The user receives an email after registering and must click on a link in the email to confirm his/her account before being able to login.
Using a system like this prevents bogus registrations from being used. If an invalid email is entered, that account cannot be activated. If someone registered another person's email, that person would not be able to activate the account.
A unique activation code is created for each registered user, to be stored in the users table. The code is sent in the confirmation email to the user in a link. When the user clicks the link, he./she'll be taken to the activation page that removes the code from the record. This is to keep people from being able to activate accounts without receiving the confirmation email.
<?php
echo "<h2 align=center>Activation</h2>";
// validate $_GET['x'] and $_GET['y']
$x=$y=FALSE;
if (isset($_GET['x']) && preg_match('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $_GET['x'])) {
$x = $_GET['x'];
}
if (isset($_GET['y']) && (strlen($_GET['y']) == 32)) {
$y = $_GET['y'];
}
// check if $x and $y are correct
if ($x && $y) {
// update the database
include('db_connect.php');
// define the query
$query = "UPDATE " . TABLE_NAME . " SET active=NULL WHERE (email='" . mysql_real_escape_string($x) . "' AND active='" . mysql_real_escape_string($y). "') LIMIT 1";
// run the query
$r = mysql_query($query) or trigger_error("Query: $query<br />MySQL Error: " . mysql_error());
// report on the result
// if one row is affected then return true.
if (mysql_affected_rows($link) == 1) {
echo "<h3 align=center>Your account is now active. You may now login.</h>";
}
else {
echo "<h3 align=center>Your account could not be activated. Please recheck the link or contact the system administrator.</h3>";
}
}
// include the footer
include('footer.html');
?>
</p>
</body>
</html>
|