I am trying to create a small system where a user subscribes to my site and they receive one of these email messages that has a link that they click on to activate their account.
So far I am thinking of doing this as follows:
- The user signs and clicks submit.
- A long random string is created and placed in this new "inactive" account.
- The email is sent to the address provided by the user containing the link "www.mysite.com/userclass/validationmethod/ user@email.com / 3423frqfafkop2341o43". The last bit is the verification code.
- The user clicks on the link.
- The email address and code correspond to the account you just created. The account is marked as verified / active.
- The verification code that is stored in the database is deleted or marked as used.
What do you think about this? Is this the best way to do this? How a little redundant question do I need to urlencode this email address?
I went with the following, which seems to work well. You just need to add the database functions and sort them:
public function verifyAccount($vCode, $email) {
$email = urldecode($email);
if($userId = $this->model->userIdByEmail($email))
{
$actualCode = $this->model->getUsersVerificationCodes('code', 'userId', $userId);
if($actualCode != $vCode)
{
$output = 'Invalid code or email.';
} else {
$output = 'Success!';
}
} else {
$output = 'Invalid code or email.';
}
echo $output;
}
source
share