In user registration process of web applications, some times users try to sign up with fake or incorrect email addresses purposely, to avoid spammers and annoying automated emails. But more importantly as developers, you need to make sure that users always provide true and accurate information. So it's a good practice to use email verification in user registration process.
Database Structure:
Here is a sample user table with some basic information. As you can see there are two special attributes as `is_verified` and `hash`.
- `is_verified` : whether the user is currently active(verified) or not.
- `hash` : a special 32 digit hexadecimal number kept for verification purpose
After you finish creating the database table, you must design the registration form with relevant fields to input required information (In our case First Name, Last Name, Email and Password). Assuming that you've done with the form, the next step is to implement required methods in the controller class.
Controller:
Here we'll look at 3 main functions of controller class. (We're not going to discuss every single piece of code, assuming that you've already done the basic implementation of the class and field validation.)
First let's see how the information is passed to model class after user submits the form. As you see, in controller class most of the information are retrieved from $_POST array and passed to model as it is. (Password is encrypted in md5 for security purpose) But note how hash attribute is initialized in line 8. What happens there is, a random number between 0 and 1000 is generated first. Then the number is encrypted with md5 which again generates a 32 digit hexadecimal number and that 32 digit code is stored in user table as hash value. (The same code is appended to confirmation link which is sent to user's email address.)
After inserting user information into database, you must send an email to the user with confirmation link. The code segments above shows how to do that. As you see in line 19 & 20, confirmation link is generated dynamically combining 2 unique parameters, email and hash. email is retrieved from $_POST array and hash value is retrieved from global variable $data, which was initialized earlier. The logic for email verification is implemented in verify function in user_registration controller class.
The next thing you need to do is implement verify function. When a user clicks the verification link received though email, it calls verify function of controller class and passes relevant email and hash value through $_GET array, as those values are appended to the verification link as URL parameters. If URL parameter values match the values in database, the account is activated.
Model:
In model class you have to implement several functions to insert new users, validate email, retrieve hash code belongs to a given email and verify users. Assuming that you can manage first 3 functions, I'm going to show you how to implement verify_user function.
What we do through this function is, updating is_verified value which belongs to the given email address as '1', denoting that the user is verified. (Initially the value is 0)
So that's it. Hope this article was helpful. If you have any questions, comments or feedback, let me know. Cheers!
