by . .
Feedback
|
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days):
23857/
27
|
|
|
Introduction |
Verify your members
Published 12/30/01 - For
Classic ASP
Introduction
I see an increasing amount of
sites trying to prevent people from signing up with fake emails and multiple
accounts, one way that they do this is to send an email to the person with a
link to a page that validates them against the system so their account will
work. In this article I'll show you how to create a system like this.
|
The Plan |
The Plan
Here is the plan of attack to
validate members -
-
The person signs up and their
info is added to the database, however their account is marked as 'not
validated' and cannot log-in until it is 'validated'.
-
An email is sent to them with a
link that contains their email and an activation code.
-
They click on this link and are
transported to a page
-
The page takes those two values
and looks them up in the database to mark their account as 'validated'
The database will look something
like this -
Table Name :
Users |
ID |
Username |
Password |
Email |
Status |
Primary Key, Auto Number |
Must be unique. Text |
Text |
Must be unique, text |
Text, either V (validated) or
N (not validated) |
The form -
Form Name :
NewUser |
UN |
PWD |
EM |
Username field. |
Password field. |
Email field. |
|
The Code |
The code
This is the code that checks the user and sends
the email -
<%
Dim objConn, objRS, uname, pword, email, aok, rndnum, objCDO, sqlstatement
uname = LCase(Request.Form("UN"))
pword = LCase(Request.Form("PWD"))
email = LCase(Request.Form("EM"))
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.RecordSet")
objConn.Open("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=d:\domains\aspalliance.com\wisemonk\authuser\users.mdb")
objRS.ActiveConnection = objConn
objRS.Source = "SELECT * FROM users"
objRS.LockType = 3
objRS.Open()
While Not objRS.EOF
If (objRS.Fields.Item("username").Value = uname) OR (objRS.Fields.Item("email").Value
= email) Then
Response.Write("That Username or Email is already in the database")
aok = False
Else
aok = True
End If
objRS.MoveNext()
Wend
If aok = True Then
Randomize
rndnum = Int(((9521 - 521 + 1) * Rnd) + 521)
With objRS
.AddNew
.Fields("username") = uname
.Fields("password") = pword
.Fields("email") = email
.Fields("status") = "N" & rndnum
.Update
End With
Set objCDO = Server.CreateObject("CDONTS.NewMail")
objCDO.To = email
objCDO.From = "Validation Committee on Validating"
objCDO.Subject = "Validate THIS!"
objCDO.Body = "To validate your account go here : http://yoursite/val.asp?e="
& email & "&c=N" & rndnum & vbCrLf & "If the link does not work then
remember that your email is " & email & " and your authorization code is
N" & rndnum & vbCrLf & "-Validation Committee on Validating"
objCDO.Send()
Set objCDO = Nothing
Response.Write("We send you an email with instructions on how to validate
your account")
End If
objConn.Close()
Set objConn = Nothing
Set objRS = Nothing
%> |
Ok, that was quite a bit of code, but here is
the explanation of what it does =
- It first gets all of the information from
the form that was submitted.
- Then opens a database connection to the
database and fills a recordset from the database.
- Next it loops through all of the rows in the
recordset looking for any fields that match the username or email address.
- If none are found then it sets aok to True
and continues.
- If aok is True then it inserts the user into
the database. Note that the status is N[random number]. This random number
is the authorization code.
- It then sends an email using CDONTS to the
user with the link and the auth code.
The reason for the auth code is so that a user
can't just use a false email (eg. fakeemail@sofake.com) and then validate it
by going to val.asp?e=fakeemail@sofake.com. The code is only in the database
and in the email sent.
|
The Validation |
The actual validation
Now that the email has been sent and the user
has been added to the database, they need to be authorized.
Form Name :
AuthUser |
EM |
AU |
Email |
Authorization Code |
<%
Dim email, aucode, objConn, objRS
email = Request.Form("EM")
aucode = Request.Form("AU")
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.RecordSet")
objConn.Open("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=d:\domains\aspalliance.com\wisemonk\authuser\users.mdb")
objRS.ActiveConnection = objConn
objRS.Source = "SELECT status FROM users WHERE email = '" & email & "'"
objRS.LockType = 3
objRS.Open()If objRS.EOF Then
Response.Write("There is no user with that email in the database")
Else
If objRS.Fields.Item("status").Value = aucode Then
objRS.Fields("status") = "V"
objRS.Update
Response.Write("User Validated")
Else
Response.Write("Incorrect auth code")
End If
End If
objConn.Close()
Set objConn = Nothing
Set objRS = Nothing
%> |
- Just like before it gets the form values,
opens the db connection and fills the recordset.
- It then checks the recordset for records (to
see if the email exists).
- Then it checks the auth code against the
database.
- If both check out then the user is
validated, otherwise an error is displayed.
|
|
|
|
Product Spotlight
|
|