Menu
When a user subscribes to my newsletter via their email address, using php, how would I send them an 'Activation Link' via email to confirm it is their email address and not a fake one.
so at the moment I have
PHP:
<?php
$to = "[email protected]";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
if (mail($to, $subject, $body)) {
echo "<p>Message successfully sent!</p>";
} else {
echo "<p>Message delivery failed...</p>";
}
?>
I guess i would change the $body to this:
$body = "Please click the link to activate your email \n
http://www.activationlink.com?";
How would I make it so that if a user clicked that link it would add their details to the Mysql database recognising they are a legitimate subscriber?
Any help or suggestions appreciated. Thanks
755
What I like to do is:
Generate a unique, random ID in the registration process
Store the ID along with the E-Mail address, a "confirmed" field (default: "no") and any additional data in a database table
Send out the E-Mail with an URL pointing to activate the unique ID (e.g. domain.com/activate.php?id=102939505595
The activation page checks whether the unique key exists and changes the confirmed field to yes (or 1 or whatever).
Additionally and optionally, save the confirmation date/time, IP address and user agent.
196
Insert the user into a table with a 'pending' flag set (or a 'validated' flag not set). They should not be able to do anything until the flag is changed. If you want to be really thorough, actually put them into a users_temp table. Generate a totally random key and associate it with their user ID. The link you email to them should be http://yourwebsite.com/?activate=totallyrandomkeyigeneratedearlier. When you get an activation request, turn on the valid flag for the user with the corresponding random key.
38
no database needed. you can send all data in the hyperlink signed by hash
I've answered similar question recently even with expiration time.
though it was for the password recovery link, but idea is the same
$token = sha1($time.$email.$salt).dechex(time()).dechex($user_id);
$link = "http://".$domain."/restorepass/?token=$token";
whole token would looks like single hexdecimal number and it would be hard to guess it's meaning.
upon receive just split and decode it back.
Neat, IMO.
38
Personally I would add there details to the database and have a fields called "active" then when they click the activation link all you need to do is update this one field.
You could also have a "This was not me" link in the email and if they click this you remove all there details.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
