The principle of email verification at the time of PHP registration

Source: Internet
Author: User

In fact the principle is very simple, you say automatically generate URL that step does not, first URL is divided into two parts:
The first part is a verification address with a parameter that identifies the user ID, for example: Http://www.xxx.com/active.php?uid=1
the second part is actually a string to verify, for example: authcode=asdad1f323ff43f
Together, it 's http://www.xxx.com/active.php?uid=1&authcode=asdad1f323ff43f.

the first part is your decision, active.php is the one you wrote the verification script, so you can know the address?
is the second part a randomly generated string? You can use this formula to generate this string using: MD5 (own domain name + timestamp + authenticated username). Of course you can define how to combine this string, just make sure they don't have a regular guess, and don't repeat it.
It's simple, isn't it?


as for when to generate and when to validate, you can design this:
You can add two fields to the user table: 1 (bool isActive) If the user is activated, the default is False. 2 (string authcode) temporary activation code.
when the user registers, or clicks the Activate button, executes one of your scripts:
1 Generate the activation code, that is the method I said above.
2 Use this activation code to store the activation code in the Authcode field of the user table.
3 Send your full activation address to the user's mailbox by email
4 Your script, when the request is received, two parameters are removed to the user table in the search uid=1 the user's authcode is equal to the database, if equal, verify through, and empty the update IsActive field is true, The Authcode field is updated to null.


That 's it, of course, to avoid generating duplicate verification codes and other people's guesses, you can set a time-out for Authcode. There are a number of ways that you can add a timestamp to the user table, with the current timestamp + a valid timestamp period, such as time () +3600, which is the one-hour timeout, which, when verified, can be compared to whether it is within this timestamp at the same time. This kind of stuff, you can also put in the cache or in memory. That would be better.


you may also need to make a switch, maybe you want the new registered users to need mail activation today, and tomorrow you may not want to. Used to control whether mail activation is required. First, if this value is true, all registered users are isactive false, otherwise they are true.

The principle of email verification at the time of PHP registration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.