[RESOLVED] Account Activation Help

Megahertza

I have a simple account authentication system on a mysql db. I'm building a resgistration page now and i want to be able to verify a users email befor making them a account. I'm looking ideas on how a verification system will work.

What i have planned is a new column in my user table with a YES on a NO depending on if they are activated. When a user is added to the table a NO will be added. A link from a email sent to the user will link to a page which will update the user record to a YES.

Any ideas welcome

Drakla

send them an email link with a checksum in it generated from part of their account that doesn't change, like their username. Can be as simple as the md5 of their username concatenated with a salting string. Include a piece of info to recognise them in the link, like their userid or username, then recreate the checksum your end when they click through.

herve

You can also generate a random number (big : 64 , 128 bits) and store that number
in the record of the user, at creation time.

Send them an email with an URL like this :

[url]http://your_server.com/register.php?s=A145B4C8F9AA5236[/url]

where "A145B4C8F9AA5236" is the random number in hexadecimal.

When the register.php is call, you just search in the database the record with
the same number and activate the corresponding account.

If someone wants to activate an account with a fake email, he will have to
submit all possible numbers ... which will be long 🙂

Megahertza

Thanks guys