Short Like A Fox

So you need confirmation of a user’s email address? No problem. There are a lot of reasons to require email confirmation, and PHP makes it simple.

Email confirmation can be completed is these steps:

1. Prompt the user for whatever information you need from them (including their email address)
2. Input this data in a database
3. Send the user an email with a special confirmation key
4. "Unlock" the data in the database once the confirmation key is entered.

How to do it:

<?php

//First, let’s connect to the database

$user_name = "dbUserName ";
$host = "dbHost";
$my_password = "dbPassword";
$db_name = "dbName";

//Connect to server and select database.
mysql_connect("$host", "$user_name", "$my_password")or die("cannot connect to server");
mysql_select_db("$db_name")or die("cannot select DB");

//The following line basically asks if the user needs to have the form displayed. Read down a little if you want to see where the variables come from

if(!(@$_GET['first'] == "no") && !(@$_GET['confirm'] == "yes"){
//Since this is the page’s first display and no confirmation code is included we should display the form for the user to fill out
//This form only takes one argument (the user’s email address).
?>

<form name="emailConfirmation" method="post" action="index.php?first=no">

<table align="center">
<tr>
<td>
Email: <input name="email" type="text" id="email" size="30" />
</td>
</tr>
<tr>
<td align="center">
<input type="submit" name="Submit" value="Submit"/>
</td>
</tr>
</table>
</form>

<?php

}

//if the form has been filled out, we need to generate a confirmation code, insert the confirmation code and user email into a database, and send an email to the email address.
elseif (@$_GET['first'] == "no"){ //if the form has been filled out…

//is_valid_email_address is NOT a valid php function. Insert your own email address checking function here…
if (!is_valid_email_address($_POST['email']))

echo("Sorry! The email address you entered is not valid.");

//If the email address appears valid and safe…
else{

$email = ($_POST['email']);
//Generate a confirmation code here. This is the way I choose to do it, but there are innumerable ways that will work.
$confirmation_code=md5(uniqid(rand()));
//Everything is more or less OK to enter into the database and then send an email to the user
$query = "INSERT INTO emailConfirmationTable(user_email, con_code) VALUES(’$email’, ‘$confirmation_code’)";
$result = mysql_query($query) or die ("Config Error 2223 ");
//Send the email
$to=$email;
$subject="Your shortlikeafox example confirmation";// From
$header="from: shortlikeafox <info@shortlikeafox.com>";
// Your message
$message="Your Comfirmation link! \r\n";
$message.="Click on this link to activate your account \r\n";
$message.="This link with expire whenever I feel like cleaning out the unconfirmed emails (every week or so) \r\n";
$message.="http://www.shortlikeafox.com/simple-email-confirmation-example/index.php?confirm=yes&confirmCode=$confirmation_code \r\n";
$sentmail = mail($to,$subject,$message,$header);

echo("Your Confirmation Email Has Been Sent!");

}

}
//If the user found this script from a link in his email, confirm it….
elseif(@$_GET['confirm'] == "yes"){
//Make the confirmCode relatively safe to use

$confirmCode = mysql_real_escape_string(@$_GET['confirmCode']);

$query = "SELECT * FROM emailConfirmationTable WHERE con_code = ‘$confirmCode’ AND is_confirmed = ‘0′";
$result = mysql_query($query) or die ("Error 234234");
$nrows = mysql_num_rows($result);
if ($nrows==1){
$query = "UPDATE emailConfirmationTable SET is_confirmed = ‘1′ WHERE con_code = ‘$confirmCode’ ";
$result = mysql_query($query) or die ("Config Error 222231231233 ");
if ($result)
echo("EMAIL CONFIRMED!!!");

}
else

echo("Could not confirm Email");

}

?>

It is very important to remember to validate the information that the user inserts in any form. I didn’t include a function for email address validation above, but a good place to start is Cal Henderson’s email validation function found here.

If you want to see this script in action, you can do so here.