It's unlikely that a user would sign-up with the wrong email address if they knew they would have to activate it but yes setting up a cron or even 2 to clean out dud accounts would prevent this. 1 cron would clean out the activation table after 48 hours of inactivity the other cron could clean out the users inactive profile if the activation key doesn't exist. Or even instead of cleaning it out after 48 hours, send the user another email requesting that they activate their account within 24 hours before the system automatically deletes their data.
Cool, yeah, thanks makes sense... Yes it is unlikely that a user would use someone else's email address, but what if that delete cron was not in place and then i used your email address just to block you from using it... because when you go to sign up, you will get an error stating that that email address is already in use
If there were no cron, or I didn't understand what a cron was, I'd script it into an administrative panel so that the admin is alerted to inactive accounts enabling them to contact the owner of that account and eventually delete it manually. Cron would be much simpler though.
Do you even know PHP? Ok tell me how you are going to store it. Note that every user needs a different token. What is your method of storing? These wont work: -storing in config file.... only works when you can have one static token. A static token... I can hack in minutes. with that one token I can code a script to isntantly register enough people to fill your database and crash your mysql server. -session - token gone when browser closes. -flat file db - too risky security wise and stability wise -POST/GET var - not even going into that, you should know this already.
I have an email address that at least 3 times a week have people registering somewhere with it.... the people actually think it is their email because they try loggin in to my email too. It is an email based on a common word. I could have gained access to their new accounts. It happens all of the time, people are fooking stupid and you have to code stupid proof systems. Again I reiterate: The general population are dumb as rocks. Design your systems to be totally stupid proof. I have seen sites get crashed and hacked by total accident just from a dumb mistake a customer made. I also no people who would love to gain access to your database for the email addresses. So, secure your system because douchebags do exist. The internet is not made of sunshine and lollypops so plan accordingly. LOL, I just got this. I get this a lot because of a moron that signed up for facebook with my email address:
I'd remove all pending activations that were at least 48 hours old, not just clean all of them out every 48 hours. If I register 5 minutes before the cron job runs, I don't want my account deleted.