I am trying to make a little system where a user signs up to my site and they get one of those emails that has a link in which they click to activate their account.
So far I am thinking of doing it the following way:
- User signs up and presses submit.
- A long random string is created and put into the database against this new "inactive" account.
- An email is sent to the address the user gave, containing a link to say "www.mysite.com/userclass/validationmethod/user@email.com/3423frqfafkop2341o43". The last bit being the validation code.
- The user clicks the link.
- The email and code match up to the account just created. The account is marked as validated/active.
- The validation code that is stored in the database is deleted or marked as used??
What are your thoughts on this? Is this the best way to do it? As a little extra question, do I need to urlencode that email address?
I have gone with the following which seems to work well. Just have to add the database functions and it's sorted:
public function verifyAccount($vCode, $email) {
$email = urldecode($email);
if($userId = $this->model->userIdByEmail($email))
{
$actualCode = $this->model->getUsersVerificationCodes('code', 'userId', $userId);
if($actualCode != $vCode)
{
$output = 'Invalid code or email.';
} else {
$output = 'Success!';
}
} else {
$output = 'Invalid code or email.';
}
echo $output;
}