![]() By default, the expiration time is one day ( 1 * 24 * 60 * 60). The following adds the activation code and expiry parameter to the register_user() function. └── register.php Code language: PHP ( php ) Modify the functions in auth.php file Let’s review the current project structure before adding the email verification functions: ├── config The activated_at column stores the date and time when users activate their accounts. The expiration time ensures that the activation code cannot be used if the email address is compromised after the expiration time. ![]() The activation_expiry column stores the expiration time to use the activation code before expiry. It’ll cause the password_verify() function to fail to match the activation code with the hash. It’s important to notice that the hash will be truncated if the activation_code column doesn’t have a long enough size. Its length should be sufficient to store the string returned by the password_hash() function. The activation_code column will store the hash of the activation code. This means that users who register for accounts but haven’t verified their email addresses will be inactive by default. The value of the active column defaults to 0. The following explains the meaning of the new columns. ) Code language: SQL (Structured Query Language) ( sql ) Updated_at datetime DEFAULT current_timestamp() ON UPDATE current_timestamp() Second, create the users table with the new columns active, activation_code, activation_at, activation_expiry: CREATE TABLE usersĬreated_at timestamp NOT NULL DEFAULT current_timestamp(), If they match, mark the user record as active and redirect to the login page.įirst, drop the users table from the auth database: DROP TABLE users Code language: SQL (Structured Query Language) ( sql ) Otherwise, match the activation code with the hash of the activation code stored in the database.If a user record exists and the activation code is expired, delete the user record from the database and redirect to the registration form.If no user record exists, redirect to the registration form. Find the inactive user with the email address.Sanitize and validate the email and activation code.When users click the activation link in the email, you need to perform the following steps: ![]() If users have not activated account, they will not be able to log in. ![]() Hashing the activation code ensures that only the user who owns the email address can activate the account, not anyone else, even the admin, who can access the database.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |