PHP Web Fundamentals
Program: Website Account (De)activator
When users sign up for your website, it’s helpful to know that they’ve provided you with a correct email address. To validate the email address they provide, send an email to the address they supply when they sign up. If they don’t visit a special URL included in the email after a few days, deactivate their account.
This system has three parts. The first is the notify-user.php program that sends an email to a new user and asks that user to visit a verification URL. The second is the verify-user.php page that handles the verification URL and marks users as valid. The third is the delete-user.php program that deactivates accounts of users who don’t visit the verification URL after a certain amount of time.
Example SQL for user verification table
CREATE TABLE users (
email VARCHAR(255) NOT NULL,
created_on DATETIME NOT NULL,
verify_string VARCHAR(16) NOT NULL,
verified TINYINT UNSIGNED
);
What’s is the minimum amount of information necessary for user verification. You probably want to store more information than this about your users. When creating a user’s account, save information to the users table, and send the user an email telling him how to verify his account. The code in example assumes that the user’s email address is stored in the variable $email.
Example notify-user.php
// Connect to the database
$db = new PDO('sqlite:users.db');
$email = 'david';
// Generate verify_string
$verify_string = '';
for ($i = 0; $i < 16; $i++) {
$verify_string .= chr(mt_rand(32,126));
}
// Insert user into database
// This uses an SQLite-specific datetime() function
$sth = $db->prepare("INSERT INTO users " .
"(email, created_on, verify_string, verified) " .
"VALUES (?, datetime('now'), ?, 0)");
$sth->execute(array($email, $verify_string));
$verify_string = urlencode($verify_string);
$safe_email = urlencode($email);
$verify_url = "http://www.example.com/verify-user.php";
$mail_body=<<<_MAIL_
To $email:
Please click on the following link to verify your account creation:
$verify_url?email=$safe_email&verify_string=$verify_string
If you do not verify your account in the next seven days, it will be deleted.
_MAIL_;
mail($email,"User Verification",$mail_body);
The verification page that users are directed to when they follow the link in the email message updates the users table if the proper information has been provided.
Example verify-user.php
// Connect to the database
$db = new PDO('sqlite:users.db');
$sth = $db->prepare('UPDATE users SET verified = 1 WHERE email = ? '.
' AND verify_string = ? AND verified = 0');
$res = $sth->execute(array($_GET['email'], $_GET['verify_string']));
var_dump($res, $sth->rowCount());
if (! $res) {
print "Please try again later due to a database error.";
} else {
if ($sth->rowCount() == 1) {
print "Thank you, your account is verified.";
} else {
print "Sorry, you could not be verified.";
}
}
The user’s verification status is updated only if the email address and verify string pro‐
vided match a row in the database that has not alread,y been verified. The last step is the
short program that deletes unverified users after the appropriate interval.
Example delete-user.php
// Connect to the database
$db = new PDO('sqlite:users.db');
$window = '-7 days';
$sth = $db->prepare("DELETE FROM users WHERE verified = 0 AND ".
"created_on < datetime('now',?)");
$res = $sth->execute(array($window));
if ($res) {
print "Deactivated " . $sth->rowCount() . " users.\n";
} else {
print "Can't delete users.\n";
}
Run the program once a day to scrub the users table of users that haven’t been verified. If you want to change how long users have to verify themselves, adjust the value of $window, and update the text of the email message sent to users to reflect the new value.
No comments:
Post a Comment