In fact the principle is very simple, you say automatically generate URL that step does not, first URL is divided into two parts:
The first part is a verification address with a parameter that identifies the user ID, for example: Http://www.xxx.com/active.php?uid=1
the second part is actually a string to verify, for example: authcode=asdad1f323ff43f
Together, it 's http://www.xxx.com/active.php?uid=1&authcode=asdad1f323ff43f.
the first part is your decision, active.php is the one you wrote the verification script, so you can know the address?
is the second part a randomly generated string? You can use this formula to generate this string using: MD5 (own domain name + timestamp + authenticated username). Of course you can define how to combine this string, just make sure they don't have a regular guess, and don't repeat it.
It's simple, isn't it?
as for when to generate and when to validate, you can design this:
You can add two fields to the user table: 1 (bool isActive) If the user is activated, the default is False. 2 (string authcode) temporary activation code.
when the user registers, or clicks the Activate button, executes one of your scripts:
1 Generate the activation code, that is the method I said above.
2 Use this activation code to store the activation code in the Authcode field of the user table.
3 Send your full activation address to the user's mailbox by email
4 Your script, when the request is received, two parameters are removed to the user table in the search uid=1 the user's authcode is equal to the database, if equal, verify through, and empty the update IsActive field is true, The Authcode field is updated to null.
That 's it, of course, to avoid generating duplicate verification codes and other people's guesses, you can set a time-out for Authcode. There are a number of ways that you can add a timestamp to the user table, with the current timestamp + a valid timestamp period, such as time () +3600, which is the one-hour timeout, which, when verified, can be compared to whether it is within this timestamp at the same time. This kind of stuff, you can also put in the cache or in memory. That would be better.
you may also need to make a switch, maybe you want the new registered users to need mail activation today, and tomorrow you may not want to. Used to control whether mail activation is required. First, if this value is true, all registered users are isactive false, otherwise they are true.
The principle of email verification at the time of PHP registration