开发者

Testing user registration validation in php

问答 作者:

Hey all, I am creating a login script that in one step, enters the new user into a text file, creates a new directory for that user, sends the user a code, and then the user has to enter the code to validate that he/she is real. First question is about the code that is emailed:

a random number is created and sent to the new user. The new user in theory keeps his browser window open, and enters the code into the page. Once this happens, he clicks submit. I want to be able to compare the random number that was generated when the user created the account, to the one he received in the email using an IF statement.

$randNumber = rand();

<form id="form1" name="f开发者_运维技巧orm1" method="post" action="">
 <span id="sprytextfield1">
   <label>Activation Code
     <input type="text" name="actcode" id="actcode" />
   </label>
   <span class="textfieldRequiredMsg">Please Enter Your activation Code To Continue.</span></span>
   <input name="Activate Account" type="submit" value="Activate Account" />


Something like: IF( $randNumber == 'actcode'){
redirect}
else{
     re-load}

How do I make the variable "$rand" which is created upon page load, compare to what the user enters when he hits "activate account"?

Thanks!

if you create a random number then it will always be random.. if the user closes the window he has to do the validation again,.

it is better to create a hash (md5() or sha1()) of his email-id (+ any other details he provided) and mail it to him.

if you want others not to predict the secret validation code then you better use some text manipulation on that hash.

example:

define a hash function

function hashfunction( $username, $email)
{
  return sha1($username).sha1($email);
}

$username = foo
$email = bar@domain.com

$hash = hashfunction( $username, $email)
$url = "http://domainnname.com/verify.php?username=$username&email=$email&hash=$hash"
@mail($email, "User Validation", $url)

the generated url will be http://domainnname.com/verify.php?username=foo&email=bar@domain.com&hash=jr6u9ghj78gjkk76fv

now you can verify the user by taking his username and email and running the same function to create hash and then comparing it with them hash in the url

if (hashfunction($_GET['username'], $_GET['email']) == $_GET['hash'])
{
   <validated>....
}
else
{
  <not validated>....
}

php through mod_php is stateless, this mean you must store $randNumber in DB or file, etc... then restore it using session id or username.

You need to store the random number somewhere on the server. Either you store this number into the same text file you're storing user details, or some separate text file (along with the username or some other unique identifier). Then when the user submits the activation form you compare the code it to the one you have on the server to see if they match. You'll need to store the username in a hidden field in the form (or in the session) so you can load up the right 'correct' activation code when the form is submitted.

You should also consider what happens if the user closes their browser, or doesn't get the email immediately and goes off and does something else. One approach would be to include a link in the email that takes the user to the activation page, but (importantly) includes their username (or unique identifier) so you can still relate the random number to the correct account.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9