PHP mailbox verification example tutorial, php mailbox example. PHP email verification example tutorial. one of the most common security verification examples in user registration is email verification. According to the industry's general practice, mailbox verification is to avoid potential examples of security PHP mailbox verification tutorials, php mailbox examples
One of the most common security verification in user registration is email verification. According to the industry's general practices, mailbox verification is a very important practice to avoid potential security risks. now let's discuss these best practices, to see how to create a mailbox verification in PHP.
Let's start with a registry ticket:
The following is the table structure of the database:
CREATE TABLE IF NOT EXISTS `user` ( `id` INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY, `fname` VARCHAR(255) , `lname` VARCHAR(255) , `email` VARCHAR(50) , `password` VARCHAR(50) , `is_active` INT(1) DEFAULT '0', `verify_token` VARCHAR(255) , `created_at` TIMESTAMP, `updated_at` TIMESTAMP,);
Once the form is submitted, we need to verify the user input and create a new user:
// Validation rules$rules = array( 'fname' => 'required|max:255', 'lname' => 'required|max:255', 'email' => 'required', 'password' => 'required|min:6|max:20', 'cpassword' => 'same:password');$validator = Validator::make(Input::all(), $rules);// If input not valid, go back to registration pageif($validator->fails()) { return Redirect::to('registration')->with('error', $validator->messages()->first())->withInput();}$user = new User();$user->fname = Input::get('fname');$user->lname = Input::get('lname');$user->password = Input::get('password');// You will generate the verification code here and save it to the database// Save user to the databaseif(!$user->save()) { // If unable to write to database for any reason, show the error return Redirect::to('registration')->with('error', 'Unable to write to database at this time. Please try again later.')->withInput();}// User is created and saved to database// Verification e-mail will be sent here// Go back to registration page and show the success messagereturn Redirect::to('registration')->with('success', 'You have successfully created an account. The verification link has been sent to e-mail address you have provided. Please click on that link to activate your account.');
After registration, the user's account is still invalid until the user's email address is verified. This feature confirms that the user is the owner of the entered email address and helps prevent spam and unauthorized email use and information leakage.
The entire process is very simple-when a new user is created, an email containing a verification link will be sent to the email address entered by the user during the registration process. Before you click the email verification link and confirm the email address, you cannot log on to or use the website application.
There are several things to note about the verification link. The verification link must contain a randomly generated token, which should be long enough and valid only for a period of time. This is done to prevent network attacks. At the same time, mailbox verification also needs to contain a unique user ID, so as to avoid the potential danger of attacks to multiple users.
Now let's take a look at how to generate a verification link in practice:
// We will generate a random 32 alphanumeric string// It is almost impossible to brute-force this key space$code = str_random(32);$user->confirmation_code = $code;
Once this verification is created, it is stored in the database and sent to the user:
Mail::send('emails.email-confirmation', array('code' => $code, 'id' => $user->id), function($message){$message->from('my@domain.com', 'Mydomain.com')->to($user->email, $user->fname . ' ' . $user->lname)->subject('Mydomain.com: E-mail confirmation');});
Email verification content:
Please confirm your e-mail address by clicking the following link: &user=<?php echo $id; ?>">
Now let's verify whether it is feasible:
$user = User::where('id', '=', Input::get('user')) ->where('is_active', '=', 0) ->where('verify_token', '=', Input::get('code')) ->where('created_at', '>=', time() - (86400 * 2)) ->first();if($user) { $user->verify_token = null; $user->is_active = 1; if(!$user->save()) { // If unable to write to database for any reason, show the error return Redirect::to('verify')->with('error', 'Unable to connect to database at this time. Please try again later.'); } // Show the success message return Redirect::to('verify')->with('success', 'You account is now active. Thank you.');}// Code not valid, show error messagereturn Redirect::to('verify')->with('error', 'Verification code not valid.');
Conclusion:
The code shown above is just a Tutorial example and does not pass enough tests. Test it before using it in your web application. The above code is completed in the Laravel framework, but you can easily migrate it to other PHP frameworks. At the same time, the verification link is valid for 48 hours and then expires. By introducing a working queue, you can process expired verification links in a timely manner.
The real PHPChina original translation, the original text is reproduced in http://www.phpchina.com/portal.php? Mod = view & aid = 39888. I think this article has great learning value and I hope it will be helpful to you.
Email verification is one of the most common security verification methods used by region in user registration. According to the industry's general practice, mailbox verification is to avoid potential security...