PHP email verification example tutorial, php email example
One of the most common security verifications in user registration is email verification. According to common industry practices, email verification is a very important practice to avoid potential security risks. Let us now discuss these best practices and see how to create an email verification in PHP.
Let’s start with a registration form:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | <form method= "post" action= "http://mydomain.com/registration/" >
<fieldset class = "form-group" >
<label for = "fname" >First Name:</label>
<input type= "text" name= "fname" class = "form-control" required />
</fieldset>
<fieldset class = "form-group" >
<label for = "lname" >Last Name:</label>
<input type= "text" name= "lname" class = "form-control" required />
</fieldset>
<fieldset class = "form-group" >
<label for = "email" >Last name:</label>
<input type= "email" name= "email" class = "form-control" required />
</fieldset>
<fieldset class = "form-group" >
<label for = "password" >Password:</label>
<input type= "password" name= "password" class = "form-control" required />
</fieldset>
<fieldset class = "form-group" >
<label for = "cpassword" >Confirm Password:</label>
<input type= "password" name= "cpassword" class = "form-control" required />
</fieldset>
<fieldset>
<button type= "submit" class = "btn" >Register</button>
</fieldset>
</form>
|
Copy after login
Next is the table structure of the database:
1 2 3 4 5 6 7 8 9 10 11 | CREATE TABLE IF NOT EXISTS `user` (
`id` INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`fname` VARCHAR(255) ,
`lname` VARCHAR(255) ,
`email` VARCHAR(50) ,
`password` VARCHAR(50) ,
`is_active` INT(1) DEFAULT '0' ,
`verify_token` VARCHAR(255) ,
`created_at` TIMESTAMP,
`updated_at` TIMESTAMP,
);
|
Copy after login
Once the form is submitted, we need to validate the user's input and create a new user:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | $rules = array (
'fname' => 'required|max:255' ,
'lname' => 'required|max:255' ,
'email' => 'required' ,
'password' => 'required|min:6|max:20' ,
'cpassword' => 'same:password'
);
$validator = Validator::make(Input::all(), $rules );
if ( $validator ->fails()) {
return Redirect::to( 'registration' )->with( 'error' , $validator ->messages()->first())->withInput();
}
$user = new User();
$user ->fname = Input::get( 'fname' );
$user ->lname = Input::get( 'lname' );
$user ->password = Input::get( 'password' );
if (! $user ->save()) {
return Redirect::to( 'registration' )->with( 'error' , 'Unable to write to database at this time. Please try again later.' )->withInput();
}
return Redirect::to( 'registration' )->with( 'success' , 'You have successfully created an account. The verification link has been sent to e-mail address you have provided. Please click on that link to activate your account.' );
|
Copy after login
After registration, the user's account remains invalid until the user's email is verified. This feature confirms that the user is the owner of the entered email address and helps prevent spam and unauthorized email use and information disclosure.
The whole process is very simple - when a new user is created, an email containing a verification link will be sent to the email address filled in by the user during the registration process. Before the user clicks the email verification link and confirms the email address, the user cannot log in and use the website application.
There are several things to note about verified links. The verified link needs to contain a randomly generated token that is long enough and only valid for a certain period of time. This is done to prevent network attacks. At the same time, the email verification also needs to include the user's unique identifier, so as to avoid potential dangers of attacking multiple users.
Now let’s see how to generate a verification link in practice:
1 2 3 4 | $code = str_random(32);
$user ->confirmation_code = $code ;
|
Copy after login
Once this verification is created store it in the database and send it to the user:
1 2 3 4 | Mail::send( 'emails.email-confirmation' , array ( 'code' => $code , 'id' => $user ->id), function ( $message )
{
$message ->from( 'my@domain.com' , 'Mydomain.com' )->to( $user ->email, $user ->fname . ' ' . $user ->lname)->subject( 'Mydomain.com: E-mail confirmation' );
});
|
Copy after login
Contents of email verification:
1 2 3 4 5 6 7 8 9 10 11 12 13 | <!DOCTYPE html>
<html lang= "en-US" >
<head>
<meta charset= "utf-8" />
</head>
<body>
<p style= "margin:0" >
Please confirm your e-mail address by clicking the following link:
<a href= "http://mydomain.com/verify?code=<?php echo $code; ?>&user=<?php echo $id; ?>" ></a>
</p>
</body>
</html>
|
Copy after login
Now let’s verify if it works:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | $user = User::where( 'id' , '=' , Input::get( 'user' ))
->where( 'is_active' , '=' , 0)
->where( 'verify_token' , '=' , Input::get( 'code' ))
->where( 'created_at' , '>=' , time() - (86400 * 2))
->first();
if ( $user ) {
$user ->verify_token = null;
$user ->is_active = 1;
if (! $user ->save()) {
return Redirect::to( 'verify' )->with( 'error' , 'Unable to connect to database at this time. Please try again later.' );
}
return Redirect::to( 'verify' )->with( 'success' , 'You account is now active. Thank you.' );
}
return Redirect::to( 'verify' )->with( 'error' , 'Verification code not valid.' );
|
Copy after login
Conclusion:
The code shown above is just a tutorial example and has not been adequately tested. Please test it before using it in your web application. The above code is done in the Laravel framework, but you can easily migrate it to other PHP frameworks. At the same time, the verification link is valid for 48 hours and expires after that. Introducing a work queue can handle expired verification links in a timely manner.
This article is an original translation by PHPChina. The original text is reprinted at http://www.phpchina.com/portal.php?mod=view&aid=39888. The editor believes that this article is of great learning value and would like to share it with everyone. I hope it will be useful to everyone. Everyone’s learning helps.
http://www.bkjia.com/PHPjc/1133031.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1133031.htmlTechArticlePHP email verification example tutorial, php email example One of the most common security verifications in user registration is email verification. According to the general industry practice, email verification is to avoid potential security...