Validating people who register .. how does this work?
I'm building a site where I'm asking people to register (free) as members. Since there's no credit card or money transaction, I still want to ensure the member is using a valid email address, so I want to do what the likes of Yahoo and others do - send an email to the user asking her to activate her account. But what's going on in the background in these systems? Here's what I think happens, but can anyone tell me if this is what is really happening, or if there's a better way to verify their email address? [1] the user fills out the registration form on line [2] on submit, the data is entered in the user data table, with a bit field, say activated set to NO. [3] The user is sent an email asking to click on a link which takes them to a validation page. [4] The user is allocated an id number, perhaps the UserID, the primary key of the User table which is added to the link on the email. [5] when the user clicks on the link, the action page retrieves the user from the data table based on the UserID (which was a field in the table) [6] The action page sets the activated field to YES [7] all restricted access pages have the test cfif (user.activated) to permit access. Is that what's happening there? Is there a simpler way to do it? Cheers, Michael Kear Windsor, NSW, Australia AFP Webworks. ~| Message: http://www.houseoffusion.com/lists.cfm?link=i:4:137957 Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: Validating people who register .. how does this work?
If there is a password involved, you could generate the password (rather than ask them to input) and email it to them. That's what we do here. HTH -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2003 17:58 To: CF-Talk Subject: Validating people who register .. how does this work? I'm building a site where I'm asking people to register (free) as members. Since there's no credit card or money transaction, I still want to ensure the member is using a valid email address, so I want to do what the likes of Yahoo and others do - send an email to the user asking her to activate her account. But what's going on in the background in these systems? Here's what I think happens, but can anyone tell me if this is what is really happening, or if there's a better way to verify their email address? [1] the user fills out the registration form on line [2] on submit, the data is entered in the user data table, with a bit field, say activated set to NO. [3] The user is sent an email asking to click on a link which takes them to a validation page. [4] The user is allocated an id number, perhaps the UserID, the primary key of the User table which is added to the link on the email. [5] when the user clicks on the link, the action page retrieves the user from the data table based on the UserID (which was a field in the table) [6] The action page sets the activated field to YES [7] all restricted access pages have the test cfif (user.activated) to permit access. Is that what's happening there? Is there a simpler way to do it? Cheers, Michael Kear Windsor, NSW, Australia AFP Webworks. ~| Message: http://www.houseoffusion.com/lists.cfm?link=i:4:137958 Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: Validating people who register .. how does this work?
We do this by sending an email with a verification link, then when the user clicks on that link, we "activate" their account (an active field in the database) and display their password as image files instead of as text. You've probably seen this before at PayPal and others that require you to type in the text from the images you see on screen to verify. This works well and is a relatively secure way of confirming addresses and issuing passwords without having to ever send a text copy of the password via email. I'm sure there are several other ways to do this though. An example of the image display (we use a function called RandString() which can be found at cflib.org): ~| [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]