1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Account Activation

Discussion in 'PHP' started by oo7ml, Nov 13, 2012.

  1. scottlpool2003

    scottlpool2003 Well-Known Member

    Messages:
    1,708
    Likes Received:
    49
    Best Answers:
    9
    Trophy Points:
    150
    #21
    It's unlikely that a user would sign-up with the wrong email address if they knew they would have to activate it but yes setting up a cron or even 2 to clean out dud accounts would prevent this.

    1 cron would clean out the activation table after 48 hours of inactivity the other cron could clean out the users inactive profile if the activation key doesn't exist.

    Or even instead of cleaning it out after 48 hours, send the user another email requesting that they activate their account within 24 hours before the system automatically deletes their data.
     
    scottlpool2003, Nov 15, 2012 IP
  2. oo7ml

    oo7ml Well-Known Member

    Messages:
    656
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    105
    #22
    Cool, yeah, thanks makes sense...

    Yes it is unlikely that a user would use someone else's email address, but what if that delete cron was not in place and then i used your email address just to block you from using it... because when you go to sign up, you will get an error stating that that email address is already in use
     
    oo7ml, Nov 15, 2012 IP
  3. scottlpool2003

    scottlpool2003 Well-Known Member

    Messages:
    1,708
    Likes Received:
    49
    Best Answers:
    9
    Trophy Points:
    150
    #23
    If there were no cron, or I didn't understand what a cron was, I'd script it into an administrative panel so that the admin is alerted to inactive accounts enabling them to contact the owner of that account and eventually delete it manually.

    Cron would be much simpler though.
     
    scottlpool2003, Nov 15, 2012 IP
  4. oo7ml

    oo7ml Well-Known Member

    Messages:
    656
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    105
    #24
    Yeah cool, cron all the way... thanks...
     
    oo7ml, Nov 15, 2012 IP
  5. DomainerHelper

    DomainerHelper Well-Known Member

    Messages:
    445
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    100
    #25
    Do you even know PHP?

    Ok tell me how you are going to store it. Note that every user needs a different token. What is your method of storing?

    These wont work:

    -storing in config file.... only works when you can have one static token. A static token... I can hack in minutes. with that one token I can code a script to isntantly register enough people to fill your database and crash your mysql server.

    -session - token gone when browser closes.

    -flat file db - too risky security wise and stability wise

    -POST/GET var - not even going into that, you should know this already.
     
    Last edited: Dec 8, 2012
    DomainerHelper, Dec 8, 2012 IP
  6. DomainerHelper

    DomainerHelper Well-Known Member

    Messages:
    445
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    100
    #26
    I have an email address that at least 3 times a week have people registering somewhere with it.... the people actually think it is their email because they try loggin in to my email too. It is an email based on a common word. I could have gained access to their new accounts. It happens all of the time, people are fooking stupid and you have to code stupid proof systems.

    Again I reiterate: The general population are dumb as rocks. Design your systems to be totally stupid proof. I have seen sites get crashed and hacked by total accident just from a dumb mistake a customer made. I also no people who would love to gain access to your database for the email addresses. So, secure your system because douchebags do exist. The internet is not made of sunshine and lollypops so plan accordingly.

    LOL, I just got this. I get this a lot because of a moron that signed up for facebook with my email address:


     
    Last edited: Dec 8, 2012
    DomainerHelper, Dec 8, 2012 IP
  7. Rukbat

    Rukbat Well-Known Member

    Messages:
    2,908
    Likes Received:
    37
    Best Answers:
    51
    Trophy Points:
    125
    #27
    I'd remove all pending activations that were at least 48 hours old, not just clean all of them out every 48 hours. If I register 5 minutes before the cron job runs, I don't want my account deleted.
     
    Rukbat, Dec 8, 2012 IP