AspAlliance.com LogoASPAlliance: Articles, reviews, and samples for .NET Developers
URL:
http://aspalliance.com/articleViewer.aspx?aId=178&pId=-1
Verify your members
page
by . .
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 23857/ 27

Introduction

Verify your members

 

Published 12/30/01 - For Classic ASP

Introduction

I see an increasing amount of sites trying to prevent people from signing up with fake emails and multiple accounts, one way that they do this is to send an email to the person with a link to a page that validates them against the system so their account will work. In this article I'll show you how to create a system like this.

The Plan

The Plan

Here is the plan of attack to validate members -

  1. The person signs up and their info is added to the database, however their account is marked as 'not validated' and cannot log-in until it is 'validated'.
     

  2. An email is sent to them with a link that contains their email and an activation code.
     

  3. They click on this link and are transported to a page
     

  4. The page takes those two values and looks them up in the database to mark their account as 'validated'

The database will look something like this -

Table Name : Users
ID Username Password Email Status
Primary Key, Auto Number Must be unique. Text Text Must be unique, text Text, either V (validated) or N (not validated)

The form -

Form Name : NewUser
UN PWD EM
Username field. Password field. Email field.
The Code

The code

This is the code that checks the user and sends the email -

<%
Dim objConn, objRS, uname, pword, email, aok, rndnum, objCDO, sqlstatement
uname = LCase(Request.Form("UN"))
pword = LCase(Request.Form("PWD"))
email = LCase(Request.Form("EM"))
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.RecordSet")
objConn.Open("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=d:\domains\aspalliance.com\wisemonk\authuser\users.mdb")
objRS.ActiveConnection = objConn
objRS.Source = "SELECT * FROM users"
objRS.LockType = 3
objRS.Open()
While Not objRS.EOF
If (objRS.Fields.Item("username").Value = uname) OR (objRS.Fields.Item("email").Value = email) Then
Response.Write("That Username or Email is already in the database")
aok = False
Else
aok = True
End If
objRS.MoveNext()
Wend

If aok = True Then
Randomize
rndnum = Int(((9521 - 521 + 1) * Rnd) + 521)
With objRS
.AddNew
.Fields("username") = uname
.Fields("password") = pword
.Fields("email") = email
.Fields("status") = "N" & rndnum
.Update
End With

Set objCDO = Server.CreateObject("CDONTS.NewMail")
objCDO.To = email

objCDO.From = "Validation Committee on Validating"
objCDO.Subject = "Validate THIS!"
objCDO.Body = "To validate your account go here : http://yoursite/val.asp?e=" & email & "&c=N" & rndnum & vbCrLf & "If the link does not work then remember that your email is " & email & " and your authorization code is N" & rndnum & vbCrLf & "-Validation Committee on Validating"
objCDO.Send()
Set objCDO = Nothing

Response.Write("We send you an email with instructions on how to validate your account")
End If

objConn.Close()
Set objConn = Nothing
Set objRS = Nothing
%>

Ok, that was quite a bit of code, but here is the explanation of what it does =

  • It first gets all of the information from the form that was submitted.
  • Then opens a database connection to the database and fills a recordset from the database.
  • Next it loops through all of the rows in the recordset looking for any fields that match the username or email address.
  • If none are found then it sets aok to True and continues.
  • If aok is True then it inserts the user into the database. Note that the status is N[random number]. This random number is the authorization code.
  • It then sends an email using CDONTS to the user with the link and the auth code.

The reason for the auth code is so that a user can't just use a false email (eg. fakeemail@sofake.com) and then validate it by going to val.asp?e=fakeemail@sofake.com. The code is only in the database and in the email sent.

The Validation

The actual validation

Now that the email has been sent and the user has been added to the database, they need to be authorized.

Form Name : AuthUser
EM AU
Email Authorization Code

 
<%
Dim email, aucode, objConn, objRS
email = Request.Form("EM")
aucode = Request.Form("AU")
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.RecordSet")
objConn.Open("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=d:\domains\aspalliance.com\wisemonk\authuser\users.mdb")
objRS.ActiveConnection = objConn
objRS.Source = "SELECT status FROM users WHERE email = '" & email & "'"
objRS.LockType = 3
objRS.Open()

If objRS.EOF Then
Response.Write("There is no user with that email in the database")
Else
If objRS.Fields.Item("status").Value = aucode Then
objRS.Fields("status") = "V"
objRS.Update
Response.Write("User Validated")
Else
Response.Write("Incorrect auth code")
End If
End If

objConn.Close()
Set objConn = Nothing
Set objRS = Nothing
%>

  • Just like before it gets the form values, opens the db connection and fills the recordset.
  • It then checks the recordset for records (to see if the email exists).
  • Then it checks the auth code against the database.
  • If both check out then the user is validated, otherwise an error is displayed.

Product Spotlight
Product Spotlight 

©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-03-29 11:11:56 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search