When a user subscribes to my newsletter via their email address, using php, how would I send them an 'Activation Link' via email to confirm it is their email address and not a fake one.
so at the moment I have
PHP:
<?php
$to = "recipient@example.com";
$subject = "Hi!";
$body = "Hi,
How are you?";
if (mail($to, $subject, $body)) {
echo "<p>Message successfully sent!</p>";
} else {
echo "<p>Message delivery failed...</p>";
}
?>
I guess i would change the $body to this:
$body = "Please click the link to activate your email
http://www.activationlink.com?";
How would I make it so that if a user clicked that link it would add their details to the Mysql database recognising they are a legitimate subscriber?
Any help or suggestions appreciated. Thanks
Quick google search result
http://www.learnphponline.com/scripts/email-activation-for-php-forms
basically you need to create a subscriber table and have a boolean flag call verified, of coz store the email address in that table
ok i would try to suggest you some thing which happens while signup on most of sites today.
what happens is that when you enter your user name and password it says "An email is sent to your location.....(something like this)" what we do is that before sending email we save that username and password in the DB but make there status inactive.
So when users click the link and they get the relevent site, all needed then is to verify the code and change status.
So some what similar you have to add the email to your DB and then send some email. In that case it will be easy for you handle your current problem.
Use the http://en.wikipedia.org/wiki/Message_authentication_code (MAC) approach. You should have a secret key. Use the key and user's email to generate SHA1 hash. Then produce an activation link which includes user's email and the hash. After you receive a click from the link, you do the same - use the same secret key, take the email from the link, generate hash and compare it with provided in the link. If it does match, then it means the e-mail address is confirmed.
Also, together with email you could include some more info (e.g. timestamp to make links expire-able), all info could be authenticated with the MAC approach.
You don't need store any information in a database, as in answer from @Tommy.