Home>

Hello. I use the usual registration script with Email confirmation. That is, the user enters the login (it is email) and the password after which the email specified by them flies the reference to the verification page with the GET parameter in the form of a unique hash, which is stored in the database with its login and password. On the Hash Verification page, which in the database and which came inside the GET parameter is compared, etc.

Question: How to reliably determine the mailing address from which the user has passed to confirm? Theoretically, the confirmation link may fly away where the other can be verified and verification. How do you compare the user who just passed the registration procedure and the user who passed on the confirmation link?

Perhaps the answer to this question is simple, but I do not have much experience in this matter therefore I ask the Council.

Thank you.

  • Answer # 1

    on points:

    How to reliably define the mailing address from which the user has passed to confirm? Theoretically, the confirmation link may fly away where the other can be verified and verification.

    NO -Link Verification This is the password to enter, to confirm Email, it is worthwhile to determine anything, if I flew down there, then this is the problems of the user (case of sisopa-idiot). (Here is the question of what is considered to be confirmed by the mailbox, in fact -I can read the mail from it, there is no other confirmation, but this is for Email, for confirmation, such as the account possession on this forum, you can check the special line in the profile)

    How do you compare the user who has just passed the registration procedure and the user who passed on the confirmation link

    We store in the Verification Code Table Type Record

    Code: Very-Long-Unique-Code
    User-ID: 10
    

    And in the table of users we store

    ID: 10
    Verified: False.
    

    Let me understand on the second item. Namely it is not clear: "We are stored in the database type" and "and in the user's table we store." The separation of these concepts results in a stupor. Can I specifically mean what you mean?

    Самат Жанбеков2021-05-18 14:43:42

    Well, I meant that verification codes can be stored in another table and remove them from there, after confirmation.

    zb'2021-05-18 14:43:42

    >Here is the question of what is considered to be confirmed by the postal box, in fact -can I read mail from him and already allowed?))

    Самат Жанбеков2021-05-18 14:43:42

    What are allowed? Read mail? Of course, the user can read his mail.

    zb'2021-05-18 14:43:42

    I apologize, I thought about the bad.

    Самат Жанбеков2021-05-18 14:43:42
  • Answer # 2

    on points:

    How to reliably define the mailing address from which the user has passed to confirm? Theoretically, the confirmation link may fly away where the other can be verified and verification.

    NO -Link Verification This is the password to enter, to confirm Email, it is worthwhile to determine anything, if I flew down there, then this is the problems of the user (case of sisopa-idiot). (Here is the question of what is considered to be confirmed by the mailbox, in fact -I can read the mail from it, there is no other confirmation, but this is for Email, for confirmation, such as the account possession on this forum, you can check the special line in the profile)

    How do you compare the user who has just passed the registration procedure and the user who passed on the confirmation link

    We store in the Verification Code Table Type Record

    Code: Very-Long-Unique-Code
    User-ID: 10
    

    And in the table of users we store

    ID: 10
    Verified: False.
    

    Let me understand on the second item. Namely it is not clear: "We are stored in the database type" and "and in the user's table we store." The separation of these concepts results in a stupor. Can I specifically mean what you mean?

    Самат Жанбеков2021-05-18 14:43:42

    Well, I meant that verification codes can be stored in another table and remove them from there, after confirmation.

    zb'2021-05-18 14:43:42

    >Here is the question of what is considered to be confirmed by the postal box, in fact -can I read mail from him and already allowed?))

    Самат Жанбеков2021-05-18 14:43:42

    What are allowed? Read mail? Of course, the user can read his mail.

    zb'2021-05-18 14:43:42

    I apologize, I thought about the bad.

    Самат Жанбеков2021-05-18 14:43:42
  • Answer # 3

    Expose any token to a cookie, and at the time of confirmation of the address of the mail, check to make sure that the same person has come from the letter, which was registered. Cons -You can not register from work, and confirm the link from the house. And in general, if suddenly cookies will fly, then it will not be possible, just re-registered. This method is much better suited for password recovery.

  • Answer # 4

    Expose any token to a cookie, and at the time of confirmation of the address of the mail, check to make sure that the same person has come from the letter, which was registered. Cons -You can not register from work, and confirm the link from the house. And in general, if suddenly cookies will fly, then it will not be possible, just re-registered. This method is much better suited for password recovery.