Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

User sign-up with email verification

Tags:

java

jsp

registration

I'm developing a website with using struts2 and jsp pages. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? Should I save user's information on my database until he/she is verified or not? I searched web but there is learning for php forms.

any tutorial?

Thanks in advance.

like image 387
Zahra I.S Avatar asked Jun 14 '10 16:06

Zahra I.S

People also ask

How do you create a email verification link?

My solution: Add string column "code" and boolean column "is_active" (with default value false) to user table. When user register, generate unique string key and save to database. Send to email link, for example host.com/user/email/{code}/confirm.

What is the purpose of email verification?

Email verification helps ensure that your contact list is accurate and error free, that the email addresses you have are active, and that they belong to the people you want to reach.

How do I verify my email in HTML?

The <input type="email"> defines a field for an e-mail address. The input value is automatically validated to ensure it is a properly formatted e-mail address.

1 Answers

The algorithm is something like this:

  1. Save the user's info, marking it with a pending status.
  2. Generate a token that contains some info related to the user's account.
  3. Generate the email, which must include the URL to activate the account and the URL will have the token in it.
  4. The URL must point to some servlet or service in your app that will validate the token, check if the user related to the token is inactive, present a completion form (let the user set a password, present a captcha, etc) and on form submission you activate the account with the password they set.
  5. You should periodically scan the inactivate accounts and delete the ones that are several days old and have not been activated.

To generate the token, you can encrypt some data such as user ID, email, etc and encode it in Base 64 (the URL-safe variant) - remember to salt it when you encrypt. When you receive the token, you decode and decrypt it, and it must point to an inactivate user account.

like image 145
Chochos Avatar answered Sep 21 '22 13:09

Chochos
Sign in to Comment

Related questions

How to autowire factorybean
A Java web project created with Maven is not recognized as such by Eclipse
How can I make a socket close immediately, bypassing the timeout period?
How to override (not the OOP override) the output of System.out.print()?
Java List generics syntax for primitive types
High volume SVM (machine learning) system
Interacting with java code from C#
Reserved words in Java
Why doesn't list.get(0).equals(null) work?
gwt textbox add change handler
Can I set a timeout for a InputStream's read() function?
JScrollPanel without scrollbars
Detect the URI encoding automatically in Tomcat
Best way to parse Java in Java
How do I write a Java EE/EJB Singleton?
Can two different UDP socket in a system bind same port?
HPC (mainly on Java)
Java Generic Collection of Generic Type with Bounded Wildcard
What is the right data type for calculations in Java
Confused about encryption with public and private keys (which to use for encryption)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!