Email verification is a critical component of any online application that requires user authentication. Without it, users could register with fake or invalid email addresses, leading to issues with communication, spam, and overall integrity of your user base. This guide will walk you through the process of implementing an effective email verification system in PHP.
Verifying user email addresses during registration helps ensure the authenticity of your users. It is a straightforward process but requires careful consideration to ensure security and usability. In this guide, we'll cover how to set up the necessary components to handle email verification in a PHP application.
Email verification serves several critical purposes:
Before you start, make sure you have the following:
First, create a new directory for your project and set up your basic structure. Your project directory might look something like this:
email_verification/
├── config.php
├── register.php
├── verify.php
├── success.php
├── database.sql
└── mailer.php
The config.php file will contain your database and email server configuration.
<?php
$host = 'localhost';
$db = 'email_verification';
$user = 'root';
$pass = '';
$dsn = "mysql:host=$host;dbname=$db;charset=utf8mb4";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
try {
$pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
// Email configuration
$mailer = [
'host' => 'smtp.your-email-provider.com',
'username' => 'your-email@example.com',
'password' => 'your-email-password',
'from_email' => 'no-reply@example.com'
];
?>
Next, create a MySQL database and a table to store user information. You can use the following SQL script:
CREATE DATABASE IF NOT EXISTS email_verification;
USE email_verification;
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
token VARCHAR(255) DEFAULT NULL,
verified TINYINT(1) DEFAULT 0,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
Run this script in your MySQL database to set up the necessary table.
Create an HTML form to allow users to register by providing their email and password.
<?php
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$token = bin2hex(random_bytes(50)); // Generate a secure token
$stmt = $pdo->prepare('INSERT INTO users (email, password, token) VALUES (?, ?, ?)');
$stmt->execute([$email, $password, $token]);
require 'mailer.php';
sendVerificationEmail($email, $token, $mailer);
echo "A verification email has been sent to your email address.";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
</head>
<body>
<h2>Register</h2>
<form action="" method="POST">
<input type="email" name="email" required placeholder="Email">
<input type="password" name="password" required placeholder="Password">
<button type="submit">Register</button>
</form>
</body>
</html>
To send the verification email, you can use PHP's mail() function or a library like PHPMailer. Here, we'll use PHPMailer for better reliability and features.
First, install PHPMailer using Composer:
composer require phpmailer/phpmailer
Then, implement the sendVerificationEmail function in mailer.php:
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require 'vendor/autoload.php';
function sendVerificationEmail($email, $token, $mailerConfig) {
$mail = new PHPMailer(true);
try {
//Server settings
$mail->isSMTP();
$mail->Host = $mailerConfig['host'];
$mail->SMTPAuth = true;
$mail->Username = $mailerConfig['username'];
$mail->Password = $mailerConfig['password'];
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = 587;
//Recipients
$mail->setFrom($mailerConfig['from_email'], 'Mailer');
$mail->addAddress($email);
//Content
$mail->isHTML(true);
$mail->Subject = 'Email Verification';
$mail->Body = "Please click the link below to verify your email address: <a href='http://yourdomain.com/verify.php?token=$token'>Verify Email</a>";
$mail->send();
echo 'Verification email has been sent';
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
}
?>
Now, let's build the script to handle the email verification when the user clicks the link in their email.
<?php
require 'config.php';
if (isset($_GET['token'])) {
$token = $_GET['token'];
$stmt = $pdo->prepare('SELECT id FROM users WHERE token = ? AND verified = 0');
$stmt->execute([$token]);
$user = $stmt->fetch();
if ($user) {
$stmt = $pdo->prepare('UPDATE users SET verified = 1, token = NULL WHERE id = ?');
$stmt->execute([$user['id']]);
header('Location: success.php');
exit();
} else {
echo 'Invalid token or email already verified.';
}
} else {
echo 'No token provided.';
}
?>
Finally, create a success page to display when the user successfully verifies their email.
<!DOCTYPE html>
<html>
<head>
<title>Verification Success</title>
</head>
<body>
<h2>Email Verified Successfully</h2>
<p>Your email has been verified. You can now log in.</p>
</body>
</html>
Email verification is essential for any application that relies on user authenticity. By following the steps outlined in this guide, you can implement a secure and effective email verification system in PHP. This not only helps protect your application from spam and unauthorized access but also ensures better communication with your users.
Make sure to test each component thoroughly and handle any potential errors gracefully. With this guide, you now have a strong foundation to build upon and improve the security and reliability of your user registration process.