How to implement a guest user confirmation system by email

Asked

Viewed 765 times

1

In the system, the user registration will not be free. Each user will be invited by email by administrator to participate.

In the user table I have, briefly, the following attributes:

$table->increments('id')->unsigned();
$table->string('nome', 45);
$table->string('email', 64)->unique();
$table->string('username', 45)->nullable();
$table->string('senha', 20)->nullable();
$table->string('codigo', 100)->nullable();
$table->boolean('ativo')->default(false);

I never worked with this kind of confirmation, so I imagined the following algorithm (sequence):

  1. To invite a user, the administrator must complete the name and email of the guest.

  2. Therefore, the guest user will receive an email with the invitation.

  3. In the forwarded email, there will be a link that points to the route: hostname/code (where code is an attribute with unique content for each guest user).

  4. If this route is accessed the user becomes active in the system.

Would this step-by-step user authentication be relatively correct? And the password? It would be convenient to administrator set an initial password for the guest? I need ideas.

  • I think these steps are on the right track, make a password or let the user set the password is at your discretion, in fact there is no "problem" to be solved in this question, it was wide, see if you can reformulate, before you go to the suspension queue.

1 answer

4

You can do the following, create a system where you ask for email and the person’s name, and then create a token with a random number and then encrypt it in md5, save that value, the user’s id, the user’s email and that person’s name. In the mail() function, create a link with the generated code, email and id all in one link.

Create a page to receive this value and validate in the database, if it is correct, create a Session of any name and put a value and then direct to a page, where the user will complete the registration, with full name and bla bla. This page will only enter if there is a Session that will be created if the result is positive. Remember to make the page delete his token so someone else doesn’t use it.

If you want you can create another script to update the token if the user enters the link and does not complete the registration and send a new email with the link.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.