Check if a user has already activated their account by email, otherwise remind them to activate

Asked

Viewed 55 times

-2

I am developing a corporate network, and would like to check every time the user logged in, whether or not he activated his account through the token sent to your email. But I wouldn’t want that check to be done all the time, this is possible?

For example, while the user does not activate his account, the system will be checking whether the flag in the database "enabled" is as true, but after she’s as true, never again would this account need to be verified again, as it has already been activated.

Regardless of the technology (language) used, I would like to know if it is computationally possible, through some logic, to create an algorithm that was used until a certain parameter was met, and after that that code "would no longer be executed" (would be dropped from source code, something like that). Because it depends on a particularity that needs to be checked, but once checked as true it would no longer be necessary to have this code snippet, but each user has his particular token check, he could not simply remove this snippet from the code, because at some point one or other user would need the verification.

Postponing that it is not something trivial, it is more conceptual, whether it is possible or not, regardless of the language used.

  • But what technology, what language is working, I believe we lack more details to start wondering if we can help you in something!

  • Yes, it is possible and depends a little on how your application was developed and also on the language.

  • 1

    Hello, @Alexandrec.Caus, regardless of the technology (language) used, I would like to know if it is computationally possible, through some logic, to create an algorithm that was used until a certain parameter has been met, and after that that code would no longer be executed. Because it depends on a particularity that needs to be checked, but once checked as true it would no longer be necessary to do it.

  • A have yes, I like to use Delphi, have you ever seen talk? It’s a beauty, it’s desktop application, and the learning curve is smaller than the others (java, c..).. It’s easy to interface, has a good..

  • 1

    Basically, if the code is there, it will be executed, there is no escape. The solutions are: force the application to rewrite that part of the code (if it is web is easy, if it is desktop is complicated), but this would have the problem of leaving it useless for new users, if you need a "CTRL+C, CTRL+V", or create another condition that prevents verification, And in that second case, it would still continue to run the condition, but it would not be met. The advantage of the second condition is that as you will run the application on a corporate network, you will not have to check on the network.

  • @Claydersonferreira is almost that of the second option, only that I am thinking of something of the type of the answer of António campos, but turned to the "log-in", as a corporate network (similar to a social network) has many queries, wanted to avoid doing this check all the time via database query, but when the user logs in it is mandatory to do a query in the bank, at that time I can recover the variable "enabled" and pass it via GET to avoid queries, optimizing the code, what they find?

  • 1

    This should occur every time the user logs in, or only once in each user’s life?

  • Just this @Guilhermenascimento, will only occur once in each user’s life.

  • I don’t know if the title is right, but I think it makes more sense now.

  • In fact, it would avoid repeating a check since it has already been answered! but I think it was cool! I asked Stacken the same question, and I liked the guy’s answer, it went something like this: "If you rely on a flag to verify that the user is active, there is no way to fail to do this check, what can be done is to optimize this check right away in the user’s authentication". Thanks a lot.

Show 5 more comments

1 answer

1


Logic will be something like:

In the database in the user table, the field, for example, user_ative=false and when the user activates the account changes to the user_ative for true...

During the log-in user, you recover in the same query, if possible (depending on your data structure, if the field is in the same user table), and you pass this parameter via GET, POST or SESSION to avoid carrying out new queries on other pages to check, as it is not possible for multiple users to have different source codes, which makes it impossible for the idea of an algorithm to be executed once in that user’s lifetime.

  • It’s not quite that Antonio, it’s precisely because I don’t want to be doing this check all the time, that I don’t want to put it to be done forever.

  • In the login process... check this, and only let in if you already have the account active... when validates the user and password also validates if the account is active... if you have everything in a table when select to get do something like this select * from utilizador where username =?? and password = ?? and user_active=true;

  • 2

    @Maiconherverton, but depends also saw. It is difficult for us because you have not specified how the application will be, and there is hardly a model that is applicable in all cases. Let’s assume that your application has a login form, you could very well do as Antonio said, and the impact on performance would not even be noticed, after all the connection to the bank will already be done, just run one more query and if you know how to do, not even this need. What is the impact of a query on the performance of a local application where there will be few users? On the contrary, try to make it not

  • check, can lead you to a "gambiarra" that will cause more performance loss yet

  • The problem António, is that the user has access to the "main" page, and in it I check whether it is active or not, because, if it is not active I will indicate a "link" to "resend" the token. But if it is active, never again would this check be necessary understood. But I think that the only solution will be to follow for this matter of validation right in the log-in, even if I let the user "pass" to next page, it exists, just does not have privileges until confirm your account via email (token).

  • Actually @Claydersonferreira is a corporate network, but it is Web similar to facebook, plus and etc.

  • 1

    I will edit the @Antóniocampos response, because it would be the "most logical" possible within the programming concept in general.

Show 2 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.