0
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<body>
<?php

require_once('database_detail.php');
if(isset($_POST['submit']))
{   
$dbc=mysqli_connect(cname,chost,cpwd,cdb);
$username=mysqli_real_escape_string($dbc,trim($_POST['username']));
$password=mysqli_real_escape_string($dbc,trim($_POST['password']));
$confirm=mysqli_real_escape_string($dbc,trim($_POST['confirm']));
$email=mysqli_real_escape_string($dbc,trim($_POST['email']));
$phone=mysqli_real_escape_string($dbc,trim($_POST['phone']));
    if(!empty($username) && !empty($password) && !empty($confirm) && !empty($email) &&        !empty($phone))
    {   
            if($password==$confirm)
            {
                $query="select * from user where      user_username='$username'";
                $data=mysqli_query($dbc,$query);
                if(mysqli_num_rows($data)== 0) 
                {
                    $random=rand(1000,10000);
                    $query="insert into     user(user_username,user_password,user_email,user_phone,date,random)".
                        "values('$username',SHA('$password'),'$email','$phone',now(),'$random')";
                    mysqli_query($dbc,$query);
                    $message="Account created successfully, kindly     visit the following link to activate your account"."\n"."localhost/login?    activation=".$random;
                    $to=$email;
                    $subject="Account Activation";
                        mail($to,$subject,$message,'From:'.'xyz@gmail.com');
                    echo 'Account created successfully. kindly visit     your email addres and activate your account.';
                exit();

                }
                else 
            {
                echo 'same username exists';
                $username="";
                }
            }
            else echo 'Enter the same password in both';
    }
    else echo 'Enter all the fields';
}
?> 

<fieldset>
<legend>signup</legend>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST" >
Username:<input type="text" id="username" name="username"  />
Password:<input type="password" name="password" id="password" />
Email<input type="text" name="email" id="email" />
Contact number<input type="text" name="phone" id="phone" />
Confirm Password:<input type="password" name="confirm" id="confirm" />
</fieldset>
<input type="submit" name="submit" value="Sign up" />
</form>
</body>
</html>

So this is for mailing the user who signs up with a unique username password with an activation mail. now i generate a random number, i store that particular random number in the database of the user and also there's a activation field in database which is either 0 or 1 ( for not activated or activated). now when the user logs in , we check for the activtion field, if it is ok then we continue, else we check the $_GET[activation] field of the url, if it matches with the random number stored in the database then continue else return activation error. now is this how we do it or there's some other way. Also how do i delete the accounts that havent been activated after a certain period.

Kraken
  • 23,393
  • 37
  • 102
  • 162

2 Answers2

2

I would not create the activation key with rand(). It is possible that 2 persons get the same number.

So I always use SHA1() with the username and the current time.

For the automatic deletion of inactivated accounts:

You could create a cronjob that automatically checks the difference between the registration time and the current time.

ComFreek
  • 29,044
  • 18
  • 104
  • 156
  • SHA1() does what?? and also what does cronjob do , as in how do i implement it? – Kraken Jul 20 '11 at 17:58
  • SHA1() creates a hash from a string, see http://php.net/manual/function.sha1.php. With a cronjob your script will automatically be called between a specifiy time period. Maybe your provider offers something like that, but there are many other free systems, too. – ComFreek Jul 20 '11 at 18:02
  • @user603003 i saved my password 'abc' first by SHA and then by SHA1 but still it saves the same thing in my database. i.e the same 40 digit value. – Kraken Jul 21 '11 at 06:48
  • Actually, SHA is only another (function) name for SHA1 in many programming languages. But SHA is only a generic term for SHA1, SHA2 and some more. – ComFreek Jul 21 '11 at 15:07
0

Check : How to Generate secure activation link

user603003 said right, cron , simple linux program used to perform schedule operation , i personally use it to delete session files . How to use cron 

    Here is the format of a cron job file:

[min] [hour] [day of month] [month] [day of week] [program to be run]

where each field is defined as
[min]   Minutes that program should be executed on. 0-59. Do not set as * or the program will be run once a minute.
[hour]  Hour that program should be executed on. 0-23. * for every hour.
[day of month]  Day of the month that process should be executed on. 1-31. * for every day.
[month] Month that program whould be executed on. 1-12 * for every month.
[day of week]   Day of the week. 0-6 where Sunday = 0, Monday = 1, ...., Saturday = 6. * for every day of the week.
[program]   Program to be executed. Include full path information.

Here are some examples:

0,15,30,45 * * * * /usr/bin/foo

Will run /usr/bin/foo every 15 minutes on every hour, day-of-month, month, and day-of-week. In other words, it will run every 15 minutes for as long as the machine it running.
Community
  • 1
  • 1
Inactive
  • 71
  • 10