E-Mail Verification Script In PHP Using Mailgun API


As years goes, so does the increase in SPAM on the web. Most users sign up on services with a fake E-Mail. They might even use other’s E-Mail for signing up. This is a big problem, because when you send an email to the signed up user, it goes to the wrong guy. So, you should verify user’s email before signing them up. You might think that it would cost database memory. Don’t worry, because my script won’t require storage of verification codes on database.

Dependencies

  1. Mailgun API key
  2. send_mail() function which you will get from here.
  3. rantext() function which you will get from here.
  4. encrypter() function which you will get from here.
  5. decrypter() function which you will get from here.
  6. session_start() function which should be added on the starting of every page we are going to create

We have three pages :

  1. register.php
  2. verify.php
  3. config.php

config.php

This file contains the configuration variables including database connection and the **checkVerification() **function which check whether the user has verified his/her email. Example :

<?

$db=”database”;

$host=”127.0.0.1″;

$usr=”Username”;

$pass=”Password”;

$dbh=new PDO(“mysql:dbname=$db;host=$host”, $usr, $pass);

/* E-Mail Verification Configuration – START*/

$secure_code=””;/* A Security Code. Should only contain numerals and alphabetic characters */

/* E-Mail Verification Configuration – END*/

function checkVerification(){

 global $_SESSION;

 global $_POST;

 $code=$_POST[‘code’]==”” ? $_SESSION[‘code’] : “subinsb.com”;

 if($_SESSION[“token”]==decrypter($code)){

  return true;

 }else{

  return false;

 }

}

?>

register.php

This file contains the sign up form. If the email isn’t verified, the page will redirect to verify.php which shows verify form. If email’s verified, then the page will show other fields like name, age, location etc…. (this is represented as /* Other form fields */ in the code ).

The following code is the whole script which displays the form for every action.

<?

include(“config.php”);

if(checkVerification()==false){

header(“Location: /verify.php”);

}else{

/* Other Form Fields. Add Other Form Fields Here. Example : */

?>

Name :

<?

}

if(isset($_POST[‘submit’])){

// Process Form Submission and finally destroy the session

session_destroy();

}

?>

verify.php

This file processes the verification stuff. If the user has verified the email then this page will redirect to register.php :

<?

include(“config.php”);

if(isset($_POST[‘verify’]) && isset($_POST[‘code’])){

 $code=$_POST[‘code’];

 if($code==””){

  die(“

No Code Entered.

Please Enter A Code
”);

 }

 if(checkVerification()==false){

  die(“

Wrong Verification Code.

”);

 }

 $_SESSION[‘code’]=$_POST[‘code’];

}

if(isset($_POST[‘verify’]) && isset($_POST[‘mail’])){

 /* Check values and send verification code to email */

 $email=$_POST[‘mail’];

 $password=””;/* A key that is */

 if(!preg_match(‘/1+[a-zA-Z0-9_.-]+[a-zA-Z0-9_-]+@[a-zA-Z0-9]+[a-zA-Z0-9.-]+[a-zA-Z0-9]+.[a-z]{2,4}$/’,$email)){

  die(“

E-Mail Is Not Valid

”);

 }

 /* You can add the checking if the email exist on database in this section */

 $highcode=encrypter($_POST[‘mail’].$secure_code);

 $_SESSION[“token”]=$highcode;

 send_mail($email,”Verify Your E-Mail”,”You requested for registering on “.$_SERVER[‘HTTP_HOST’].”. For signing up, you need to verify your E-Mail address. Paste the code below in the input field of the page where you requested for signing up.

”.$highcode.”
”);

?>

An E-Mail containing a code have been sent to the E-Mail address you gave us. Check Your Inbox for that mail. The mail might have went to the SPAM folder. Hence you have to check that folder too.

 Paste The Code you received via E-Mail below
 
 

<?

}elseif(checkVerification()==false){

?>

 Type In Your E-Mail To Continue Signup Process.
 
 
 You can only sign up if you verify your email.

<?

}elseif(checkVerification()==true){

 header(“Location: /register.php”);

}

?>

This post is very long and it’s possible that I made errors on some places. So if you find any errors, or had errors when you run this script, please report it via comments. I will be glad to help you.


  1. a-zA-Z0-9 [return]