HTML Form code, continued - PHP

THIRD STAGE OF EMAIL ADDRESS VALIDATION: Confirming the reality and existence of email address and its user.

Generate activation code using MD5 for more random combinations.

$activationcode=md5(uniqid(rand()));

Assign $active=0 for unverified emails and user

$active=0;

MySQL real escape query for insert database variables for sanitization and security, but connect to database first.

include('databaseconnect.php');
$emailaddress= mysql_real_escape_string($emailaddress);
$activationcode= mysql_real_escape_string($activationcode);
$active = mysql_real_escape_string($active);

Insert email,active status and activation code to MySQL database
Insert data into database table
If you have not create database table, you need to enter this query into your database:

CREATE TABLE `registered_email` (
`id` int(4) NOT NULL auto_increment,
`email` varchar(65) NOT NULL default '',
`activationcode` varchar(65) NOT NULL default '',
`active` int(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1
  
Your database table fields should look like the ones shown here, using phpMyAdmin: http://www.php-developer.org/screenshot/databasetablescreenshot.jpg

$sql="INSERT INTO registered_email(email, activationcode, active) VALUES('$emailaddress', '$activationcode', '$active')";
$result=mysql_query($sql);

If successfully inserted data into database, send confirmation link to email.

More details about user email verification here: http://phpeasystep.com/phptu/24.html  

if ($result == TRUE){ 

Send mail form and configure the send e-mail "to" field ...
$to=$emailaddress;

Your email subject:
$subject="Your confirmation link here";

Configure from:
$from = "From: Codex-m <codex_m@php-developer.org>";

Your message:
$message="Your Confirmation link rn";
$message.="Click on this link to activate your account rn";
$message.="http://www.php-developer.org/rfccompliantemailvalidator/confirmation.php?passkey=$activationcode";

Send email using php mail function
$sentmail = mail($to,$subject,$message,$from);
}

If your email sending has been successful

if($sentmail){

echo "Your Confirmation link Has Been Sent To Your Email Address. Please check your email and click the activation link to completely validate your email.";

}
else {
echo "Cannot send Confirmation link to your e-mail address";
}
}
else {

No posted values to PHP"

echo 'No values posted to PHP.';
}
}
}
}
?>
</body>
</html>

Confirmation.php file: Verifying user ownership of email address

<?php
This script will GET the passkey values from the URL and validate after the user clicks on the email verification link.Connect to MySQL database first:

include('databaseconnect.php');

Get the passkey from email confirmation

$passkey=$_GET['passkey'];
if (!(empty($passkey))) {

Passkey is NOT empty, sanitize before MySQL query
$passkey= mysql_real_escape_string($passkey);

Query the email address verified using the passkey in the MySQL database

$sql1="SELECT email FROM registered_email WHERE activationcode ='$passkey'";
$result1=mysql_query($sql1);
$row = mysql_fetch_array($result1);
$emailaddressverified = $row['email'];

If successfully queried:

if (($result1 == TRUE) && (!(empty($emailaddressverified)))){

echo "Congratulations, the email address: $emailaddressverified has been successfully verified and it shows you are not a bot but a gentle human. Thank you for using this email validator.<br>";

Update active status from 0 to 1

$result2 = mysql_query("UPDATE registered_email SET active='1' WHERE activationcode ='$passkey'");
}
else {
Unsuccessful query
echo "Wrong activation code.";
}
}
else {
Empty passkey
echo "Empty activation code.";
}

More details about confirmation.php here: http://phpeasystep.com/phptu/24.html
Of course this script can be further improved to detect duplicate email entries in the database as well as other useful features.

?>

Databaseconnect.php file (Connection strings to MySQL database)

<?php

Protect direct file access

if ('databaseconnect.php' == basename($_SERVER['SCRIPT_FILENAME'])) {
     die ('<h2>Unauthorized file access</h2>');
}
else {
$host="Your MySQL database hostname"; // Host name
$username="Your MySQL database username"; // Mysql username
$password="Your MySQL database password"; // Mysql password
$db_name="Your MySQL database name"; // Database name

Connect to server and select database:

mysql_connect("$host", "$username", "$password")or die("cannot connect to server");

mysql_select_db("$db_name")or die("cannot select DB");

}

?>

Implementation Tips

You can see the fully working application here as well as a download link for complete working scripts: http://www.php-developer.org/rfccompliantemailvalidator/

To implement, at a minimum:

1. Assign connection parameters for your MySQL database in databaseconnect.php.
   
2.  Assign your own Recaptcha private and public key. If you do not have one, you can get your own key for free in http://www.google.com/recaptcha.
   
3. Customize your email message in index.php (email TO and FROM, as well as your domain/website etc).
   
4. Upload the folder rfccompliantemailvalidator to the root directory of your website.
   
5. You should create a database table first, before testing your application. It should be defined in databaseconnect.php.
   
   The MySQL query to create the tables, fields, etc was discussed previously, along with related screen shots.
   
6. Proceed with the testing and a little troubleshooting.
   
7. Customize further to integrate the email validation scripts. Remove the default text  in the script and replace it with your own.