开发者

How to do a registration confirmation email which will expires within 24 hr

I have a php registration form but now I want to create a registration confirm email which will send to provided email and expires within 24 hr. and when that link is clicked then registration开发者_Python百科 will be confirmed.

Please anybody help and provide some code. Thanks in advance.


The idea that's generally used is as follow :

  • When generating / sending the mail, you include in it a unique identifier (random, hard to guess) -- that identifier is in the link the user has to click on
    • This means thins link will look like http://www.yoursite.com/validate.php?id=HQGETBDC
  • At the same time, you record a piece of data in your database, with :
    • the user's to which the mail has been sent
    • the unique identifier (to be able to find this record)
    • the current date / time
  • when the user clicks the link, he'll visit a page on your server
    • that page will use the unique identifier (present in the link), to find the relevant record in the database
    • if that record is more that 24 hours old, the user will not be allowed to validate his account.


In addition, you'll probably want to code something to remove old entries (more than 24 hours and not validated) from your database -- using a cronjob, for instance.


You can store a list of email addresses, confirmation codes, and dates they were sent in a database. When the user tries to run the confirmation you check if the current time is less than 24 hours ago.

Once a day or once a week you run an automated script to delete stale entries.

If you don't use a database you can also use a bunch of text files as an "ad-hoc" database.


Supposing the e-mail only sends a link to an activation page with a key (/activate.php?key=14315515151...), then it is as easy as blacklisting/disabling the key.

If you explained better how your activation system works, it would result in a more precise answeer.


For email verification, you want to provide a token. And since you store that in the database, just save the expiry time too:

db("INSERT INTO confirmtoken ...", $confirm_token, time()+24*3600);

The time()+24*3600 represents a timestamp 24 hours from then.

When the user clicks your confirmation link ../confirm?token=3281nfakjnih98 then simply check if the time hasn't passed:

db("SELECT * FROM confirmtokens WHERE id=? AND maxtime<UNIX_TIMESTAMP()");


These are the steps you need to follow

  1. On registration create a new user and set his status as pending (or similar). Also create a hash to uniquely identify the user. Remember to have a created (or similar) column

  2. Send out a mail with a link that points to your confirmation page. You just need the hash as the identifier

  3. When the user clicks the hash, you can compare the current time with the created column and check whether it falls withing your date range (24 hours)


Normally you would enter a line in a database which has the uid attached to the registration with the date/time it was sent, and a clean up that runs every so often, depending on how busy you expect the site to be.

Therefore, if the link is clicked before 24 hours is up, then its removed and the registration complete, if not, after 24 hours even if the clean up hasnt run its then removed and the user told its expired, if its cleaned up, its already expired and the user can be told it cant be found, this could be because more than 24 hours has elapsed.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜