I'm actually creating a web application using PHP and seek help verifying a user.
As with certain websites, when you register, an e-mail is sent to you with a confirmation link. How do I implement that in PHP?
All I know is that I have to use the PHP mail() function to send the e-mail.
Please help. Necessary. Thanks. :)
just like with CSRF protection you generate an unique token.
$token = md5(uniqid(rand(), TRUE));
You store that value in your session for that email and when the user clicks link in email(you pass token via the query-string) you compare the two values.
To make it more secure you could just as with CSRF add a time-limit.