I think you're trying to make things too difficult. I've done something similiar
on some sites I've designed - I'm simplifying it greatly for the sake of brevity.
Simply - when you have the person sign up - assign a random value to their
database entry.
Have this value be a simple random number, say "58390".
Then mail them the url to an "activation" script. Something like
http://yoursite.com/activate.pl?username=bob&code=58390
Then have the activate.pl script parse the variables and cross reference
that random number (using the username) with the one that was assigned.
If that number matches the correct one for user "bob" then go ahead
and make his account active because you know you have a valid email now.
You now know that this user has a valid email - without forcing them to type
crazy random passwords. Only one click.
Hope this helps. You can get fancier, but this basic concept has worked for
me.
| [reply] |
| [reply] |
You mentioned having to communicate with sendmail.
If you
haven't looked at Mail::Sendmail from CPAN, it's worth your
time to do so. However, if anybody knows any defects
about this module, please let me know . . .
| [reply] |
I did something similar to an e-mail redirection system I wrote a couple of years ago. Basically when they signed up (via the web), a random ID string was assigned to them and stored along with their database record. An e-mail was then dispatched saying to reply to the message. I set the From/Reply-To address to an address that was procmailed and fed the e-mails into another script that examined it, looked for the ID string, and if it matched the user contained in the message, it would flag them as validated and send off a second welcome message. The "ID" string was actually a concatenation of their username and the random key they were assigned, so it was easy to break apart and compare in the database.
Others have mentioned sending them a URL with a key embedded might work just as well, and I'd have to agree, but IMO replying to an e-mail is a lot easier than cutting/pasting a URL, though since most people nowadays use HTML-aware GUI e-mail clients, that's not such a big deal anymore. I just like keeping everything in one application. If they're going to be validated by e-mail, let them do it all by e-mail (especially if it's as easy as a simple reply). Don't make them start up a web browser session just to complete the process. *shrug*. Personal taste.
Regardless, the system has been running for about 2 years and is entirely automated with a few hundred users (not big, but it's for a select group of members). It's nice being able to code something that's entirely maintenance-free, which is what an automated verification system like this provides!
Unfortunately I'm not aware of any Perl modules to help automate this task, aside from the standard SMTP or Sendmail abstraction modules. Regardless, it's not too complex, and if you go the procmail route, a simple procmail rule will get the contents of the e-mail message sent to the STDIN of your script. Easy to parse. | [reply] |