Activation e-mail [closed]

1

I have a user registry which sends the completed data by email correctly.

Now I wanted a link that goes together by email for user activation. Only after clicking the link would the user be properly recognized by the system.

How could I do this, if possible, with the CodeIgniter I already use?

    
asked by anonymous 03.08.2014 / 23:25

2 answers

2

I'm not going to respond based on CodeIgniter either because it does not work with CodeIgniter or because it would limit the use of the response to those using that framework.

User activation depends on conditioning the value of a given column in the user registry, so if it does not already exist, you must create it.

It may even be a CHAR field, after all we would store in it only an integer-boolean 0 (zero) if the user has not been activated and 1 (one) has. For the purpose of the answer, we'll call this field isActive .

The activation link must contain some value to be conditioned to perform the UPDATE. It may even be the user ID, but if you need a little more security, continue reading below.

Sending the email, you already know how to do it, just include in the body of the message a link that represents a valid action in your Application, such as:

domain.com/users/activate/123

In the action corresponding to this link you query the record for the received ID (WHERE). If found, you check the value of our isActive column. If it equals zero, you do the UPDATE:

UPDATE 'users' SET 'isActive' = 1 WHERE ID = XXX

Obviously XXX is the value received.

If it is already 1 (one), you will see an error message or warning that the user is already activated.

From this point on, any action in your User-Dependent Application is active on your system, you check if the flag value is 1 (one).

But not all features need this verification. Editing the User Profile, for example, is one such case (if applicable).

As for the issue of additional security, you can have an extra column in the user registry with a unique hash for each user. This hash can be anything like a uniqid () generated at the time of registration ..

Instead of sending the user ID in the email (and consequently conditioning the activation with that same value), you use this hash which is theoretically harder to violate than a simple integer.

    
04.08.2014 / 02:40
0
  

TBL-USERS
name | Contact Us | ... | status | code-validate


When the user is inserted into the DB, a hash will be created that you can write to code-validate and status keeps it off. The email goes with a link and the reference of code-validate , something like: site.com/user/active?XXX .

On the active page you will validate code-validate and change status from user to true.

    
04.08.2014 / 00:18