PHP email verification example tutorial, php Email Example

Source: Internet
Author: User
Tags php email

PHP email verification example tutorial, php Email Example

One of the most common security verification in user registration is email verification. According to the industry's general practices, mailbox verification is a very important practice to avoid potential security risks. Now let's discuss these best practices, to see how to create a mailbox verification in PHP.

Let's start with a registry ticket:

<form method="post" action="http://mydomain.com/registration/"> <fieldset class="form-group"> <label for="fname">First Name:</label> <input type="text" name="fname" class="form-control" required />  </fieldset>  <fieldset class="form-group"> <label for="lname">Last Name:</label> <input type="text" name="lname" class="form-control" required />  </fieldset>  <fieldset class="form-group"> <label for="email">Last name:</label> <input type="email" name="email" class="form-control" required />  </fieldset>  <fieldset class="form-group"> <label for="password">Password:</label> <input type="password" name="password" class="form-control" required />  </fieldset>  <fieldset class="form-group"> <label for="cpassword">Confirm Password:</label> <input type="password" name="cpassword" class="form-control" required />  </fieldset>  <fieldset>    <button type="submit" class="btn">Register</button>  </fieldset></form> 

The following is the table structure of the database:

CREATE TABLE IF NOT EXISTS `user` ( `id` INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY, `fname` VARCHAR(255) , `lname` VARCHAR(255) , `email` VARCHAR(50) , `password` VARCHAR(50) , `is_active` INT(1) DEFAULT '0', `verify_token` VARCHAR(255) , `created_at` TIMESTAMP, `updated_at` TIMESTAMP,); 

Once the form is submitted, we need to verify the user input and create a new user:

// Validation rules$rules = array(  'fname' => 'required|max:255',  'lname' => 'required|max:255', 'email' => 'required', 'password' => 'required|min:6|max:20', 'cpassword' => 'same:password');$validator = Validator::make(Input::all(), $rules);// If input not valid, go back to registration pageif($validator->fails()) { return Redirect::to('registration')->with('error', $validator->messages()->first())->withInput();}$user = new User();$user->fname = Input::get('fname');$user->lname = Input::get('lname');$user->password = Input::get('password');// You will generate the verification code here and save it to the database// Save user to the databaseif(!$user->save()) { // If unable to write to database for any reason, show the error return Redirect::to('registration')->with('error', 'Unable to write to database at this time. Please try again later.')->withInput();}// User is created and saved to database// Verification e-mail will be sent here// Go back to registration page and show the success messagereturn Redirect::to('registration')->with('success', 'You have successfully created an account. The verification link has been sent to e-mail address you have provided. Please click on that link to activate your account.');

After registration, the user's account is still invalid until the user's email address is verified. This feature confirms that the user is the owner of the entered email address and helps prevent spam and unauthorized email use and information leakage.

The entire process is very simple-when a new user is created, an email containing a verification link will be sent to the email address entered by the user during the registration process. Before you click the email verification link and confirm the email address, you cannot log on to or use the website application.

There are several things to note about the verification link. The verification link must contain a randomly generated token, which should be long enough and valid only for a period of time. This is done to prevent network attacks. At the same time, mailbox verification also needs to contain a unique user ID, so as to avoid the potential danger of attacks to multiple users.

Now let's take a look at how to generate a verification link in practice:

// We will generate a random 32 alphanumeric string// It is almost impossible to brute-force this key space$code = str_random(32);$user->confirmation_code = $code; 

Once this verification is created, it is stored in the database and sent to the user:

Mail::send('emails.email-confirmation', array('code' => $code, 'id' => $user->id), function($message){$message->from('my@domain.com', 'Mydomain.com')->to($user->email, $user->fname . ' ' . $user->lname)->subject('Mydomain.com: E-mail confirmation');}); 

Email verification content:

<!DOCTYPE html>

Now let's verify whether it is feasible:

$user = User::where('id', '=', Input::get('user'))  ->where('is_active', '=', 0)  ->where('verify_token', '=', Input::get('code'))  ->where('created_at', '>=', time() - (86400 * 2))  ->first();if($user) { $user->verify_token = null; $user->is_active = 1; if(!$user->save()) { // If unable to write to database for any reason, show the error return Redirect::to('verify')->with('error', 'Unable to connect to database at this time. Please try again later.'); } // Show the success message return Redirect::to('verify')->with('success', 'You account is now active. Thank you.');}// Code not valid, show error messagereturn Redirect::to('verify')->with('error', 'Verification code not valid.'); 

Conclusion:
The code shown above is just a Tutorial example and does not pass enough tests. Test it before using it in your web application. The above code is completed in the Laravel framework, but you can easily migrate it to other PHP frameworks. At the same time, the verification link is valid for 48 hours and then expires. By introducing a working queue, You can process expired verification links in a timely manner.

The real PHPChina Original translation, the original text is reproduced in http://www.phpchina.com/portal.php? Mod = view & aid = 39888. I think this article has great learning value and I hope it will be helpful to you.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.