I’m looking for an industry proven method to verify a users email as part of a login process.
That is, the user logs into a site (using email and password) and if valid, the system auto-generates an email to that address for the user to click on within a 30 minute time window to complete the log in process.
My language preference to implement this would be (listed in order of preference): Flex/ActionScript, HTML, Java, or PhP.
Are there any proven routines that can be “dropped” into an application that take care of this?
I dont know whether they are industry proven or not but works for me.
Two ways:
At the time of registeration, add a very long unique string in column ‘verify’ in your database along with other fields like ‘username’, ‘password (hash)’ etc.
Now, send a link of your website’s page (e.g. verify.jsp) to the mentioned email with that unique no and his email as querystring.
xyz.com?verify.jsp?str= &email=
Now, on verify.jsp , check if str and email values exits in database. It then change them to 1 (verified).
Now at login, check if verify column is 1 or not.
I recommend 1st way and I have seen it on many websites.