Forum Tutorial - Email Verification

Submitted by Yorkiebar on Saturday, March 1, 2014 - 22:08.
Introduction: This tutorial will be covering how to add email verification to your user account registration page. As a base for this tutorial, I will be using my already made series of pages from my forum creation series which can be found on my account tracking page (there's around 20 parts!). The Theory: The way this verification is going to work is; The user will enter their email upon registration. A ticket will be created and stored in our database containing a unique string which will be emailed to the users email address. The email will be sent with a link to a new page along with the unique string for verification. The new page will check the email against the unique string in our database and if they match it will verify their email in the users table. Database Tables: We will need two tables in our database for this process, one of which I already have which is the users table. It currently consists of the following structure: ID - INT - 5 Length - Primary Key - Auto Increment/AI/A_I username - VARCHAR - 255 Length password - VARCHAR - 255 Length There are two changes that need to be made to the table, one which will hold the email, the other will contain whether the email is verified or not. The structure for the two new columns (add them at the end of the table) are: email - VARCHAR - 255 Length verified - TINYINT - 1 Length The other table we need is one to hold the currently opened email verification tickets. We will call the table "verifications" and it will consist of the following structure: ID - INT - 5 Length - Primary Key - Auto Increment/AI/A_I user - VARCHAR - 255 Length ticket - VARCHAR - 255 Length Registration Page: We need to make the user enter their email upon registration so we are going to add it to the HTML form and process the entered data through PHP to add it with the other information to create the new user account...
  1. <form action='register.php' method='POST'>
  2.         <table>
  3.                 <tbody>
  4.                         <tr>
  5.                                 <td>Username: </td><td><input type='text' name='user' /></td>
  6.                         </tr>
  7.                         <tr>
  8.                                 <td>Email: </td><td><input type='text' name='email' /></td>
  9.                         </tr>
  10.                         <tr>
  11.                                 <td>Password: </td><td><input type='password' name='pass' /></td>
  12.                         </tr>
  13.                         <tr>
  14.                                 <td></td><td><input type='submit' value='Register' name='reg' /></td>
  15.                         </tr>
  16.                 </tbody>
  17.         </table>
  18. </form>
  1. <?php
  2.         session_start();
  3.         $con = mysqli_connect('localhost', 'root', '', 'forumTutorial');
  4.         if (isSet($_POST['reg']) && isSet($_POST['user']) && isSet($_POST['pass']) && $_POST['user'] != '' && $_POST['pass'] != '') {
  5.                 $pass = $_POST['pass'];
  6.                 $passMD5 = md5($pass);
  7.                 $user = $_POST['user'];
  8.                 $email = $_POST['email'];
  9.                 $q = mysqli_query($con, "SELECT * FROM `users` WHERE `username`='$user'");
  10.                 if (mysqli_num_rows($q) > 0) {
  11.                         echo 'That username is already taken.';
  12.                 }else{
  13.                         $qq = mysqli_query($con, "INSERT INTO `users` VALUES ('', '$user', '$passMD5', '$email', '0')");
  14.                         if ($qq) {
  15.                                 echo 'Registered successfully!';
  16.                         }else
  17.                                 echo 'Failed to register.';
  18.                 }
  19.         }
  20. ?>
The above code adds the email to the new user account row along with the other information. The next script we need is one that will generate a random string (let's say, eight (8) characters) and store it along with the entered email ready for verification...
  1. function generateRandomString($length = 8) {
  2.         $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  3.         $randomString = '';
  4.         for ($i = 0; $i < $length; $i++) {
  5.                 $randomString .= $characters[rand(0, strlen($characters) - 1)];
  6.         }
  7.         return $randomString;
  8. }
  9. function inTable($con, $ticket) {
  10.         $q = mysqli_query($con, "SELECT * FROM `verifications` WHERE `ticket`='$ticket'");
  11.         if (mysqli_num_rows($q) > 0){
  12.                 return true;
  13.         }
  14.         return false;
  15. }
  16. if (isSet($_POST['reg']) && isSet($_POST['user']) && isSet($_POST['pass']) && $_POST['user'] != '' && $_POST['pass'] != '') {
  17.         $pass = $_POST['pass'];
  18.         $passMD5 = md5($pass);
  19.         $user = $_POST['user'];
  20.         $email = $_POST['email'];
  21.         $q = mysqli_query($con, "SELECT * FROM `users` WHERE `username`='$user'");
  22.         if (mysqli_num_rows($q) > 0) {
  23.                 echo 'That username is already taken.';
  24.         }else{
  25.                 $qq = mysqli_query($con, "INSERT INTO `users` VALUES ('', '$user', '$passMD5', '$email', '0')");
  26.                 $ticket = generateRandomString();
  27.                 while (inTable($con, $ticket)) {
  28.                         $ticket = generateRandomString();
  29.                 }
  30.                 $q = mysqli_query($con, "INSERT INTO `verifications` VALUES ('', '$user', '$ticket')");
  31.                 $mail = mail($email, 'Verification Email', 'Please click the following link to activate your email address; http://yoursitehere.com/verify.php?ticket='.$ticket);
  32.                 if ($qq && $q && $mail) {
  33.                         echo 'Registered successfully! Verification email has been sent to '.$email;
  34.                 }else
  35.                         echo 'Failed to register.';
  36.         }
  37. }
So the above code generates a random string of eight characters, it then checks to see if the string already exists, if it does it generates another new one. If the string is new and does not already exist within the database table then it adds it as a new row to the verification table along with the entered email and a blank ID (since the ID is unique and AI within MySQL itself). The above code also sends the email with a link to verify their email address with and outputs a new message containing the email the verification link was sent to. Verify.php: Finally we need to write the actual verification script through our new verify.php page that we are going to create. First we create a variable which will contain the message we are going to output later - we create it first outside of any enclosed code blocks because otherwise it could generate an error later due to failed information from the link. Next we check to see if the ticket is set within the URL (through a PHP GET statement) - if it is we put it in to a variable, otherwise we set the message variable to an error message value. If the variables are set, we check to see if there is a row containing the ticket id is within our "verification" table, if there is then the information is correct so we set the value of the message variable to a congratulations message and we mark the user account "verify" column in the "users" table as true to mark that they have verified their email address, if the row doesn't exist, the information is incorrect and again we set the value of the message variable to an error.
  1. <?php
  2.         session_start();
  3.         $con = mysqli_connect('localhost', 'root', '', 'forumTutorial');
  4.         $message = '';
  5.         if (isSet($_GET['ticket'])) {
  6.                 $ticket = $_GET['ticket'];
  7.                 $q = mysqli_query($con, "SELECT * FROM `verifications` WHERE `ticket`='$ticket'");
  8.                 if (mysqli_num_rows($q) > 0) {
  9.                         $info = mysqli_fetch_array($q);
  10.                         $user = $info['user'];
  11.                         echo $user;
  12.                         $qq = mysqli_query($con, "UPDATE `users` SET `verified`='1' WHERE `username`='$user'");
  13.                         if ($qq) {
  14.                                 $message = 'Verified!';
  15.                         }else{
  16.                                 $message = 'An error occurred.';
  17.                         }
  18.                 }else{
  19.                         $message = 'That ticket ID was not found.';
  20.                 }
  21.         }else{
  22.                 $message = 'Error, ticket ID not set.';
  23.         }
  24. ?>
Verify.php HTML: Finally we want to output the message we have written through HTML - we do this instead of just using a simple print/echo statement through PHP because we can format this text through CSS - although I am not covering CSS in this series of forum creation tutorials, maybe in the future?
  2.         <head></head>
  3.         <body>
  4.                 <p id='styleThis'><?php echo $message; ?></p>
  5.         </body>
  6. </html>
Tags
HTML
php
Create
Forum
email
User
Verification

Add new comment

About text formats
  • 120 views