This is a more focused question triggered by an earlier posting here. I need to authenticate a user’s email address by proving he/she has access to it. I’ve copied below a generic email authentication you’d expect to see when joining a developer forum or user group. As part of the registration process, you’d provide your email address, and then you’d get an email asking you to click on something to verify your email address.
I need to code whatever happens when a user clicks on the link in the email. So my question is — how do I do that?
What technologies are involved? Can anyone walk me through the steps? I prefer Java or Linux scripting language like bash. Better yet, is there any software developed for this purpose I can install on my Linux server and somehow integrate it to talk with my database? How is this done in practice? I don’t want to reinvent something if it’s already available.
To confirm your email address of:
youremail@yourdomain.net
please send a short reply to this address:
users-sc.1496854427.ckdpbmhncdlkjadkajfpecc-mylist=yourdomain.net@listdomain.com
Usually, this happens when you just hit the "reply" button.
If this does not work, simply copy the address and paste it into
the "To:" field of a new message.
or click here:
mailto:users-sc.1496854427.ckdpbmhncdlkjadkajfpecc-mylist=yourdomain.net@listdomain.com
This confirmation serves two purposes. First, it verifies that I am able
to get mail through to you. Second, it protects you in case someone
forges a subscription request in your name.
Some mail programs are broken and cannot handle long addresses. If you
cannot reply to this request, instead send a message to
<users-request@listdomain.com> and put the
entire address listed above into the "Subject:" line.
In your user database you need to have a staging users table (or in the main users table add a column indicating whether the user is active and default the indicator to “no”). When the user first registers, you generate a unique hash code from part of the user’s info, e.g. Use md5 on user primary key and name (or some other set of user’s variables which you can get back by decrypting) . Make this hash code a query string parameter in the link you send to the user. Finally, when the user clicks on the link, get the hashcode from the query string, decrypt it and match the decrypted values to the user row in your database. If a match is found, set the “active” indicator to true, and presto. Alternately, if you used a staging table, then move the user record to the “active users” table which you use to do your authorization on.