I have recently made a login and register script which works fine but I want it to more secure from spammers and I was wondering if anyone know how to make an email verification system.
How could I make this script add email verification to it. I hope this made sense
<?php
require("php/bp-connection.php");
if(!empty($_POST))
{
if(empty($_POST['username']))
{
die("Please enter a username.");
}
if(empty($_POST['password']))
{
die("Please enter a password.");
}
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
$query = "
SELECT
1
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This username is already in use");
}
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This email address is already registered");
}
$query = "
INSERT INTO users (
username,
password,
salt,
email
) VALUES (
:username,
:password,
:salt,
:email
)
";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':username' => $_POST['username'],
':password' => $password,
':salt' => $salt,
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
header("Location: login.php");
die("Redirecting to login.php");
}
?>
<html lang="en">
<head>
<title>Register | BinaryPaw</title>
<link rel="shortcut icon" href="favicon.ico" type="icon" />
<link rel="stylesheet" href="css/bp-grid.css" type="text/css" />
<link rel="stylesheet" href="css/bp-styles.css" type="text/css" />
</head>
<body>
<?php
include 'php/bp-siteBar.php';
?>
<div class="container">
<?php
include 'php/bp-sideBar.php';
?>
<div class="span4">
<h1>User Registration</h1>
<form action="register.php" method="post">
<div class="space1">
<label>Username</label>
</div>
<div class="space2">
<input type="text" name="username" class="username" value="" />
</div>
<div class="space1">
<label>Email</label>
</div>
<div class="space2">
<input type="text" name="email" class="email" value="" />
</div>
<div class="space1">
<label>Password</label>
</div>
<div class="space2">
<input type="password" name="password" class="password" value="" />
</div>
<div class="space3">
<input type="submit" class="submit" value="Register" />
</div>
</form>
</div>
<div class="space3"></div>
<div class="span10" id="footer">
<h6>Created by Mathew Berry ©2013 </h6>
</div>
</div>
</body>
its simple send a code to user email address and create a page to verify the code and if code verify then register the user
if(isset($_POST['register']))
{
$email_id=$_POST['email'];
$pass=$_POST['password'];
$code=substr(md5(mt_rand()),0,15);
mysql_connect('localhost','root','');
mysql_select_db('sample');
$insert=mysql_query("insert into verify values('','$email','$pass','$code')");
$db_id=mysql_insert_id();
$message = "Your Activation Code is ".$code."";
$to=$email;
$subject="Activation Code For Talkerscode.com";
$from = 'your email';
$body='Your Activation Code is '.$code.' Please Click On This link <a href="verification.php">Verify.php?id='.$db_id.'&code='.$code.'</a>to activate your account.';
$headers = "From:".$from;
mail($to,$subject,$body,$headers);
echo "An Activation Code Is Sent To You Check You Emails";
}
to verify the code
if(isset($_GET['id']) && isset($_GET['code']))
{
$id=$_GET['id'];
$code=$_GET['id'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from verify where id='$id' and code='$code'");
if(mysql_num_rows($select)==1)
{
while($row=mysql_fetch_array($select))
{
$email=$row['email'];
$password=$row['password'];
}
$insert_user=mysql_query("insert into verified_user values('','$email','$password')");
$delete=mysql_query("delete from verify where id='$id' and code='$code'");
}
}