[RESOLVED] Changing an email address for an account

everythingis

What are your thoughts on allowing a user to change their email address for their account?

Right now I don't make them use their email to log in, only their username. But because I send an email to activate the account, I wonder if I really should bother letting them change it on their profile.

But then again, email addresses change, so what do you think is the most reasonable solution?

bradgrafelman

everythingis wrote:
But then again, email addresses change, so what do you think is the most reasonable solution?

Hold the change in limbo, send a new activation e-mail to the new e-mail address, and only update their profile information with the new address after they've clicked on the link in the new activation e-mail.

everythingis

I've got my script set up to send a new activation link, my only question is how to hold the new email address in limbo until they click the link, and how to capture the new email address to update the database.

For instance, if they close their browser & lose the session and no cookies were enabled, how will I store and retrieve the new email address?

I wa toying around with the idea to just deactivate their account until the new email is validated & reactivate it when they click the link, but I don't want the user to lose functionality.

So right now I have the change email section:

edit_account_settings.php

//******************************************BEGIN EDIT EMAIL FORM***************************************//
if (isset($_POST['parse_var']) && $_POST['parse_var'] == 'form_new_email'){

$new_email = $_POST['new_email'];
$confirm_email = $_POST['confirm_email'];


$new_email = mysql_real_escape_string($_POST['new_email']);
$confirm_email = mysql_real_escape_string($_POST['confirm_email']);
$emailChecker = mysql_real_escape_string($new_email);

// Add MD5 Hash to the password variable
$db_password = md5($password); 

//ERROR HANDLING
if ($new_email != $confirm_email) {
	$error_msg = "<br />Error: Email Address Did Not Match.<br /><br />";
}

if (empty($new_email) || empty($confirm_email)) {
	$error_msg = "<br />ERROR: Missing Fields Required.<br /><br />";
}else {	

 	if (!empty($new_email)){
	$validEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
		if (!preg_match($validEmail, $new_email)){
			array_push($missing, 'email');
		}
	} if (!$suspect && empty($missing)){

$sql_email_check = mysql_query("SELECT email, password FROM member_profile WHERE email='$emailChecker' AND password='$db_password' AND user_id='$user_id'");
$email_check = mysql_num_rows($sql_email_check); 

if ($email_check > 0){ 
		$error_msg = "<br />ERROR: Your New Email address is already in use.<br /><br />";
} else 
$success_msg = "<br />A Message Has Been Sent to Your New Email Account<br />
			 				Please Verify the Change by Going to Your Inbox.<br /><br />";

//!!!!!!!!!!!!!    Email User the New Email Verification   !!!!!!!!!!!!!!!!
    $to = "$new_email";

$from = "admin@sodidwe.com";
$subject = "so.did.we Account Settings Changed: Confirm New Email Address";
//Begin HTML Email Message
$message = 

  "Hi $firstname,

   Please complete this step to verify your new email address at so.did.we.

   Click, or copy and paste the link below into your browser address bar:

   http://www.sodidwe.com/activate_new_email.php?user_id=$user_id&sequence=$db_password

   See you on the site!
   admin@sodidwe.com

   so.did.we
   where strangers become friends"   

   ;
   //end of message
	$headers  = "From: $from\r\n";
    $headers .= "Content-type: text/plain";

mail($to, $subject, $message, $headers);

//!!!!!!!!!!!!!    End Email   !!!!!!!!!!!!!!!!!!
		}//END EMAIL CHECK 
	}//END IF FOR EMAIL VALIDATION
	}//END ELSE FOR MISSING FIELDS	


}//***************END NEW EMAIL FORM

Then, when they click the link, I still haven't created the update query because I wasn't sure how to capture the new address from the other script.

halojoy

How can we hold 2 emails in one user's row?

I have personally found out that it is very good to have an extra field in user record.
There can be stored: activation codes, extra email etc.

Usually we also have a field called: status
Depending on what 'status' we may figure out/know what the extra field holds.

status can be:
- awaiting registration
- banned
- active (normal user)
- new email

As you may know, it is quite easy to add a new field to table

ALTER TABLE tbl_name
ADD COLUMN col_name column_definition
AFTER this_colname

'AFTER this_column' means where to put it among the fields

everythingis

What an easy, logical, and simple solution! And I was expecting to have to write some insane script that would take me 5 days.

Awesome, thanks!

wilzy1

Why create a whole new field in a DB when u can just edit the cell for that particular row?

bradgrafelman

wilzy1;10949964 wrote:
Why create a whole new field in a DB when u can just edit the cell for that particular row?

Did you read the whole point of the thread? The OP didn't want to alter the e-mail address right away (thus losing the old value) until after the user had clicked an activation link.