My guess would be to generate an md5 or whatever type of encoding based upon their IP, time, name, or whatever info you want (depending on length). Then, just post that concatenated variable into the database, and tack it on at the end of the link as something like ?confirm=....
Then, just check that confirm == database_value.
<?php
$new_confirm = base64_encode($_SERVER['REMOTE_ADDR'].date("r"));
// Encode the IP address, and current time.
//You can encode whatever you want, including a random word.
/*
Run through your basic queries to email the user, and insert into
the database the $new_confirm variable.
*/
/*
When the user clicks the link, you grab the variable and check against the database value.
The link would probably be formatted as so:
domain.com/confirm.php?address=someone@domain.com&confirm=s0m3_Ba5lc_t3xt
*/
$confirm = $_REQUEST['confirm'];
$email = $_REQUEST['address'];
$result = mysql_query("SELECT * FROM `users` WHERE address = '$email' LIMIT 1");
$row = mysql_fetch_array($result);
if($row['confirm'] == "confirmed"){
// Already confirmed, no need to re-confirm.
echo "You've already activated/confirmed this address";
}
else{
if($confirm === $row['confirm']){
// Proper confirmation. Update what you need.
$update = mysql_query("UPDATE `users` SET confirm = 'confirmed' WHERE address = '$email'");
if(!$update){
// No update, some error.
echo "Update error.<br>".mysql_error();
}
else{
// Update fine, we're done.
echo "Successfully confirmed your address.";
}
}
else{
// Nope. Didn't confirm.
echo "Sorry, we were unable to confirm at this time. Please try again later.";
}
}
?>
Hope that helps.
~Brett
