Verify emails using PHP
How can I verify when a visitor registers on my website, that the email he/she has 开发者_如何学JAVAused is valid. I would like to email them a link which they can click to prove their membership, how can this be done?
At a high level, what you want to do is roughly the following:
- When a user registers, create a secret code that the user can't figure out himself
- This can be something that is randomly assigned like a random string
- This can also be something that you can calculate programmatically (but that the user can't) like an MD5 of the user's email address concatenated to a secret string; doing this could save you a database column since you wouldn't have to store it
- Save the secret code and send it to the user in the form of a link in an email
- Set up a listener at that link, and if the codes match, "activate the user"
As for how to do this step-by-step, tutorials abound.
Create a unique random number, and store it in a table alongside their user ID. Email them a message with a link to a page that accepts the random number as input. If they have the correct random number, then mark their account active.
If you're using PHP 5.2 or greater, one option is the filter_var function...
if (filter_var('email@example.com', FILTER_VALIDATE_EMAIL) !== FALSE)
Going to go with the following approach.
User registers. Database is updated with their details and a flag added for active/not active. Email is sent to registered email address with link. Link goes to a page that can confirm the email address as valid and update the database.
No idea what environment your working in and making a few assumptions, this is roughly how you go about it.
I assume you are already persisting the user registration? You for the following will want to generate a hash of some kind and insert this along with the user/member details...
$hash = substr(md5(uniqid()), 0, 5);
Do you feel confident in constructing an email view and sending it with phpMailer or similar? If so, do so, with a link that when its hit, will grab the member_id and the member_hash and so something like the following... I used PDO here, again, so many ways to do what you want... whatever is best for you.
// PDO Instance
$pdo = $this->actionServer->getDataSource('PDO');
$findMember = $pdo->prepare('SELECT * FROM member WHERE member.member_id = :memberId AND member.member_hash = :memberHash AND hidden = 1');
$findMember->bindParam(':memberId', $memberId);
$findMember->bindParam(':memberHash', $memberHash);
$findMember->execute();
$findMemberResult = $findMember->fetch(PDO::FETCH_ASSOC);
if (empty($findMemberResult)) {
$this->log->error('Could not find member based on ID and Hash combination');
throw new HTTPException(404);
}
/**
* Could use a method like below to approve
*/
protected function approveMember($memberId, $pdo) {
$sql = 'UPDATE member SET member.hidden = 0 WHERE member.member_id = :memberId';
$updateMember = $pdo->prepare($sql);
$updateMember->bindParam(':memberId', $memberId);
$updateMember->execute();
}
Hopefully that helps!
Cheerio
I did something similar at one point in time, however I didn't have to validate that the user existed, I did need to validate the formatting and whether it was a real domain or not (scrub none@none.com). You can look at my functions and start there.
//Verify formatting
function verify_email($email){
if(!preg_match('/^[_A-z0-9-]+((\.|\+)[_A-z0-9-]+)*@[A-z0-9-]+(\.[A-z0-9-]+)*(\.[A-z]{2,4})$/',$email)){
return false;
} else {
return $email;
}
}
//Verify MX records exist
function verify_email_dns($email){
// This will split the email into its front
// and back (the domain) portions
list($name, $domain) = split('@',$email);
if(!(checkdnsrr($domain,'MX') || checkdnsrr($domain, 'A'))){
// No MX record found
return false;
} else {
// MX record found, return email
return true;
}
}
You may also check this stack question
加载中,请稍侯......
精彩评论