Email confirmation email upon registration, how?

hi guys, second last thing I need to figure out (last is just sanitizing all my input correctly :)).

I tried searching the site but couldn’t find anything.

I want to send an email to the successfully registered user that contains a link that they must click to activate the account - the account will not work until the link is clicked.

I have a few very rough guesses…

  1. have an ‘activated’ (0 or 1) and a ‘code’ field in the users table

  2. create activate.php

  3. create a random string, insert it into the ‘code’ field.

  4. send an email with link to activate.php?code=the-random-code

  5. check the-random-code in the users db

  6. activate that user if it is there

is that about right? if so, how do you send an email in php! hah.

That is about right! Check out php’s mail() function.

PHP: mail - Manual

Oh, too easy! :slight_smile:

I shall begin. Thanks again for your help Zurev. :slight_smile:


$activated = mysqli_query($link, "SELECT activated FROM members WHERE username = '$username');
$result = mysqli_fetch_assoc($activated);
					if ($result != 1) {
						$error = 'Error.';
						include 'error.php';
						exit();
					}

I know that is the wrong way to go about it… can someone please explain to me the correct way to check if the result of a query is either 0 or 1 (activated is stored as either 0 or 1 in the db).

best I have come up with is:


$activated = mysqli_query($link, "SELECT * FROM members WHERE username = '$username' AND password = '$password' AND activated='1'");
$result = mysqli_num_rows($activated);
					if ($result != 1) {
						$error = 'You are not activated.';
						include 'error.php';
						exit();
					}
else
login is fine etc

seems to work, but something tells me it isn’t the best way. if anyone can give their opinion that would be wonderful.

A side note: NULLify the activation code field once it has been used. One good reason for doing so is that for example you ban a user and set the “activated” field to 0. The user goes through his emails and click the activation link again and your script would activate the account.

$activated = mysqli_query($link, "SELECT activated FROM members WHERE username = '$username'");
$result = mysqli_fetch_assoc($activated);
if ($result === false || $result["activated"] == 0) {
    // if no record found OR activated field was 0 (or NULL)
    $error = 'Error.';
    include 'error.php';
    exit();
}

Honestly didn’t think of that, implementing right away. Thank you!

And thanks again, I didn’t know how to do the $result[“activated”] part at all, and definitely good to check if it’s empty too heh. Thanks, I greatly appreciate it… I can now move on to sanitizing all my code. :slight_smile: