Hey all,
I am creating a login script that in one step, enters the new user into a text file, creates a new directory for that user, sends the user a code, and then the user has to enter the code to validate that he/she is real.
First question is about the code that is emailed:
a random number is created and sent to the new user. The new user in theory keeps his browser window open, and enters the code into the page. Once this happens, he clicks submit. I want to be able to compare the random number that was generated when the user created the account, to the one he received in the email using an IF statement.
$randNumber = rand();
<form id="form1" name="form1" method="post" action="">
<span id="sprytextfield1">
<label>Activation Code
<input type="text" name="actcode" id="actcode" />
</label>
<span class="textfieldRequiredMsg">Please Enter Your activation Code To Continue.</span></span>
<input name="Activate Account" type="submit" value="Activate Account" />
Something like: IF( $randNumber == 'actcode'){
redirect}
else{
re-load}
How do I make the variable “$rand” which is created upon page load, compare to what the user enters when he hits “activate account”?
Thanks!
if you create a random number then it will always be random.. if the user closes the window he has to do the validation again,.
it is better to create a hash (md5() or sha1()) of his email-id (+ any other details he provided) and mail it to him.
if you want others not to predict the secret validation code then you better use some text manipulation on that hash.
example:
define a hash function
the generated url will be http://domainnname.com/verify.php?username=foo&email=bar@domain.com&hash=jr6u9ghj78gjkk76fv
now you can verify the user by taking his username and email and running the same function to create hash and then comparing it with them hash in the url