Email Verification

**AJPayne** · August 27th, 2004, 3:47 AM

What I want to do is pretty the same thing as vBulletin does: Once a user signs up, he is sent an email, with a link to click and activate the account, or do something else.

I heard it isn't hard to do. Do you guyz know of any tutorials out there that explain how to do that?

Thanks.

**patrickb** · August 27th, 2004, 4:07 AM

What I like to do is generate a random password for the user and send that to them in email. Once they get their email, they can login and change their password. This is the most simple and easiest way to do it. Everytime a user logs in, I then check a field in the database for that account to see if they have logged in before. If they haven't, I update the DB to reflect that they have logged in and are "verified". That way I can distinguish between active and inactive accounts.

Code:

function makePassword() {
	$salt = str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789");
	srand((double)microtime()*1000000);
	$i = 0;
	while ($i <= 8) {
		$num = rand() % 33;
		$tmp = substr($salt, $num, 1);
		$pass = $pass . $tmp;
		$i++;
	}
	return $pass;
}

Thats a good random pass function I stole from somewhere. (can't remember where). Before I add the newly created account into the database, I add in their password using something like:

Code:

$randomPass = makePassword();

And then I add it into my database query. Generate the welcome page telling them an email has been sent with their password, and then wait for them to login. Works a lot better than trying to create dynamic links and tracking them in my opinion. Simple stupid is always good.

**AJPayne** · August 27th, 2004, 5:24 AM

thanks Patrick,

So that code would generate an 8 character long password correct?

Another question on your code. I would like to store the pass in the db as an md5 encrypted password. So would I just write something like his?

PHP Code:


			
$encrypted = md5($randomPass);



mysql_query (INSERT INTO db (pass) VALUES ($encrypted);

Would that be correct?

Thanks again

**patrickb** · August 27th, 2004, 7:30 AM

Yes, that looks correct. Of course, this is a sampling of some code from one of my real time sites:

Code:

	$arHold = array();
	$result = mysql_query("DESCRIBE table");
	
	while ($row = mysql_fetch_assoc($result)) {
		$arHold[$row["Field"]] = NULL;
	}

	// Make the update query that inserts the user into the table.
	$queryAdd = "INSERT INTO table SET ";

	foreach ($_POST as $key => $value) {
		if (array_key_exists($key, $arHold)) {
			$value = addslashes($value);
			$queryAdd .= "$key='$value', ";
		}
	}
	
	$queryAdd = substr($queryAdd, 0, -2);	// Strip off the trailing comma and space
	$randomPass = makePassword();
	$queryAdd .= ", l_password='" . md5($randomPass) . "'";

	$result = mysql_query($queryAdd);
	
	if ($result) {
	// Generate a welcome page with further instructions.  Also generate the welcome email as well.
		sendWelcomeEmail();
	} else {
	// Email error message to the me.
		echo "<p>Sorry, there was an error setting up your account.  Details have been logged for the site administrator.  Feel free to email me with your information and we shall set this account up for you manually</p>";
	}

I use the description of the table to ensure all fields submitted by post are valid database fields and won't cause the query to barf. Makes life a little easier in real-time applications that can't afford to have errors because of silly little typos.

**AJPayne** · August 27th, 2004, 3:41 PM

hmm not sure why it doesn't send that email.

here is what I have:

PHP Code:


			
function makePassword() {

    $salt = str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");

    srand((double)microtime()*1000000);

    $i = 0;

    while ($i <= 8) {

        $num = rand() % 33;

        $tmp = substr($salt, $num, 1);

        $pass = $pass . $tmp;

        $i++;

    }

    return $pass;

}



$randomPass = makePassword();



$encrypted = md5($randomPass);

BTW, I added capital letters to be included in the password.

Then I have the function of the email itself:

PHP Code:


			
function sendWelcomeEmail($sendEmail){

    $MessageString = "Dear ".$_POST["contact_first"]." ".$_POST["contact_last"].",\r\n\r\n"; 

    $MessageString .= "Thank you for registering at FindAgoodHost.com.\r\n"; 

    $MessageString .= "Your account has now been activated and can be accessed immediately to update your profile, add plans, signup for our various services and much much more!r\n\r\n"; 

    $MessageString .= "Your login details are as follow:"."\r\n".$_POST["name"]."\r\n\r\n"; 

    $MessageString .= "Login at:"."\r\n"."http://www.findagoodhost.com/host/index.php\r\n\r\n";

    $MessageString .= "Username:"."\r\n".$_POST["contact_email"]."\r\n\r\n";

    $MessageString .= "Password:"."\r\n".$randomPass."\r\n\r\n\r\n"; 

    $MessageString .= "Do not forget to register on our forums at [url]http://www.findagoodhost.com/forum[/url], "; 



    mail($email, "FAGH Account Details", $MessageString, "From: FindAGoodHost");

}

Then I check for errors (such as the right email format is entered,...), but I won't include it here since it is irrelevent.

So now I have this:

PHP Code:


			
        if ($total == 1) 

        { 

            header("Location: dp.php");

            exit;

        }



        else

        { 

            sendWelcomeEmail();

            mysql_query($query,$conn) or die("SQL error: ".mysql_error());

            mysql_close($conn);

            header("Location: ty.php");

            exit;

        }

That's just saying that if there are errors, display them. Otherwise send the password by email, and add all the fields to the db.

Now the query gets added to the db fine (I can see the row in phpmyadmin), but it does not send the email.

What am I doing wrong?

Thanks

**patrickb** · August 29th, 2004, 3:13 AM

Code:

function sendWelcomeEmail($sendEmail){

That is what you are doing wrong. You added a parameter into the function declaration and when you call the function, you never pass the parameter to it. Just remove the $sendEmail part and leave it blank paranthesis there. Should work fine from what I see.

August 27th, 2004, 3:47 AM	#1 (permalink)
AJPayne I own you! Excelling Contributor Joined in Apr 2004 563 posts Gave thanks: 0 Thanked 3 times	Email Verification What I want to do is pretty the same thing as vBulletin does: Once a user signs up, he is sent an email, with a link to click and activate the account, or do something else. I heard it isn't hard to do. Do you guyz know of any tutorials out there that explain how to do that? Thanks.

August 27th, 2004, 4:07 AM	#2 (permalink)
patrickb the one who was Super #1 Joined in Jul 2003 Lives in Memphis 1,967 posts Gave thanks: 0 Thanked 3 times	What I like to do is generate a random password for the user and send that to them in email. Once they get their email, they can login and change their password. This is the most simple and easiest way to do it. Everytime a user logs in, I then check a field in the database for that account to see if they have logged in before. If they haven't, I update the DB to reflect that they have logged in and are "verified". That way I can distinguish between active and inactive accounts. Code: function makePassword() { $salt = str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"); srand((double)microtime()*1000000); $i = 0; while ($i <= 8) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } Thats a good random pass function I stole from somewhere. (can't remember where). Before I add the newly created account into the database, I add in their password using something like: Code: $randomPass = makePassword(); And then I add it into my database query. Generate the welcome page telling them an email has been sent with their password, and then wait for them to login. Works a lot better than trying to create dynamic links and tracking them in my opinion. Simple stupid is always good. __________________ Patrick Warnings: The program(s) might crash unexpectedly or behave otherwise strangely. (But of course, so do many commercial programs on Windows.) --www.gimp.org

August 27th, 2004, 5:24 AM	#3 (permalink)
AJPayne I own you! Excelling Contributor Joined in Apr 2004 563 posts Gave thanks: 0 Thanked 3 times	thanks Patrick, So that code would generate an 8 character long password correct? Another question on your code. I would like to store the pass in the db as an md5 encrypted password. So would I just write something like his? PHP Code: `$encrypted = md5($randomPass); mysql_query (INSERT INTO db (pass) VALUES ($encrypted);` Would that be correct? Thanks again

August 27th, 2004, 3:41 PM	#5 (permalink)
AJPayne I own you! Excelling Contributor Joined in Apr 2004 563 posts Gave thanks: 0 Thanked 3 times	hmm not sure why it doesn't send that email. here is what I have: PHP Code: `function makePassword() { $salt = str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); srand((double)microtime()*1000000); $i = 0; while ($i <= 8) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $randomPass = makePassword(); $encrypted = md5($randomPass);` BTW, I added capital letters to be included in the password. Then I have the function of the email itself: PHP Code: function sendWelcomeEmail($sendEmail){ $MessageString = "Dear ".$_POST["contact_first"]." ".$_POST["contact_last"].",\r\n\r\n"; $MessageString .= "Thank you for registering at FindAgoodHost.com.\r\n"; $MessageString .= "Your account has now been activated and can be accessed immediately to update your profile, add plans, signup for our various services and much much more!r\n\r\n"; $MessageString .= "Your login details are as follow:"."\r\n".$_POST["name"]."\r\n\r\n"; $MessageString .= "Login at:"."\r\n"."http://www.findagoodhost.com/host/index.php\r\n\r\n"; $MessageString .= "Username:"."\r\n".$_POST["contact_email"]."\r\n\r\n"; $MessageString .= "Password:"."\r\n".$randomPass."\r\n\r\n\r\n"; $MessageString .= "Do not forget to register on our forums at [url]http://www.findagoodhost.com/forum[/url], "; mail($email, "FAGH Account Details", $MessageString, "From: FindAGoodHost"); } Then I check for errors (such as the right email format is entered,...), but I won't include it here since it is irrelevent. So now I have this: PHP Code: `if ($total == 1) { header("Location: dp.php"); exit; } else { sendWelcomeEmail(); mysql_query($query,$conn) or die("SQL error: ".mysql_error()); mysql_close($conn); header("Location: ty.php"); exit; }` That's just saying that if there are errors, display them. Otherwise send the password by email, and add all the fields to the db. Now the query gets added to the db fine (I can see the row in phpmyadmin), but it does not send the email. What am I doing wrong? Thanks

August 29th, 2004, 3:13 AM	#6 (permalink)
patrickb the one who was Super #1 Joined in Jul 2003 Lives in Memphis 1,967 posts Gave thanks: 0 Thanked 3 times	Code: function sendWelcomeEmail($sendEmail){ That is what you are doing wrong. You added a parameter into the function declaration and when you call the function, you never pass the parameter to it. Just remove the $sendEmail part and leave it blank paranthesis there. Should work fine from what I see. __________________ Patrick Warnings: The program(s) might crash unexpectedly or behave otherwise strangely. (But of course, so do many commercial programs on Windows.) --www.gimp.org

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: