DISQUS

Building Browsergames: Building Browsergames: Implementing an e-mail confirmation system (PHP)

  • darren Hayles · 1 year ago
    Awesome, this is the first time i've used a script off the web that just worked. And it's neat and tidy, simple and not over complicated.
  • Tomasz Sterna · 10 months ago
    Pretty neat, but what is it usefull for?
    It certainly does not proove that the user is able to read email sent to the address she says she is.

    Once the user confirms one account (the real one) and learns the confirmation URL, will be able to "confirm" any email address she wishes. bill.gates@microsoft.com? Just enter http://website.com/confirm.php?email=bill.gates... in browser - voila!

    The real confirmation is to use some secret data (the templated URL is not secret) sent to the given e-mail address.
    You meay for example add another text column 'confirmation_token' to the DB, put some random string in it and send http://website.com/confirm.php?token=random_string to the given address. Then use the given token to flag validated in DB row. This way the user has no way of guessing the confirmation token unless she really got the email.
  • Luke · 10 months ago
    Hi Tomasz,
    You're definitely right about our e-mail system not being particularly
    secure - and using tokens would be a much better way to make it that way.
    However, it seems that everyone wants e-mail confirmations to work
    differently - which is why it's built the way it is. Modifying it from how
    it is now to working now to however you want it to instead should be simple
    enough.
  • Shade · 7 months ago
    Hi!

    I added this "confirmation_token". Have a look at this: http://pastebin.com/fd19ea57

    Oh and btw... i dont get any email after registering. :( But the the account is generated in the Databse.
    This is my register.php:
    http://pastebin.com/f3b82f8bb
  • Luke · 7 months ago
    If you're not getting an e-mail after registering, chances are your SMTP
    settings aren't configured properly in your php.ini. You'll probably need to
    talk to your webhost to see what they should be.
  • Shade · 7 months ago
    I got it now...it was just a wrong variable. ;)
    But the "confirmation_token" is free of errors.

    Anyway, thanks for answering!
  • Tem · 7 months ago
    Hey Shade, which variable was wrong? I've been trying to follow your code and I can't find the bug.
  • Helen Hunt · 8 months ago
    Thanks guys for this awesome and intuitive sample of how to implement email confirmation system.

    I can now go ahead and personalise it to meet my need. Great resource :)
  • antcox · 3 months ago
    Hey guys,

    I am trying to implement this system as part of your tutorial but I am having a couple of problems, perhaps stemming from the same error. When I test my registration page at this stage it attempts to load 'register-email.php' as a new page which does not exist, unless I have somehow missed that part. Also sometimes it will update the database with the registrants information but no email will be sent out. I understand this may have something to do with my php.ini which I do have access to but I do not understand what I should be looking for to remove the error.
    Thanks in advance for any help you can offer, also thanks for an amazing tutorial!
    Ant
  • sachit · 2 months ago
    i could not fix the mail ,does not send mail . Can we tell why?
    I think all the configuration is right but .....