Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Aug 2002
    Location
    New York
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Question Email Verification

    Hi. If I want to allow users to sign in on my website, they must first sign up, right? So when signing up, I want to ensure that the email address they provide is actually them on the other end. How can I set up a system that when the user enters an email address it will first ensure that it is real (check DNS) then if it is, send it an email asking the person to verify that they are the one who wants to register at my site? I google'd this and got something called "challenge/response" but I don't know if that's exactly what I want. Does anyone know what I'm looking for? How can it be implemented?

    Thanks,

    Ricky

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Kind of. What I do for my users is I generate a random string and store it in the database. Then the "Welcome" email has a link in it with the random string appended on the url. If the random string and the email address match they are verified.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    DNS lookups to verify that a domain exists don't work too well anymore. The reason for this is that a lot of ISPs are starting to do the thing where if you enter a non-existent domain, their DNS servers will just redirect you to their search page with ads on it.

    However using the method Aero suggested is your best bet. You can also make the database entries have a timestamp too so that you could periodically remove non-activated accounts.
    OracleGuy

  • #4
    Regular Coder
    Join Date
    Aug 2002
    Location
    New York
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    So if I do this random string email, they are actually registered before they verify their email address? And how do you automatically send the email to them?

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You send them the email when they register successfully. Have a column in your database that specifies whether or not they are verified. If they are let them log in, if not then don't let them log in.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #6
    Regular Coder
    Join Date
    Aug 2002
    Location
    New York
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Thanks, aerospace. So what would a typical user look like in the database? What columns would you attribute to each user?

  • #7
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    userid (auto increment), username (if you want), password, first name, last name, email address, verified (true or false), timestamp (to compare when they registered so you can remove them if they don't verify theirselves)

    Be sure to hash the password. I don't know what language you are using. I recommend sha1() on php < 4 and hash() on php 5+ with salting.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #8
    Regular Coder
    Join Date
    Aug 2002
    Location
    New York
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    userid (auto increment), username (if you want), password, first name, last name, email address, verified (true or false), timestamp (to compare when they registered so you can remove them if they don't verify theirselves)

    Be sure to hash the password. I don't know what language you are using. I recommend sha1() on php < 4 and hash() on php 5+ with salting.
    What would be the lengths of the columns? I'm creating the table now and it's prompting me to enter a length.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •