(adsbygoogle = window.adsbygoogle || []).push({}); This a tutorial about adding email verification on your site. Feel free to PM me with any problems.

Email Verification: A process by which email address validity is checked before use or in real time when validating a webform entry.

Example: You must login or register to view this content.

You want your users table to look similar to this: You must login or register to view this content.

I don't have a example of what the email looks like, I currently have this on my localhost.

In config.php

    

<?php



$con = new PDO('mysql:host=localhost;dbname=shadowngu;', 'root', '';



$a_email = "[email protected]";



$s_url = "https://your_site_url.com";



?>

Register.php

    

<?php

require 'config.php';

session_start();



if(isset($_POST['register']))

{

$username = $_POST['username'];

$email = $_POST['email'];

$password = md5($_POST['password']);

$password_c = md5($_POST['password_c']);



if(empty($username) or empty($email) or empty($password) or empty($password_c))

{

echo 'All fields must be filled in!';

} else 

{

//Checking if the username entered has already been registered.

$usrcheck = $con->prepare('SELECT * FROM user_table WHERE username = :username';

$usrcheck->bindValue(':username', $username, PDO:ARAM_STR);

$usrcheck->execute();

if($usrcheck->rowCount() >= 1)

{

echo 'Username already exists!';

} else

{

//Checking if the email entered has already been registered.

$emailcheck = $con->prepare('SELECT email FROM user_table WHERE username = :username';

$emailcheck->bindValue(':username', $username, PDO:ARAM_STR);

$emailcheck->execute();

if($emailcheck->rowCount() >= 1)

{

//Checking if the entered email is valid.

if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['email'])) 

{

//Generating your unique verification code

$activation = md5(uniqid(rand(), true));



//Confirming passwords match.

if($password == $password_c)

{

$query = $con->prepare('INSERT INTO users (username,email,password,joined,activation) VALUESusername,:email,:password,:join_date,:activation)';

$query->bindValue(':username', $username, PDO:ARAM_STR);

$query->bindValue(':email', $email, PDO:ARAM_STR);

$query->bindValue(':password', $password, PDO:ARAM_STR);

$query->bindValue(':join_date', $join_date, PDO:ARAM_STR);

$query->bindValue(':activation', $activation, PDO:ARAM_STR);

$query->execute();



$message = 'To activate your account, please click this link:\n\n';

$message .= $s_url . '/activate.php?email=' . urlencode($email) . '&key=$activation';

$headers = 'From: ' . $a_email . "

" .

'Reply-To: ' . $a_email . "

" . 'X-Mailer: PHP/' . phpversion();

mail($email, 'Registration Confirmation', $message, $headers);



echo 'You have successfully registered, a confirmation email has been sent to ' . $email . '.';

} else

{

echo 'Passwords do not match!';

}

} else 

{

echo 'Your email is invalid!';

}

} else

{

echo 'Email already exists!';

}

}

?>

Activate.php

    

<?php

require 'config.php';

if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])) 

{

$email = $_GET['email'];

}



if (isset($_GET['key']) && (strlen($_GET['key']) == 32))

{

$key = $_GET['key'];

}

	 

if (isset($email) && isset($key)) 

{

	 

$query_activate_account = $con->query("UPDATE users SET activation=NULL WHERE(email ='$email' AND activation='$key'LIMIT 1");

	 

if ($con->rowCount() == 1) //if update query was successfull

{

echo 'Your account is now active. You may now <a href="login.php">Log in</a>';

} else 

{

echo 'Oops, your account could not be activated. Please re-check the link or contact the system administrator.';

}

} else 

{

echo 'Error Occured .';

}

?>

Login.php

    

<?php

require 'config.php';

if (isset($_POST['login'])) {

session_start();

$username = $_POST['username'];

$password = $_POST['password'];

if (empty($username) or empty($password))

{

echo 'All fields must be filled in!';

} else {

$query_check_credentials = $con->prepare("SELECT * FROM user_table WHERE (username = :username AND password = :password) AND Activation IS NULL");

$query_check_credentials->bindValue(':username', $username, PDO:ARAM_STR);

$query_check_credentials->bindValue(':password', $password, PDO:ARAM_STR);

$query_check_credentials->execute();



if($query_check_credentials->rowCount() == 1)

{

$_SESSION['username'] = $username;

echo '<script>window.location="index.php";</script>';

} else

{

echo 'Your account is inactive or username/password is incorrect.';

}

?>

You shouldn't use md5, but if you are still going to at least add a salt to prevent hash collision.