How do I send an email confirmation link to the user

Question

I am developing a website where I need to send confirmation link to the user's e-mail account when he/she signs-up.

When user clicks this link then a field userEnable in database changes from "false" to "true".

How do I send a confirmation e-mail to a user when user clicks on the signup button.

When user clicks on this confirmation link then how would the field UserEnable change from "false" to "true"

I am using asp.net 4.0 with VB.NET as the language and SQL Server 2008 for my database.

Answer 1

First, you should create table User in database with a column like Active = false in database (1 bit database field type). Then, after user has created his account, you should send him an activation link with query string containing user activation guid. Something like:

Please activate your account at www.mysite.com?id=21EC2020-3AEA-1069-A2DD-08002B30309D

At confirmation page, you will check for this query like

var id = Response.QueryString["id"]
if (id!= null) userBL.ActivateUser(id);

ActivateUser() method would update field to true, and also send an email confirmation.

Answer 2

The answer posted by nemke is good, but I do it slightly differently and I feel it is a bit more secure and protected against future changes. I create two extra fields for confirmation in each of my user records when they are created in the database.

Something like the following fields for each user:

userID: getUniqueUserID()
confirmed: false,
confirmCode: getRandomUUID()

The confirmCode is kept separate from the unique userID for each record and should only ever be used when the email is sent to the address used in registration. I then send a URL like the following:

http://example.com/activate?id=43d24b9ca73&c=16b4cf80-c59a-11e2-8b8b-0800200c9a66

You can then get the query fields server side and use the id in order look up the particular user record based on the unique userID, make sure the the c field matches confirmCode in the record, and then set the confirmed field to true and save the particular user's record in the database.