Page 2
30 Apr
Admin

Creating Email Verification in PHP

PHP is used for developing web applications; we all are aware about this. However, PHP can be used for other things as well. Today, in this blog post; we will see how emails can be verified using PHP.

The common security feature during user registration process is email verification. It is necessary to create it as per the industry best practices in order to avoid certain security risks.

Here, we will see how email verification can be created with PHP?

Email Verification

First of all, let’s begin with registration form:

<form method=”post” action=”http://mydomain.com/registration/”>

<fieldset class=”form-group”>

<label for=”fname”>First Name:</label>

<input type=”text” name=”fname” class=”form-control” required />

</fieldset>

 

<fieldset class=”form-group”>

<label for=”lname”>Last Name:</label>

<input type=”text” name=”lname” class=”form-control” required />

</fieldset>

 

<fieldset class=”form-group”>

<label for=”email”>Last name:</label>

<input type=”email” name=”email” class=”form-control” required />

</fieldset>

 

<fieldset class=”form-group”>

<label for=”password”>Password:</label>

<input type=”password” name=”password” class=”form-control” required />

</fieldset>

 

<fieldset class=”form-group”>

<label for=”cpassword”>Confirm Password:</label>

<input type=”password” name=”cpassword” class=”form-control” required />

</fieldset>

 

<fieldset>

<button type=”submit” class=”btn”>Register</button>

</fieldset>

</form>

Later on, we will use this database structure:

CREATE TABLE IF NOT EXISTS `user` (
`id` INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`fname` VARCHAR(255) ,
`lname` VARCHAR(255) ,
`email` VARCHAR(50) ,
`password` VARCHAR(50) ,
`is_active` INT(1) DEFAULT ‘0’,
`verify_token` VARCHAR(255) ,
`created_at` TIMESTAMP,
`updated_at` TIMESTAMP,
);

Once this form is submitted then the input is to be checked. After input verification, new user is to be created:

// Validation rules
$rules = array(
‘fname’ => ‘required|max:255’,
‘lname’ => ‘required|max:255′,
’email’ => ‘required’,
‘password’ => ‘required|min:6|max:20’,
‘cpassword’ => ‘same:password’
);

$validator = Validator::make(Input::all(), $rules);

// If input not valid, go back to registration page
if($validator->fails()) {
return Redirect::to(‘registration’)->with(‘error’, $validator->messages()->first())->withInput();
}

$user = new User();
$user->fname = Input::get(‘fname’);
$user->lname = Input::get(‘lname’);
$user->password = Input::get(‘password’);

// You will generate the verification code here and save it to the database

// Save user to the database
if(!$user->save()) {
// If unable to write to database for any reason, show the error
return Redirect::to(‘registration’)->with(‘error’, ‘Unable to write to database at this time. Please try again later.’)->withInput();
}

// User is created and saved to database
// Verification e-mail will be sent here

// Go back to registration page and show the success message
return Redirect::to(‘registration’)->with(‘success’, ‘You have successfully created an account. The verification link has been sent to e-mail address you have provided. Please click on that link to activate your account.’);

Once the registration is complete, the account will remain inactive till the email has been verified. This feature confirms that user is the real owner of the email id and this helps to prevent spam, unknown email usage as well as information leaks.

It is a very simple process, once the new user is created; an email containing verification link is to be sent to the email id that was entered during registration process. Users will be unable to login and use web applications till the time he/she clicks on verification link and confirms the email address.

Regarding verification links, there are few thinks to note down: It must have a randomly generated token which must be long enough and useful for certain time period. The user identified must also be included so that potential attacks could not brute force across multiple accounts.

Wind up:

Whatever codes we have included here are only for educational purpose and are not completely tested. So, if you wish to use them in any web application then kindly test the same.

These are written in Laravel Framework however can be easily used in PHP. The verification code is valid up to 48 hours hence it will be good to use such application that can eliminate inactive users with expired verification codes.

Hope you liked this post. For more such updates about PHP; stay in touch with Softqube Technologies; provider of cost effective php development services.

Share:
Admin
Hari Patel
He is the Managing Director of Softqube Technologies Pvt. Ltd., a modern-day digital transformation, design and development service provider. We provide services to businesses of all verticals across the globe. He believe and live by a mission that he help more entrepreneurs to build, launch and grow profitable businesses.
contact
Are you looking for real talent for your dream projects?
Inquiry
We will respond you in within 24 hours
Do you have a project in mind?
Let's start your project
Quick Contact
We can give you a fast response via email, phone call or skype.
For business inquiries
Call us on
Let's Skype
Close
Inquire
Let’s make something awesome together!
Drop us a line, or give us a heads up if you’re interested in visiting us.
  • Accepted file types: docx, xlsx, ppt, pdf, jpg, gif, png.
  • 9 − 2 =
  • This field is for validation purposes and should be left unchanged.
100% secure and private