1.8. E-mailing a Validation Link
Right now register.php provides a direct link to verify the account, though in a production environment it's typical to send the link in an e-mail to the address provided. The hope is that legitimate users will supply legitimate e-mail accounts and actively confirm their accounts, and bulk spammers wouldn't.
The mail() function is used to send e-mails from within PHP. The first argument is the user's e-mail address, the second is the e-mail's subject, and the third is the message. The use of @ to suppress warning messages is generally discouraged, though in this case it is necessary because mail() will return false and generate a warning if it fails.
The code you integrate into register.php to send a message instead of displaying the validation link in the browser window might look something like this:
<?php ... // create an inactive user record $user = new User(); $user->username = $_POST['username']; $user->password = $password; $user->emailAddr = $_POST['email']; $token = $user->setInactive(); $message = 'Thank you for signing up for an account! Before you '. ' can login you need to verify your account. You can do so ' . 'by visiting http://www.example.com/verify.php?uid=' . $user->userId . '&token=' . $token . '.'; if (@mail($user->emailAddr, 'Activate your new account', $message)) { $GLOBALS['TEMPLATE']['content'] = '<p><strong>Thank you for ' . 'registering.</strong></p> <p>You will be receiving an ' . 'email shortly with instructions on ...
Get PHP and MySQL®: Create-Modify-Reuse now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.