Home: PHP Diary | Script School | PHP Scripts | TD Scripts.com
TD Pic of Day PHP - Run your own picture of the day script from any site anywhere with this handy script


[back]go back 01/11/03 "Double opt-in mail lists, MD5, unique URLs" go forward[next]

What is a double opt-in email list?

Sooner or later you want to validate an email address to make absolutely certain who you are sending mail to really wants the mail. The process of allowing someone to fill out a form and then have a (php) program send that person and email to click a unique URL inside the mail to validate is known as creating a double opt-in email list. You might recall I covered how to create a subscribe / unsubscribe mail list (122899) (122999) and (123099) That list was a single opt-in email list and it is the list I used for this website. But what if I wanted to make the list double opt-in instead?

Let's use the same mail script I've already created in these diary entries and just tweak the subscribe script. You'll find the code for the subscribe script in the (122999) diary entry. All I need to do is add a validation branch to this code.

Adding a Validation branch

A validation branch of code would be a section of code just before actually adding the email address to the flat text file. This will check for the existence of a unique string or piece of code. There are many different ways one could go about generating a unique validation string, but here's three common ones

1) generate a random letter / number combination and write to temporary file (file write required).
2) generate an MD5 hash store in a php session (no file write required, browser session only). The downside to this method is that if the user returns the next day and/or after the browser session has expired they will not be able to properly validate the email address. Some email at some ISP is delivered painfully slow. The upside is you can make sure that it validates the user during that browser session. You could also set a cookie (cookies are discussed in diary entry: 122399), but if the user rejects the cookie, then you are kind of out of luck.
3) generate an MD5 using a secret code word and the email address we are validating to form the MD5 hash. This is the method I've chosen to use for this example.

What is an MD5 hash?

First of all, this is not encryption. If you want to do full encryption then consult the mcrypt library. Here's a quote about MD5 according to the php manual:

"....using the RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns that hash. The hash is a 32-character hexadecimal number."

So let's use the following example form:

Example 37. How to generate a unique ID for double opt-in email verification 

 
(Note: this form actually works, but it does not actually add your email address to any list, so don't worry about receiving any email by testing it out, because you won't)

The HTML code for this form:

<form method=POST action="example37.php">
<input type="text" name="e_addy" size="20"><input type="submit" value="Validate my email">
</form>

How to use MD5

Here's how the MD5 part of constructing a hash works:

<?
// create the MD5 hash 
$secret_code = 'secret'; // be sure to change this to something else
$formatted_email = preg_replace("/(-|\@|\.)/", "", $email_address);
$hashed = md5("$secret_code $formatted_email");
?>

Now let's construct the complete example37.php script which will gather up e_addy, verify its syntax, generate an MD5 hash and mail out the verification URL. Here's the complete source code for example 37:

Example 37. How to generate a unique ID using MD5 source code

Code string is being broken up?

Some mail programs will chew up the validation string if it is too long, so you might want to add the message to the email body that says something like: "If you mail program breaks up the validation string, then just cut and paste to your browser"

Another technique is to give them a URL to go to and just type in an ID code along with their email address, therefore you'd need a third parameter in the $hashed variable described above -- or more typically is a temporary ID record number in a database.

Happy coding to you!

Please vote on the usefulness of this diary entry so other people will know if it is worth their time to read :)

How useful was this diary entry? Avg Surfer Rating: 4.25 (315)

New forum for discussion of diary entries

The homeroom at Script School is available to discuss this and other php-scripts.com diary entries. You must be an enrolled student at Script School to add comments to these diary entries.

[back]go back 01/11/03 "Double opt-in mail lists, MD5 hash, unique URLs" go forward[next]

Home: PHP Diary | Script School | PHP Scripts | TD Scripts.com

Copyright 1999-2003 php-scripts.com Last Modified 01/11/03 03:00