I will not respond based on Codeigniter either because it does not work with Codeigniter and also because it would limit the use of the response only to those who use this framework.
User activation depends on conditioning the value of a particular column in the user record, so if it does not yet exist, you must create it.
It can be even a field of type CHAR, after all we would store in it only an integer-boolean 0 (zero) if the user has not activated Io and 1 (one) if it has. For the purpose of the answer, we will call this field isActive.
The activation link must contain some value to be conditioned to perform the UPDATE. It might even be the user ID, but if you need a little more security, keep reading below.
Send the email, you already know how to do so just include in the body of the message a link that represents a valid action in your Application, as:
domain.com/users/activate/123
In the action corresponding to this link you consult the record referring to the ID received (WHERE). If found, you check the value of our column isActive. If it is zero, you do the UPDATE:
UPDATE `users` SET `isActive` = 1 WHERE ID = XXX
Obviously XXX is the amount received.
If it is already 1 (one), you display an error message or warning that that user is already activated.
From this point on, any action in your Application that depends on the user being active on your system, you check whether the value of this flag is 1 (a).
But not all resources need this check. Editing the User Profile, for example, is one such case (if applicable).
As for the issue of additional security, you may have an extra column in the user registration with a hash unique to each user. This hash can be anything, like a uniqid() generated at the time of registration..
Instead of in the email you send the user ID (and consequently condition the activation with that same value), you use this hash which, theoretically, is harder to violate than a simple integer.
Hey, Eduardo, what’s up? Could you update your question with code grafts demonstrating your email sending strategy during user creation? If you can comment more on what specific issue you’re having at the time of including a link to user activation it also helps.
– Anthony Accioly