How can I do member registration confirmation?

Question

How can I register with CakePHP ?

After registering , it will send email for confirmation.

If I click the link for confirmation then the account will be confirmed.

How can I do this?

Is there any function with Auth to do that?

Or do I have to send mail manually to confirm registration ?

If I have to send email manually to confirm registration, then how can I generate the registration token, and how can I set time to be a valid token ?

Can anyone show an example of this?

Google says: http://www.jonnyreeves.co.uk/2008/06/cakephp-activating-user-account-via-email/ — Josh, Oct 12 '11 at 01:34

score 4 · Accepted Answer · answered Oct 13 '11 at 10:00

4

Check the source of the Cake Development Corporations users plugin, its available for CakepPHP 1.3 and 2.0. https://github.com/cakedc/users It already does everything - in a proper MVC and CakePHP way - that you request. Simply use the plugin or take some of the code.

answered Oct 13 '11 at 10:00

floriank

25,546
9
42
66

I'm not sure how to use that plugin, I have already a users_controller with add,edit,delete,login,logout actions. There is also a user model. Then if i run this command, cake migration all -plugin users , what would happen ? – cola Oct 18 '11 at 13:23
Follow the instructions in the readme.md file. You can use cake schema to import the database schema or use cake migration which requires the migrations plugin. If you already have something start over and use the plugin, its fully tested (run the tests), and extend it. This is also explained in the readme.md – floriank Oct 20 '11 at 08:38
Yes, I've wrote that in my answer. Check the 2.0 branch. – floriank Oct 21 '11 at 09:01
I think it's better to just work things out through cakephp. Plugins always give such a burden when you want to adjust the default behaviour. Hence, i don't like wordpress – bicycle Jul 29 '13 at 04:09

score 3 · Answer 2 · answered Oct 12 '11 at 10:45

user table:

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(255) COLLATE utf8_persian_ci NOT NULL,
  `password` varchar(255) COLLATE utf8_persian_ci NOT NULL,
  `email` varchar(100) COLLATE utf8_persian_ci NOT NULL,
  `created` datetime NOT NULL,
  `status` tinyint(1) NOT NULL,
  `activation_code` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_persian_ci AUTO_INCREMENT=4 ;

when user registered, u can set a unique string (sample: md5(time()) or any thing...) in activation_code field. now send email like this url to user:

http://test/controller/action/activation_code

now you have to check in your action that this activation_code is in user table or not.

and if is then is that status = disable or not....

score 2 · Answer 3 · answered Oct 12 '11 at 01:38

You can easily generate a hashcode like a token in PHP and validate it's duration by a TimeStamp. For email just use the Email component like this. If you want to use Auth Component, be sure that your form give you the correct hash for password.

function register() {
    $error = false;
    $error_captcha = null;
    if(isset($this->data)){
        App::import('Component','Generate');
        App::import('Component', 'Converter'); 
        App::import('Component','Email');
        if(empty($this->data['User']['password'])||strlen($this->data['User']['password'])<5){
            $this->User->invalidate("password");
            $error = TRUE;
        }
        if($this->data['User']['password']<>$this->data['Temp']['password']){
            $this->User->invalidate("seotitle");
            $error = TRUE;
        }       
        $captcha_respuesta = recaptcha_check_answer ($this->captcha_privatekey,
        $_SERVER["REMOTE_ADDR"],
        $_POST["recaptcha_challenge_field"],
        $_POST["recaptcha_response_field"]);
        if ($captcha_respuesta->is_valid && !$error) {
        $this->data['User']['coderegistration'] = $this->generate->getUserCode();
        $this->data['User']['displayname'] = $this->data['User']['firstname'] . " " . $this->data['User']['lastname'];
        $this->data['User']['seotitle'] =  $this->converter->seotitle($this->data['User']['username']);
        $this->data['User']['password'] =  md5($this->data['User']['username'].$this->data['User']['password']);
        $this->User->id = NULL;
        if($this->User->save($this->data)){
            /*
            =========================
            send email notification
            =========================
            */
            $email = $this->data['User']['email'];              
            $content = sprintf('<a href="%s/%s">here</div>', $this->url, $this->data['User']['coderegistration']);
            $this->email->to = $email; 
            $this->email->subject = 'you have been registered, please confirm'; 
            $this->email->replyTo = 'mail@mail.com'; 
            $this->email->from = "name <mail@mail.com>";                
    $this->email->template = 'notification'; 
            $this->email->sendAs = 'html';
        $this->set('value', $content);  
        if($this->email->send()){
                // OK                   
        }else{
            trigger_error("error Mail");
        }
        }




        }else{
           $error_captcha = $captcha_respuesta->error;
           $this->set('error_email',true);
        }



    }
    $this->setTitlePage();
    $this->layout = "home";
    $this->set('backurl', '/');
    $this->set('posturl','');
    $this->set('captcha_publickey',$this->captcha_publickey);

    }

It sends an email after registering with a generated Code. You just can add a field to your User Table, code, emailauthentificated, and created. When the user visit the link confirmation, cakephp receive the code and check if the user exist, if the created timestamp is not too old, and just set the emailauthentificated field to True. — papachan, Oct 18 '11 at 15:17

score 2 · Answer 4 · answered Oct 12 '11 at 11:34

2

to send the email load the Email component also . The register function given already is good and you should go with that.

basically concept is to add user, then create a token (With timestamp ro whatever) and save this to a database, then send an email with a link to that token.

Then when the user clicks the link to the token you set user = active and they are now registerd and can login.

A good tip for your Auth therefore is add a "scope" (check the cakephp docs for 1.3) to Auth. Make this scope the condtion that active = 1. So that way they will need to have confirmed from the email link, and can never login until this is done. Easy!

answered Oct 12 '11 at 11:34

Luke Barker

915
7
14

Suppose one has requested to register with a "username" , so the username and it's relavent authentication code is saved to the database table. Now if someone else wants to register with the same username what would happen ? – cola Oct 13 '11 at 06:38
well then a user already exists with that username, so you should be picking that up with validation when saving a user from the register form. There is a isUnique() validation check in Cakephp. You can use that on your username field and report an error to user that the username they want is gone! – Luke Barker Oct 18 '11 at 12:01

How can I do member registration confirmation?

4 Answers4