validation link via email

RSM picture RSM · Jul 13, 2010 · Viewed 11k times · Source

When a user subscribes to my newsletter via their email address, using php, how would I send them an 'Activation Link' via email to confirm it is their email address and not a fake one.

so at the moment I have

PHP:

<?php
 $to = "[email protected]";
 $subject = "Hi!";
 $body = "Hi,\n\nHow are you?";
 if (mail($to, $subject, $body)) {
   echo "<p>Message successfully sent!</p>";
  } else {
   echo "<p>Message delivery failed...</p>";
  }
 ?>

I guess i would change the $body to this:

$body = "Please click the link to activate your email \n
http://www.activationlink.com?";

How would I make it so that if a user clicked that link it would add their details to the Mysql database recognising they are a legitimate subscriber?

Any help or suggestions appreciated. Thanks

Answer

Pekka picture Pekka · Jul 13, 2010

What I like to do is:

  • Generate a unique, random ID in the registration process

  • Store the ID along with the E-Mail address, a "confirmed" field (default: "no") and any additional data in a database table

  • Send out the E-Mail with an URL pointing to activate the unique ID (e.g. domain.com/activate.php?id=102939505595

  • The activation page checks whether the unique key exists and changes the confirmed field to yes (or 1 or whatever).

  • Additionally and optionally, save the confirmation date/time, IP address and user agent.