...

View Full Version : Email Verification



Ricky158
03-23-2008, 09:27 AM
Hi. If I want to allow users to sign in on my website, they must first sign up, right? So when signing up, I want to ensure that the email address they provide is actually them on the other end. How can I set up a system that when the user enters an email address it will first ensure that it is real (check DNS) then if it is, send it an email asking the person to verify that they are the one who wants to register at my site? I google'd this and got something called "challenge/response" but I don't know if that's exactly what I want. Does anyone know what I'm looking for? How can it be implemented?

Thanks,

Ricky

_Aerospace_Eng_
03-24-2008, 08:56 PM
Kind of. What I do for my users is I generate a random string and store it in the database. Then the "Welcome" email has a link in it with the random string appended on the url. If the random string and the email address match they are verified.

oracleguy
03-24-2008, 11:46 PM
DNS lookups to verify that a domain exists don't work too well anymore. The reason for this is that a lot of ISPs are starting to do the thing where if you enter a non-existent domain, their DNS servers will just redirect you to their search page with ads on it.

However using the method Aero suggested is your best bet. You can also make the database entries have a timestamp too so that you could periodically remove non-activated accounts.

Ricky158
03-25-2008, 10:55 PM
So if I do this random string email, they are actually registered before they verify their email address? And how do you automatically send the email to them?

_Aerospace_Eng_
03-25-2008, 11:00 PM
You send them the email when they register successfully. Have a column in your database that specifies whether or not they are verified. If they are let them log in, if not then don't let them log in.

Ricky158
03-25-2008, 11:04 PM
Thanks, aerospace. So what would a typical user look like in the database? What columns would you attribute to each user?

_Aerospace_Eng_
03-25-2008, 11:12 PM
userid (auto increment), username (if you want), password, first name, last name, email address, verified (true or false), timestamp (to compare when they registered so you can remove them if they don't verify theirselves)

Be sure to hash the password. I don't know what language you are using. I recommend sha1() on php < 4 and hash() on php 5+ with salting.

Ricky158
03-31-2008, 04:30 AM
userid (auto increment), username (if you want), password, first name, last name, email address, verified (true or false), timestamp (to compare when they registered so you can remove them if they don't verify theirselves)

Be sure to hash the password. I don't know what language you are using. I recommend sha1() on php < 4 and hash() on php 5+ with salting.
What would be the lengths of the columns? I'm creating the table now and it's prompting me to enter a length.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum