Geek Answers Handbook

How to write a dual PHP subscription

I am trying to write a small PHP script to manage subscriptions for a mailing list. I tried to find any resources that I can find on the Internet, but I just came up with:

  • Very simple PHP scripts with single select or fake double select functions.
  • Very complex projects with several megabytes of PHP, such as PHPList (7.8 MB!)

Using "fake" double options, I call methods that either put the email address as a validation string, or that use cookies in the browser.

All I would like to achieve is:

  • Someone can write this email address in PHP form and click submit
  • He receives an email with the URL where he needs to click. The link should not contain an email address, but some md5 or random strings
  • After clicking on the URL, he gets to a page that displays a "confirmed email"

At the end of the server, the addresses can be stored in a text file in a protected folder, or if you think it is really important to store them in the database, and then in the database.

My questions so far:

  • Can someone lead me to a tutorial or syntax about how to write such a script
  • Do I use a database or a simple file . All I need to do is insert simple lines of new letters with the ability to re-check.
  • How to save temporary id-s for dual input system. I was thinking of using something like md5 ("email" . "passphrase") to generate id and store them next to email addresses.
+4
source share
2 answers

Just for fun, here is a pretty simple example. It should be easy to understand what is happening there and why.

Caution: the code has not been tested, so syntax and other errors are possible.

 <?php // Salt for hashing confirmation keys $salt = 'yoursecretstring12#11;.-_.21'; $url = 'http://www.yoursite.tld/thisscript.php'; $fromEmail = ' you@yoursite.tld '; $dbHost = 'localhost'; $dbUser = 'dbuser'; $dbPass = 'dbpass'; $dbDatabase = 'dbname'; mysql_connect($dbHost, $dbUser, $dbPass); mysql_select_db($dbDatabase); $ip = $_SERVER["REMOTE_ADDR"]; if ( isset( $_GET['key'] ) && isset( $_GET['email'] ) ) { // If we have 'email' and 'key' parameters, we are handling an opt-in click $email = mysql_real_escape_string( $_GET['email'] ); // Check if key matches hash of email and salt combination and if email is really an email if ( sha1( $email.$salt ) == $_GET['key'] && filter_var($email, FILTER_VALIDATE_EMAIL) ) { // Check if entry already exists $checkDupes = mysql_query( "SELECT COUNT(*) as cnt FROM emails WHERE email = '$email'"; ); $result = mysql_fetch_assoc($checkDupes); if ($result['cnt'] < 1) { // Fresh email, insert into db along with remote ip and timestamp mysql_query( "INSERT INTO emails (email, ip, timestamp) VALUES ( '$email', $ip, NOW() );" ); die('Subscription confirmed!'); } else { die('Email already exists in database'); } } else { die('Key mismatch or invalid email!'); } } else if ( isset( $_POST['email'] ) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) ) { // Form submission, send confirmation email $email = $_POST['email']; $key = sha1( $email.$salt ); $link = $url . '?email=' . $email . '&key=' . $key; $mailSubject = 'Please confirm your subscription'; $mailTo = $email; $mailBody = 'Please confirm your subscription by clicking <a href="$link">this link</a>'; $headers = 'From: ' . $fromEmail . "\r\n"; mail( $mailTo, $mailSubject, $mailBody ); } else { // Present form and show error if needed if ( isset( $_POST['email'] ) ) { echo "Ivalid email submitted!<br />"; } echo ' <form method="post" action="'.$url.'"> Email: <input type="text" name="email" /><br /> <input type="submit" value="Submit" /> </form> '; }
+4
source

I would recommend creating a random string using md5(rand()) and storing it in the database. Then create a link for the user and email him. This link should contain a random string in the GET variable, and when the confirmation page loads, you can compare it with the database.

If the line is incorrect, do nothing and display an error. If this is correct, delete the row from the table and add it to another table in which the emails were confirmed (or you have a field called is_confirmed and change it to TRUE after confirming the email address).

You should also have a similar method that allows the user to unsubscribe from the mailing list.

+1
source

More articles:


All Articles