Skip to content

E-mail verification and account activation

As one of the improvements to the chat application In the previous post I mentioned the possibility of e-mail verification and as a logical sequence of things account activation that was created in the registration step. The mechanism itself is not complicated, it required an additional two columns in the user table, as well as an additional verification page with accompanying background verification and activation processes. In this text, i will cover this topic.

Chat app pages

Modification of an existing table in the database

As a first step, I mentioned adding two more columns to the user table. One stores the activation code, while the other stores the status of the account. The code is a six-digit random number that is generated during the registration process. The default value for account status is NULL. During the verification and activation process, these fields are changed so that the first value is assigned 0, while the second value from NULL is changed to 1 (account active).

The structure of the users table after the modification

E-mail verification

An activation code is generated during registration. The entered data from the registration form, together with the code, after verification, are inserted in the user's table. The status of the account represented by the "verification_status" field is set to the default value of NULL. After that, an email is sent to the user with the activation code. Of course, the e-mail can be more extensive, but it is quite sufficient for these needs.

The part of the code I'm talking about is:

 // create secure password hash
 $pass = password_hash($password, PASSWORD_DEFAULT);
 $code = rand(999999, 111111);

 $insertQuery = mysqli_query($conn, "INSERT INTO 
      users (unique_id, fname, lname, email, password, img, status, code) 
      VALUES ({$random_id}, '{$fname}', '{$lname}', '{$email}', '{$pass}', '{$new_img_name}', '{$status}', {$code})");

 if ($insertQuery) {
    $sql3 = mysqli_query($conn, "SELECT * FROM users WHERE email = '{$email}'");
    if (mysqli_num_rows($sql3) > 0) {
        $row = mysqli_fetch_assoc($sql3);
        $subject = "Email Verification Code";
        $message = "Your verification code is $code";
        $sender = "From: [email protected]";
        if(mail($email, $subject, $message, $sender)){
            $_SESSION['email'] = $row['email'];
            echo 'success';
        }else{
            echo "Failed while sending code!";
        }
   }
}

Account activation

After registration, the user will be forwarded to the verification page. Here it is necessary to enter the code that was previously sent by e-mail to the address entered by the user. After entering the code and clicking on the verification button, the correctness of the code associated with the given e-mail address is checked. If everything is OK, the value of the field "verification_status" is changed to the value 1 (means that the user is active), then the field "status" to the value "Active now!" While in the code field this value is canceled and entered 0. After then the user can log in to the chat. Of course, if someone tries to log in without activation, they will be automatically redirected to the verification page.

$code = 0;
$verStatus = 1;
$status = 'Active now!';
$sqlAccountActivation = "UPDATE users SET status = '{$status}', code = {$code}, verification_status = {$verStatus} WHERE code = {$otp} AND email = '{$_SESSION['email']}' ";
$queryAccountActivation = mysqli_query($conn, $sqlAccountActivation);
if ( $queryAccountActivation ) {
    $_SESSION['unique_id'] = $row['unique_id'];
    echo 'success';
} else {
    echo 'Ups! Something went wrong with the query! Error: '. mysqli_error($conn);
}

Finally, let me mention one more important thing. User passwords are first encrypted and then inserted into the database - security first :) Code which enables this:

$pass = password_hash($password, PASSWORD_DEFAULT);

A built-in PHP function that encrypts a given string ($ password) with an algorithm that is defined as the second parameter of the function.

Another idea was born while working on this, and that is end-to-end encryption, for maximum data protection and privacy - Punky, Trle, thanks for the idea! :)

Links

GitHub, Cukuce (app)

en_USEnglish
Powered by TranslatePress »