What are the ways to verify a user by email?

Z

Z_Coder2014-01-26 15:43:51

Perl

Z_Coder, 2014-01-26 15:43:51

Hello. I use a regular registration script with email confirmation. That is, the user enters a login (aka email) and a password, after which a link to the verification page flies to the email specified by him with a get parameter in the form of a unique hash that is stored in the database with his login and password. On the verification page, the hash that is in the database and that came inside the get parameter are compared, etc.
Question: how can I reliably determine the email address from which the user went to confirm? Theoretically, the confirmation link may fly to the wrong place and another person will already pass the verification. How do you compare a user who just went through the registration process and a user who went through the confirmation link?
Perhaps the answer to this question is simple, but I do not have much experience in this matter, so I'm asking for advice.
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

Y

Yuri Shikanov, 2014-01-26
@Z_Coder

If you are afraid that the link will accidentally end up on another email (which is very unlikely), ask, after clicking on the link, to enter the email address specified during registration and check with the value from the database.

S

seweb, 2014-01-26
@seweb

Add your email address to the verification link. In my opinion, this is the best option.

T

trall, 2014-01-26
@sashablashenkov

The first thing that came to mind was to check the registration IP and the IP of the link. Well, there is a time limit, the link will work for n minutes.
And do it all together

D

DuD, 2014-01-28
@DuD

You can view the referer.
But this solution is already more for self-testing. Those. if the referer contains the required email, then the probability that the user is who he claims to be is higher.