I'm not sure which of those was the question. lol. If its about the encoding then from your tries you should no that there is no way to be sure the user will get a link they can click. In practice I never, and you shouldn't either, click links in emails. Instead it is much safer to cut and paste the link into a browser. In that case your script just needs to email a link to the user with instructions for them to paste it back into the browser. Then you just make sure that said link goes to your script. You'll want some form of table to store users who are awaiting authentication, then when they hit the script it chekcs the code they entered and approves there account when their code comes in.

Same could be done with the email solutions others have suggested, your script just needs to periodicaly check the email and parse the incoming messages.