Confirmation e-mails for a site sign-up?

mattgaunt

mattgaunt

mattgaunt

Associate
Joined
20 May 2007
Posts
441
Hey everyone

I'm currently making a site where users are required to sign-up to use a service and I would like my site to send a confirmation e-mail the user and when they click the link in the e-mail it confirms the registration.

2 Main questions:

1. What is stored in the database throughout this process? just some sort of state for the user account which is changed when the confirmation link is visited?

2. Is the random set of characters that appear in the link just a hash key of some information of the user? Only problem i have with this is there must be the odd case where there could be a hash key which applies to 2 users, so how is this avoided?

Just wondered if anyone had any insight to this sort of thing??

Cheers
 
Have done one these recently. Ended up doing as you said, storing the statement of the usder account in a table.

As for your worries about a duplicate hash key, could either store all 'active' hashes in a table and at time of generating a new hash, do a quick check (maybe in a loop) against this table. If there is no match use the hash, otherwise generate a new hash and check that - although in reality you'd end up just checking a hash and using it as duplicates are unlikely (esp if you generating a relativley random hash, several chacrters long.
 
Just a suggestion but you could use a hash of the email address they supply at signup, assuming the email address is enforced to be unique.
 
Oooo no i remember I had exactly the same thought BUT putting that through the hash function doesn't guarantee a unique hash key.

Is it possible to just do a query to the database and say does this hashkey exist in the database? I haven't started using SQL or coding this up as I'm new to all this but I always look to have a good idea in my head about how to approach a problem before i begin coding anything.

Cheers
Gaunt
 
mattgaunt said:
Oooo no i remember I had exactly the same thought BUT putting that through the hash function doesn't guarantee a unique hash key.

Is it possible to just do a query to the database and say does this hashkey exist in the database? I haven't started using SQL or coding this up as I'm new to all this but I always look to have a good idea in my head about how to approach a problem before i begin coding anything.

Cheers
Gaunt
Click to expand...

As soon as read a basic tutorial on SQL you'll see exactly how its done. Even w3schools.com tells you how to search.
 
mattgaunt said:
Oooo no i remember I had exactly the same thought BUT putting that through the hash function doesn't guarantee a unique hash key.
Click to expand...

You could use the md5() function on the email address plus a salt, then store this value in a table along with a users user_id. Both the user_id and hash can be used to make up the url that is emailed to the user for verification. Then when the user clicks the link it activates their account.

Yes it is possible that two people with the different email addresses could have the same hash but does it really matter? All they would be able to do is activate someone elses account but to do that they would also need to know the user_id of the other user.
 
I know its going to be a rare occurences but this is a uni project and thinking these kinda things through is what i gotta do unfortunately, I just wanted to know I was working along the right lines cos I don't have any server side programming behind me really.

Cheers for the help
 
You must log in or register to reply here.
Back
Top Bottom