Building Browsergames: Implementing an e-mail confirmation system (PHP)
May 9, 2008 – 8:00 amEven though you probably don’t need a user’s e-mail address, there are still some situations where you need to verify e-mail addresses. So today, I’ll walk you through building an e-mail verification system in PHP.
We’ll start off with our registration page from earlier, and build off of that. First off, we’ll add a column to our users table to track the user’s e-mail address(we’ll use this to confirm our user), along with another column to track whether they’ve confirmed their e-mail or not:
ALTER TABLE `users` ADD `email` TEXT NOT NULL; ALTER TABLE `users` ADD `confirmed` tinyint(1) NOT NULL DEFAULT 0;
Then, we’ll add an input box for the user’s e-mail address:
33 34 | E-mail Address: <input type='text' name='email' /><br /> <input type='submit' value='Register!' /> |
In order to send our confirmation e-mails, we’ll use PHP’s built-in mail() function. All we’re going to change in our code is what happens after a user registers - we’ll send them a quick little e-mail to say “hey, click here to confirm your e-mail address!”:
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | $email = $_POST['email']; $query = sprintf("INSERT INTO users(username,password,email) VALUES ('%s','%s','%s');", mysql_real_escape_string($_POST['username']), mysql_real_escape_string(md5($password)), mysql_real_escape_string($email)); mysql_query($query); $to = $email; $subject = 'browsergame e-mail address confirmation'; $message = " <p>Hey! Thanks for signing up for the browsergame. Click below to confirm your e-mail address.</p> <p><a href='http://website.com/confirm.php?email=$email'>below</a></p>"; $headers = 'From: webmaster@example.com' . "\r\n" . 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to,$subject,$message,$headers); ?> <span style='color:green'>Congratulations, you've registered successfully! A confirmation e-mail has been sent to the address you entered.</span> |
And if you run a quick test of your script, you should see the e-mail show up in the inbox of whatever e-mail you decided to test it with!
This is all well and good, but what about our actual confirm page? We’ll need one of those to actually mark a user as ‘confirmed’ after they click on the link in the e-mail we sent to them. So let’s create that page.
The confirm page is actually pretty easy. All it needs to do is take in an e-mail address, and then use that e-mail to update a specific user’s information within the database(you could modify it to work off of any unique attribute you wanted, really):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | <?php if($_GET) { $email = $_GET['email']; require_once('config.php'); $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE email = '%s' AND confirmed=0", mysql_real_escape_string($email)); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count >= 1) { $query = sprintf("UPDATE users SET confirmed=1 WHERE email = '%s'", mysql_real_escape_string($email)); mysql_query($query); ?> <span style='color:green'>Congratulations, you've confirmed your e-mail address!</span> <?php } else { ?> <span style='color:red'>Oops! Either that user doesn't exist, or that e-mail address has already been confirmed.</span> <?php } } ?> |
There’s really not that much to this one - all it does is look for users that have that particular e-mail address, and haven’t already confirmed their e-mail address. There’s nothing new in this code that you haven’t seen before.
And that’s all there is to e-mail confirmation! It’s really a lot simpler than you think. Here’s the revised registration page code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | <?php if($_POST) { $password = $_POST['password']; $confirm = $_POST['confirm']; if($password != $confirm) { ?> <span style='color:red'>Error: Passwords do not match!</span> <?php } else { require_once('config.php'); $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_POST['username'])); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count >= 1) { ?> <span style='color:red'>Error: that username is taken.</span> <?php } else { $email = $_POST['email']; $query = sprintf("INSERT INTO users(username,password,email) VALUES ('%s','%s','%s');", mysql_real_escape_string($_POST['username']), mysql_real_escape_string(md5($password)), mysql_real_escape_string($email)); mysql_query($query); $to = $email; $subject = 'browsergame e-mail address confirmation'; $message = " <p>Hey! Thanks for signing up for the browsergame. Click below to confirm your e-mail address.</p> <p><a href='http://website.com/confirm.php?email=$email'>below</a></p>"; $headers = 'From: webmaster@example.com' . "\r\n" . 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to,$subject,$message,$headers); ?> <span style='color:green'>Congratulations, you've registered successfully! A confirmation e-mail has been sent to the address you entered.</span> <?php } } } ?> <form method='post' action='register-email.php'>Username: <input type='text' name='username' /><br /> Password: <input type='password' name='password' /><br /> Confirm Password: <input type='password' name='confirm' /><br /> E-mail Address: <input type='text' name='email' /><br /> <input type='submit' value='Register!' /> </form> |
And here’s the confirmation page code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | <?php if($_GET) { $email = $_GET['email']; require_once('config.php'); $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE email = '%s' AND confirmed=0", mysql_real_escape_string($email)); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count >= 1) { $query = sprintf("UPDATE users SET confirmed=1 WHERE email = '%s'", mysql_real_escape_string($email)); mysql_query($query); ?> <span style='color:green'>Congratulations, you've confirmed your e-mail address!</span> <?php } else { ?> <span style='color:red'>Oops! Either that user doesn't exist, or that e-mail address has already been confirmed.</span> <?php } } ?> |
If you want to see it in action, you can check it out at the sample e-mail registration page, where the code you see above is being run.