E-m@il Confirmation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • E-m@il Confirmation

    Hallo,

    I've got a simple mail script with me which works fine, that is, it sends an e-mail to the administrator e-mail as well as to the person who submitted his/her e-mail who submitted in my contact form.

    I would like to add a simple security feature, like to confirm his e-mail:
    so, i should be able to send a link and if the user has really contacted my profile, he then clicks on the link and then the e-mail address is being now confirmed.
    This type of links to confirm our account is being seen in all the forums around, even in this forum i guess.
    Should i add a new field to my table to check the user e-mail has been confirmed.

    Would be greatful to you if somebody can gimmi an over-view.
    This line of code will be sent to the user who has contacted my profile:
    PHP Code:
    mail ("$email""Contacted Profile""$name"); 
    Thanks
    Happiness is a state of mind.
    Change your mind and be happy!

  • #2
    you gotta extend your user table with one single column

    make it of type varchar, length 32 characters

    before sending your mail generate a 32 characters long random string

    place a link in your mail
    Code:
    http://www.yourdomain.tld/activate.php?id=[b]the string generated just before[/b]>klick here to activate your account</a>
    of course you'll need the file activate.php

    this file does something link this
    Code:
    UPDATE users
    SET UserActivated='1'
    WHERE UserActivated='[b]the string generated just before[/b]'
    now you can check which users did activate their account and which didn't
    Ich denke, also bin ich. - Einige sind trotzdem...

    Comment


    • #3
      Thanks Mr.happiness. will straight away look at it and let you know how it works.
      Happiness is a state of mind.
      Change your mind and be happy!

      Comment


      • #4
        aight

        btw: i like your sig
        Ich denke, also bin ich. - Einige sind trotzdem...

        Comment


        • #5
          Mr.happiness,

          Back to my stuff today.well, i changed my code and seems to be working mostly except some weird behaviour with my update stuff.
          The problem i see is- lets say user A has contacted profile with id 1 and user A again contacted profile with id 2 and with the same email as before.
          He activates the email link for the profile id 2 ONLY and not for the profile id 1.But, I see in my table the column activated is set to 1 in both cases.How can i restrict to that id alone??
          Thanks for your time.

          Here it goes the latest code .......
          mail.php
          PHP Code:
          <?php
          /*This script will handle the variables passed from the contact form*/

          //Declare the relevant variables

          $hostname "";
          $username "";
          $password "";
          $dbname "";
          $mytable "user_information";
          $adminaddress "";

          //Database connection

          mysql_connect($hostname,$username,$password)or die ("unable to connect my database");
          mysql_select_db("$dbname") or die ("unable to select database");

          echo 
          "<body bgcolor='#FFFFCC'>";
          echo 
          "<CENTER>";
          echo 
          "Hello, $name";
          echo 
          "<BR><BR>";
          echo 
          "Thank you for your interest.<BR><BR>";
          echo 
          "We have sent you an activation e-mail to $email.Please check your e-mail";
          echo 
          "<CENTER>";

          // function to generate random string
          function RandomString($length=32

          $randstr=''
          srand((double)microtime()*1000000); 
          // array add all letters and numbers if you wish
          $chars = array ( 'a','b','c','d','e','f'); 
          for (
          $rand 0$rand <= $length$rand++) 

          $random rand(0count($chars) -1); 
          $randstr .= $chars[$random]; 

          return 
          $randstr

          $rstr RandomString(8);
          //Send the relevant e-mail to the user
              
          $from $_REQUEST['email'];
              
          $mail_body "To validate this email click the following link:\nhttp://www.blahblah.com/project/activate.php?id=$rstr";
              
          mail($from"Validation Email"$mail_body"From: minds_gifts\n");
              print(
          "Please check your email <b>$from</b> for the test validation message");   
          //Send the relevant email to admin
          mail ("myself@myself.com""visitor request for info""$name requested for information.The email address is $email"); 

          //Insert into the table

          $query "insert into $mytable (name, email, text, contacted_id) values ('$name','$email','$description','$id')";
          $result mysql_query($query);

          //We close the MySQL connection 

              
          mysql_close(); 

          ?>
          activate.php
          PHP Code:
          $sql mysql_query("UPDATE $mytable SET activated='1' WHERE activated='$rstr'"); 
          Last edited by minds_gifts; 16-06-2003, 23:24.
          Happiness is a state of mind.
          Change your mind and be happy!

          Comment


          • #6
            Hello,

            Coulple of questions i've got to ask over here.Before that I would like to say, i edited my previous post and this is my latest code.Well,
            according to Mr.Happiness, he said i need to extend my table with one more column of type Varchar(32).I guess this column is called activated, but in my update query, i always set this to one.so, why do i need 32 of length??
            Sorry if i had mis-understood.
            I still have problems with my updation stuff.Do you think that the column activated should be unique??if i make it unique, i dont see records being inserted,huh!
            I feel thats theres a way of tricky in getting my code fixed.I'll be glad if somebody can show me the way

            Thanks
            Happiness is a state of mind.
            Change your mind and be happy!

            Comment


            • #7
              in your insert statrement you have to sepcify a value for your activate-column too. i guess this should be $rstr
              Ich denke, also bin ich. - Einige sind trotzdem...

              Comment


              • #8
                hmm...that does'nt help me either.Now, when i contact the profile and submit it, i see the 8 char string inserted into the activated column of the table, fine!The first step is good.
                well, this column has to updated to 1 when the user clicks on the link, right??but it does'nt.
                Do you think is there any error in this line??
                PHP Code:
                $mail_body "To validate this email click the following link:\nhttp://www.inkaytown.f2o.org/project/activate.php?id=$rstr"
                well, I feel theres some sort of confusion with the id
                My table structure looks like as follows
                id(int)--->>>>Auto-increment
                name(varchar)
                email(varchar)
                description(text)
                contacted_id(int)----->>>>This is the profile id which the user has contacted
                activated(varchar)---->>This would tell if the user has activated the email

                Is there anything messed up??
                Thanks for your time
                Happiness is a state of mind.
                Change your mind and be happy!

                Comment


                • #9
                  did you verify that $rstr is inserted correctly?

                  in activate.php do the following:
                  PHP Code:
                  //connect to database

                  $statement="UPDATE $mytable SET activated='1' WHERE activated='$rstr'";
                  echo 
                  $statement;
                  echo 
                  '<hr />';
                  $statement="UPDATE $mytable SET activated='1' WHERE activated='".$_GET['id']."'";
                  echo 
                  $statement;
                  $sql=mysql_query($statement) or die(mysql_error()); 
                  in activate.php you dont have the variable $rstr, but you have a varibale called $_GET['id'] containing the radnom link generated previously, since you call it like this
                  Code:
                  activate.php?id=random
                  so you have to use $_GET['id'] instead of $rstr
                  Ich denke, also bin ich. - Einige sind trotzdem...

                  Comment


                  • #10
                    This has further pushed me into trouble.I dont see the records being inserted now.After the contact form has been snubmitted, this message used to appear
                    PHP Code:
                    echo "<body bgcolor='#FFFFCC'>";
                    echo 
                    "<CENTER>";
                    echo 
                    "Hello, $name";
                    echo 
                    "<BR><BR>";
                    echo 
                    "Thank you for your interest.<BR><BR>";
                    echo 
                    "We have sent you an activation e-mail to $email.Please check your e-mail";
                    echo 
                    "<CENTER>"
                    Now, i dont see neither this message nor the records inside the table.
                    hmm....turning things really complicated, aint it??
                    Thanks once again
                    Happiness is a state of mind.
                    Change your mind and be happy!

                    Comment


                    • #11
                      this shouldnt'be possible since i advised you to change activcate.php and not mail.php which inserts the record
                      Ich denke, also bin ich. - Einige sind trotzdem...

                      Comment


                      • #12
                        sorry, i acted dumb and changed something else.well, That works like a charm now
                        I'm still gonna shoot with couple of questions concerning security flaws, stay tuned!

                        Thanks a bunch Mr.Happiness.
                        Happiness is a state of mind.
                        Change your mind and be happy!

                        Comment


                        • #13
                          OffTopic:
                          upon my life, i live to please
                          Ich denke, also bin ich. - Einige sind trotzdem...

                          Comment

                          Working...
                          X