mailing list with email verification

ii2php

need help finding a tutorial or some guidelines on building a mailing list system that'd allow visitors to my site to suscribe to the list and specifically join the list only upon email confirmation
(when they reply to the email)

i'm quite sure how to set up the rest, but stumped at the email verfication part.

thanks

FrozNic

never done it per say, but .. as a thought:

setup the db like this:

table:
regCheck

fields:
id, name, email address, verification number, enabled (flag)

.........................

then, when they reg, have a function create their verification number, using a random set of numbers, and their email address, encoded into a string. then send it to them in an email like this:

http://domain/reg.php?num=Kdsf kGkds;j 0ewi08d)*&$

or whatever

then, when they get the email and click it, it loads the page and does a query on that $num in the dbase, and if it's there, and the page loads, make it enabled.

there are variations u could do with this of course, but it's just a thought of how to do it.

zeb

Here's what I have done with MySQL:
Add two fields to the database - 'Confirmation_Hash' and 'Is_Confirmed'. When they register, set the 'Is_Confirmed' field to 'no' (or 0), and insert a hashed string into the 'Confirmation_Hash' field. This hash string should be the hash of the combination of their e-mail address and a special string only known by you.

$special_string = 'my secret sentence.';
$hash = md5($email.$special_string);

When you send the e-mail to them, add a link in the body of the message which has the hash value and the e-mail address in it (the e-mail address needs to be URL encoded with urlencode()).

$encoded_email = urlencode($_POST['email']);
$message = "click on this link:
http://yourSiteHere/confirm.php?hash=$hash&email=$encoded_email
to activate your account"

Sending the hash and the e-mail in the link with the message body will allow you to confirm that the neither the e-mail address nor the hash # have been tampered with. Once the confirm page gets loaded with the hash and e-mail address after the '?', PHP generate a new hash based on the encoded e-mail address and compare it to the hash in the link. It will then query the data base to compare the hash and e-mail values in the link with the hash and e-mail values stored in the database... that code would look something like this:

	$new_hash = md5($_GET['email'].$special_string);
	if ($new_hash && ($new_hash == $_GET['hash']))
		{$query = "SELECT username
                   FROM tableName
                   WHERE Confirmation_Hash = '$new_hash'";
		$result = mysql_query($query);
    	if (!$result || mysql_num_rows($result) < 1)
    		{$feedback = 'ERROR - Hash not found';
    		return $feedback;}
    	else
	    	{// Confirm the email and set account to active
			$email = $_GET['email'];
			$hash = $_GET['hash'];
			$query = "UPDATE tableName
                     SET email='$email', Is_Confirmed='1'
                     WHERE Confirmation_Hash='$hash'";
			$result = mysql_query($query);
			return 'true';}
		}
	else
		{$feedback = 'ERROR - Values do not match';
		return $feedback;}

Once it passes, the 'Is_Confirmed' value is set to 'yes' (or 1).

I hope that helps.

[EDIT] sorry FrozNic, I didn't see your post when I started writing mine... I guess that took me a while (nothing better to do on a Monday) 🙂 Anyway, just another approach.[/EDIT]

ii2php

this is great!

thanks