1
I have a user register which sends by e-mail the data filled correctly.
Now I wanted a link that goes together by email for user activation. Only after clicking the link the user would be duly recognized by the system.
How could I do this, if possible, with the Codeigniter I already use?
2
I will not respond based on Codeigniter either because it does not work with Codeigniter and also because it would limit the use of the response only to those who use this framework.
User activation depends on conditioning the value of a particular column in the user record, so if it does not yet exist, you must create it.
It can be even a field of type CHAR, after all we would store in it only an integer-boolean 0 (zero) if the user has not activated Io and 1 (one) if it has. For the purpose of the answer, we will call this field isActive.
The activation link must contain some value to be conditioned to perform the UPDATE. It might even be the user ID, but if you need a little more security, keep reading below.
Send the email, you already know how to do so just include in the body of the message a link that represents a valid action in your Application, as:
domain.com/users/activate/123
In the action corresponding to this link you consult the record referring to the ID received (WHERE). If found, you check the value of our column isActive. If it is zero, you do the UPDATE:
UPDATE `users` SET `isActive` = 1 WHERE ID = XXX
Obviously XXX is the amount received.
If it is already 1 (one), you display an error message or warning that that user is already activated.
From this point on, any action in your Application that depends on the user being active on your system, you check whether the value of this flag is 1 (a).
But not all resources need this check. Editing the User Profile, for example, is one such case (if applicable).
As for the issue of additional security, you may have an extra column in the user registration with a hash unique to each user. This hash can be anything, like a uniqid() generated at the time of registration..
Instead of in the email you send the user ID (and consequently condition the activation with that same value), you use this hash which, theoretically, is harder to violate than a simple integer.
This example using a uniqid() is very good because it makes it easy to compare what comes from the activation link with what is in the user’s db...thus validating if it is equal :)
0
TBL-USERS
name | email | ... | status | code-validate
When the user is inserted into the DB, a hash will be created that you can write to code-validate and the status keeps it off. The email goes with a link and the reference from code-validate, something like: site.com/user/active?XXX.
On the active page you will validate the code-validate and change the status from user to true.
Browser other questions tagged codeigniter
You are not signed in. Login or sign up in order to post.
Hey, Eduardo, what’s up? Could you update your question with code grafts demonstrating your email sending strategy during user creation? If you can comment more on what specific issue you’re having at the time of including a link to user activation it also helps.
– Anthony Accioly