<?php include 'config.php'; $id = $_GET['id']; $query = mysql_query("SELECT * FROM Users WHERE Actkey = '$id' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($query); if(mysql_num_rows($query) > 0){ $user = $row['id']; $do = mysql_query("UPDATE Users SET Activated = 1 WHERE id = '$user' LIMIT 1") or die(mysql_error()); $send = mail($row['Email'] , "Activation Confirmation" , "Thank you for activating your account, you are now fully registered and able to use our services.\n\nTo login, click the link below:\nhttp://CHANGETHISURL.COM/login.php" , "FROM: auto@mailer.com"); if(($do)&&($send)) { echo '<link href="style.css" rel="stylesheet" type="text/css"> <div id="success"> <p>Activation successful! A confirmation email has been dispatched. You can now login!</p> <p><a href="login.php">Click here</a> to goto the login page.</p> </div>'; } else { echo '<link href="style.css" rel="stylesheet" type="text/css"> <div id="error"> <p>We are sorry, there appears to be an error processing your activation. Please try again later.</p> </div>'; } } else { echo '<link href="style.css" rel="stylesheet" type="text/css"> <div id="error"> <p>Sorry, your activation code was incorrect. Please try again.</p> </div>'; } mysql_close($l); ?>

This script takes the header variable “id” which is (when the script is run properly) a 40 character sha1() hash of a randomly generated number and some random letters. There is no need to process individual ID numbers in this script as we can just search through the database to find a user with the exact same activation key - the chances of two users awaiting validation having the same hashed code is infinitesimally small.   Of course, once the appropriate user has been found, his/her Activated value will be set to 1, thus activating/validating them. If not, the user gets an error message.

The most important thing to remember in this script is that you must edit the mail() function and change the URL to your URL instead of the text “CHANGETHISURL.COM” - otherwise the user will not know where or how to login!

That was simple wasn't it? Activation is just there so that the registration form can’t be spammed, and ensures an authentic registrant. If you want to be superior, you could write yourself an administration panel with a function to delete all unactivated accounts that have been sitting for X amount of time, because when you register, it logs the date! This opens up a world of possibility for future modifications!

- Tutorial written by Scrowler