Intro & Getting Started
This tutorial will teach you how to create an activation system for a newly registered member on your user system.
To get started on this, you need to do a few things, first one, edit the user system table, where the users are stored, you need to add another two coloumns.

`actcode` VARCHAR(10) NOT NULL,

`activated` VARCHAR(5) NOT NULL default 'no'

Then you need to open two pages which you should have, your register page, and your login page, and also make a new page called activate.php

Register
The first page you need to start off with, is to edit the register page, my page is called register.php funny enough, and it asks them to enter in a username, password (and again to check it) and also their email. Before inserting the information into the database, we need to make up an activation code, so find a suitable place in your code to add the following.

/*

                Now we need to make sure they validate their account properly, so we don't get spammers or hackers, for this, we set an activation code to be sent to their email in order to access

                their account. We set a variable with all the alphabet and numbers, then we make another variable to take out a number of strings with our alphanum variable being shuffled.

                */

                $alphanum  = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; //Alphabet and numbers

                $activation = substr(str_shuffle($alphanum), 0, 7); //Take out strings with the shuffled alphanum variable, from the start to 7 characters.

                

Now when actually inserting the information into the database. We need to add an extra two fields. Mine goes as follows.

INSERT INTO `users` (`username`, `password`,` email`, `actcode`, `activated`)

and of course, to top if off, the VALUES are.

VALUES('$username','$password','$email','$activation','no')

Sending the email
Know how to send email using PHP? No... well you'll find out, yes? Great, this should be easy for you.

We want to send the user that just registered their activation link. Below are sections of the code to do this.

$to = "$email";

$re = "Activate Account";

The $to is the registered user email address, for me I use $email because when they registered, I stored their email address in the variable named $email. The $re is the variable holding the subject of the email, in this case, the emails subject will be called Activate Account.

$msg = "This is an automated message, please do not reply.



You are receiving this email because you or someone else has registered to our site with this email. If you think this is a mistake then please contact the administrator on [email protected]



Thank you for registering with address.com - but before you can log in you will need to activate your account, you can do this by clicking the link below.



http://www.address.com/activate.php?code=".$activation."



address.com Team.";

This will be the message that will be sent to the email address, the body text. There are a few bits you need and can change, but the most important section is the activate.php?code=".$activation."

The $activation is our variable where we stored the activation code, and we use ?code= so on our activate.php we can use a GET function in order to get the code from the url.

$headers = "From: [email protected] rn";

the headers is who it's from, pretty simple.

if(mail($to,$re,$msg, $headers)){

echo("Thank you for registering, but before you can log in you need to activate your account. Please check your emails.");

}else{

echo("An error occured while sending an email. Please contact the site administrator.");

}

And now to send the email, we use an if for this incase we get any errors while sending the email. To send a php email, we use the function called mail() - pretty surprising function name huh?

While using mail, you need to have their email address first, the subject, the message then who it's from, if it succeeds, who say they first need to activate their account and they've been sent an email with the activation link on it. If not, we show an error message, but about 99% of the time it works.

So now this bit in full code.

$to = "$email";

$re = "Activate Account";

$msg = "This is an automated message, please do not reply.



You are receiving this email because you or someone else has registered to our site with this email. If you think this is a mistake then please contact the administrator on [email protected]



Thank you for registering with address.com - but before you can log in you will need to activate your account, you can do this by clicking the link below.



http://www.address.com/activate.php?code=".$activation."



address.com Team.";

$headers = "From: [email protected] rn";

/*

Time to send the email, the mail() function sends the email, we're using if to make sure that it has definately been sent. So if it has, we show the thank you for registering.

*/

if(mail($to,$re,$msg, $headers)){

echo("Thank you for registering, but before you can log in you need to activate your account. Please check your emails.");

}else{

echo("An error occured while sending an email. Please contact the site administrator.");

}

Activating the account
This is a pretty simple job, I will split the code up and explain what each bit does, then show the code as a whole piece after.

<? //Start php

    if($activation = $_GET['code']){

In the url, we should have a ?code={7chars} in it, this is the users activation code. We use teh $_GET function in order to pull it out of the url into a variable called $activation. We have this inside a an if statement to make sure that we have the code, so if the code is empty, then it we can return an error message.

if($activation != NULL){

Making sure it definately isn't empty, just a precautionary step.

$acti = "SELECT actcode FROM users WHERE actcode = '$activation'";

$acti = mysql_query($acti);

$actin = mysql_num_rows($acti);

We select the actcode from users where the actcode equals the activation code we have in the url. We query this, and use a mysql_num_rows function to check to see how many rows we have with the equal activation code. We should get one of two results.

0, which means the activation is wrong because there is no equal code in the database.
1, which means the activation is correct because we have one matching code in the database.

if($actin > 0){

so if it equals more than 0, in other words, 1.

$update = "UPDATE `users` SET `activated`='yes' WHERE `actcode`='$code'";

$update = mysql_query($update) or die(mysql_error());

We update the table to set activated as yes where the actcode equals the code we have stored in the variable. We use a die function so if we get any errors, we know why it hasn't worked.

echo("You have successfully activated your account. You may now log in. Thank you.");

}else{

echo("Activation code is incorrect.");

}

We show that they have successfully activated their account. The else statement is there from the if it's more than 0, so this else will be for "If it was 0 rows) then we say that their activation code is incorrect.

}else{ //if code was blank

echo("Code is blank.");

        }

    }else{

        echo("No activation code.");

    }

?>

To finish it all off, the else statements for the last set of ifs that we have done. And of course, to end the php with a ?>.

Now to show the code in full, with comments.

<? //Start php

    /*

    In the url we should have &code={characters} in it, this is the users activation code. We use the $_GET function in order to pull it out of the url into a variable. We use the if statement in this to make sure that we have it here, if it we dont, then we can show a message that it's not there.

    */

    if($activation = $_GET['code']){

        //Check to see if it's not empty

        if($activation != NULL){

            /*

            Now we got the activation code they came here with, we need to select from the database where the activation code equals any from the table.

            */

            $acti = "SELECT activation FROM users WHERE actcode = '$activation'";

            $acti = mysql_query($acti);

            //We want to find out if there are any rows with this, if so, it should come up with 1, if not, then 0.

            $actin = mysql_num_rows($acti);

            //Using the if statement, we can see if the activation is correct, since it should return higher than 0.

            if($actin > 0){

                //We edit the table to make activated in yes.

                $update = "UPDATE `users` SET `activated`='yes' WHERE `activation`='$code'";

                $update = mysql_query($update) or die(mysql_error());

                echo("You have successfully activated your account. You may not log in. Thank you.");

            }else{ //If it was 0 rows

                echo("Activation code is incorrect.");

            }

        }else{ //if code was blank

            echo("Code is blank.");

        }

    }else{

        echo("No activation code.");

    }

?>

Are they activated?
Last bit to do, open up your are login page. When a user tries to log in, it usually selects information from the table where the username equals what was entered, mine does. But also does a bit more than that, it also selects it from the username entered and also where activated is yes. Here's there query.

mysql_query("SELECT * FROM users WHERE username = '$username' AND activated = 'yes'") or die(mysql_error());

My system will turn out with saying Incorrect Username or Password, since technically their account isn't made until it's activated.

And that's it, your done. The tutorial is quite advanced, and has got quite a lot of different things to go on, but I hope you understand it and that it has helped you out.

dotSilver
magicka-studio