
Adrian
- 353
- 2
- 7
- 20
-2
I did something similar at one point in time, however I didn't have to validate that the user existed, I did need to validate the formatting and whether it was a real domain or not (scrub none@none.com). You can look at my functions and start there.
//Verify formatting
function verify_email($email){
if(!preg_match('/^[_A-z0-9-]+((\.|\+)[_A-z0-9-]+)*@[A-z0-9-]+(\.[A-z0-9-]+)*(\.[A-z]{2,4})$/',$email)){
return false;
} else {
return $email;
}
}
//Verify MX records exist
function verify_email_dns($email){
// This will split the email into its front
// and back (the domain) portions
list($name, $domain) = split('@',$email);
if(!(checkdnsrr($domain,'MX') || checkdnsrr($domain, 'A'))){
// No MX record found
return false;
} else {
// MX record found, return email
return true;
}
}
You may also check this stack question
-
1Also, the guys at none.com will be unhappy, that's an actual domain (even though people keep using it as if it weren't). Did you mean `example.com`? – Piskvor left the building Apr 07 '11 at 13:27
-
And what I said to @Sourav. At least you included .info and .mobi, but hey, ".travel doesn't exist (2001!), .museum doesn't exist (2001!), .рф doesn't exist (2010), la la la". – Piskvor left the building Apr 07 '11 at 13:37
-
1Please **please** don't do this. It's a terrible idea. Accept whatever the user enters as an email address, provided it contains an @ and a period, and validate by **sending them an email**. I'm so sick of over-zealous/broken email address validation. – user229044 Apr 07 '11 at 13:48
-
@downvoters This solution worked for me in my application, I suggested validating the domain as a place to start. I also provided a link to a similar SO question. – jon3laze Apr 07 '11 at 18:59