Building A registration System with Email verification in PHP
by Hyder
Have you ever registered on a website and you were required to
activate your newly created account via a confirmation link sent to the
email address you supplied while registering? This Email verification
“Mechanism” is very common nowadays especially in forums, popular
websites such as ebay, paypal, Facebook etc .Verifying Email Address
helps to reduce spam and also to make sure that the email supplied
belongs to that member.
What are we going to build ?
We are going to build a small system in which a user can register a
new account. After registration, a confirmation link will be emailed to
the email supplied in the registration form. The user will have to log
in his email Account and click the activation link. After that, He or
she or she will be able to login into the system. Before Going into the
code, here is some screenshot of how it is going to work.

After Successful registration, an Activation will be emailed to the
user in order to verify that the email address supplied is really his.

On Clicking the Activation link , A message will be displayed whether Account has been Activated successfully or not.

The user may now login .

If Login is successful, He or she will be redirected to page.php, which could be called the “member Area”
Step 1: Database Connection File
This file contains the Database Connection Information. It Also
contains the Sender’s email address,website url and the smtp server
address. Please change these settings accordingly. IF you are going to
host this
script on a server at hostgator , namecheap , godaddy etc , there’s a
great chance you would not need the “SMTP” part .Simply Remove this line
of code.
| DEFINE( 'DATABASE_USER' , 'root' ); |
| DEFINE( 'DATABASE_PASSWORD' , '' ); |
| DEFINE( 'DATABASE_HOST' , 'localhost' ); |
| DEFINE( 'DATABASE_NAME' , 'forum' ); |
| date_default_timezone_set( 'UTC' ); |
| ini_set ( 'SMTP' , "mail.myt.mu" ); |
| define( 'EMAIL' , 'email@gmail.com' ); |
| $dbc = @mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASSWORD, |
| trigger_error( 'Could not connect to MySQL: ' . mysqli_connect_error()); |
Database Structure
| CREATE TABLE IF NOT EXISTS `members` ( |
| `Memberid` int (10) NOT NULL AUTO_INCREMENT, |
| `Username` varchar (20) NOT NULL , |
| `Email` varchar (20) NOT NULL , |
| ` Password ` varchar (10) NOT NULL , |
| `Activation` varchar (40) DEFAULT NULL , |
| ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ; |
Step 2 : Registration Page
The CSS Part has been omitted here . You can read a detailed description of how this
form has been built using pure css .
| < form action = "index.php" method = "post" class = "registration_form" > |
| < legend >Registration Form </ legend > |
| < p >Create A new Account < span style = "background:#EAEAEA none repeat scroll 0 0;line-height:1;margin-left:210px;;padding:5px 7px;" > |
| Already a member? < a href = "login.php" >Log in</ a ></ span > </ p > |
| < label for = "name" >Name :</ label > |
| < input type = "text" id = "name" name = "name" size = "25" /> |
| < label for = "e-mail" >E-mail :</ label > |
| < input type = "text" id = "e-mail" name = "e-mail" size = "25" /> |
| < label for = "Password" >Password:</ label > |
| < input type = "password" id = "Password" name = "Password" size = "25" /> |
| < input type = "hidden" name = "formsubmitted" value = "TRUE" /> |
| < input type = "submit" value = "Register" /> |
Code to Handle the Registration Form Submission :
Basic Form Validation Rules :
- Make sure no field is empty .
- Validate Email Address Format .
If Form Validation is successfull a unique activation code is
created using the php built in function MD5 () .For each new account , a
unique activation key is sent along the email address of the member.The
md5 key is then added to the database field “
Activation” .
The Activation Link is in this format :
http://website.com/activate.php?email=admin@example.com&key=c47662ba2504508bcdd5cb75106110a6
| include ( 'database_connection.php' ); |
| if (isset( $_POST [ 'formsubmitted' ])) { |
| if ( empty ( $_POST [ 'name' ])) { |
| $error [] = 'Please Enter a name ' ; |
| if ( empty ( $_POST [ 'e-mail' ])) { |
| $error [] = 'Please Enter your Email ' ; |
| if (preg_match( "/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , |
| $Email = $_POST [ 'e-mail' ]; |
| $error [] = 'Your EMail Address is invalid ' ; |
| if ( empty ( $_POST [ 'Password' ])) { |
| $error [] = 'Please Enter Your Password ' ; |
| $Password = $_POST [ 'Password' ]; |
| $query_verify_email = "SELECT * FROM members WHERE Email ='$Email'" ; |
| $result_verify_email = mysqli_query( $dbc , $query_verify_email ); |
| if (! $result_verify_email ) { |
| echo ' Database Error Occured ' ; |
| if (mysqli_num_rows( $result_verify_email ) == 0) { |
| $activation = md5(uniqid(rand(), true)); |
| "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`) VALUES ( '$name', '$Email', '$Password', '$activation')" ; |
| $result_insert_user = mysqli_query( $dbc , $query_insert_user ); |
| if (! $result_insert_user ) { |
| if (mysqli_affected_rows( $dbc ) == 1) { |
| $message = " To activate your account, please click on this link:\n\n" ; |
| $message .= WEBSITE_URL . '/activate.php?email=' . urlencode( $Email ) . "&key=$activation" ; |
| mail( $Email , 'Registration Confirmation' , $message , 'From:' .EMAIL); |
| echo '<div class = "success" >Thank you for |
| registering! A confirmation email |
| has been sent to ' . $Email . |
| ' Please click on the Activation Link to Activate your account </div>' ; |
| echo '<div class = "errormsgbox" >You could not be registered due to a system |
| error. We apologize for any |
| echo '<div class = "errormsgbox" >That email |
| address has already been registered. |
| echo '<div class="errormsgbox"> <ol>' ; |
| foreach ( $error as $key => $values ) { |
| echo ' <li>' . $values . '</li>' ; |
Step 4 : Activation Page
This Page contains code that will activate the new member’s account.
This will verify the Activation key in the Activation url against the
key in the Database, if there is a match, the Database field
“Activation” is set to NULL. .A Message informing the user that his or
her account has been created successfully.
| include ( 'database_connection.php' ); |
| if (isset( $_GET [ 'email' ]) && preg_match( '/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/' , |
| if (isset( $_GET [ 'key' ]) && ( strlen ( $_GET [ 'key' ]) == 32)) |
| if (isset( $email ) && isset( $key )) { |
| $query_activate_account = "UPDATE members SET Activation=NULL WHERE(Email ='$email' AND Activation='$key')LIMIT 1" ; |
| $result_activate_account = mysqli_query( $dbc , $query_activate_account ); |
| if (mysqli_affected_rows( $dbc ) == 1) |
| echo '<div>Your account is now active. You may now <a href="login.php">Log in</a></div>' ; |
| echo '<div>Oops !Your account could not be activated. Please recheck the link or contact the system administrator.</div>' ; |
| echo '<div>Error Occured .</div>' ; |
Step 4 :Login Page
The Code below handle the Login form. If there is a match
record in the database, a session is created and the member is
redirected to page.php .
| < form action = "login.php" method = "post" > |
| < legend >Login Form </ legend > |
| < p >Enter Your username and Password Below </ p > |
| < label for = "name" >Email :</ label > |
| < input type = "text" id = "e-mail" name = "e-mail" size = "25" /> |
| < label for = "Password" >Password:</ label > |
| < input type = "password" id = "Password" name = "Password" size = "25" /> |
| < input type = "hidden" name = "formsubmitted" value = "TRUE" /> |
| < input type = "submit" value = "Login" /> |
PHP Code to Handle the Login Form Submission
The code below contains basic validation as follows :
- Check if both field is empty.
- Check if email is in correct format using regular expression.
| include ( 'database_connection.php' ); |
| if (isset( $_POST [ 'formsubmitted' ])) { |
| if ( empty ( $_POST [ 'e-mail' ])) { |
| $error [] = 'You forgot to enter your Email ' ; |
| if (preg_match( "/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $_POST [ 'e-mail' ])) { |
| $Email = $_POST [ 'e-mail' ]; |
| $error [] = 'Your EMail Address is invalid ' ; |
| if ( empty ( $_POST [ 'Password' ])) { |
| $error [] = 'Please Enter Your Password ' ; |
| $Password = $_POST [ 'Password' ]; |
| $query_check_credentials = "SELECT * FROM members WHERE (Email='$Email' AND password='$Password') AND Activation IS NULL" ; |
| $result_check_credentials = mysqli_query( $dbc , $query_check_credentials ); |
| if (! $result_check_credentials ){ |
| if (@mysqli_num_rows( $result_check_credentials ) == 1) |
| $_SESSION = mysqli_fetch_array( $result_check_credentials , MYSQLI_ASSOC); |
| header( "Location: page.php" ); |
| { $msg_error = 'Either Your Account is inactive or Email address /Password is Incorrect' ; |
| foreach ( $error as $key => $values ) { |
| echo ' <li>' . $values . '</li>' ; |
| echo '<div>' . $msg_error . ' </div>' ; |
Step 5 : Member Section Page
After Login successfully ,The new member will be redirected to page.php .
| if (!isset( $_SESSION [ 'Username' ])){ |
| header( "Location: login.php" ); |
| <div class = "success" >Welcome , $_SESSION [ 'Username' ]</div> |
You can download the complete source code below . Please make the appropriate changes in the database_connection.php file .
Comments
Post a Comment