"click here to activate" functionality 1

[guitarzan]

I'm sure there is a better way to describe this, but I can't seem to find it (or Google would have helped me to find this).

I'm looking to automate the "activation" of a new user to a site (classic asp) I am working on. That is, the user signs up with a username and an email address, and an email is sent to them saying "click here to activate your account", with a link like:

http://mysite.com/activate.asp?longquerystringhere

the query string would be encrypted, and activate.asp would parse that query string, and set whatever database flag is necessary to activate that users' account.

I can handle all of the above coding, except the creation/parsing of the query string. Can anyone point me in the right direction? Is there code written to do that?

Any help or advice is appreciated!

 

[ggriffit]

a quick google shows several matches including

http://www.bullschmidt.com/devtip-querystring.asp

Greg Griffiths
Livelink Certified Developer & ECM Global Star Champion 2005 & 2006

http://www.greggriffiths.org/livelink/

 

[vicvirk]

For simplicity sake, let's say you are collecting the following information on regisration:

Username
Real First Name
Real Last Name
Email Address

Once they fill out the form, you write this data to the db and set an active flag to 0 (i.e. false)

You can use the information they entered to come up with a validation code, i.e. this will get the first letter of their first name-length of email address-last character of their user name

validationCode = left(real_first_name,1) & "-" & len(email_address) & " - " right(user_name,1)

If the user typed in:

Username: programmer16
Real First Name: Bob
Real Last Name: Smith
Email Addres: bob@smith.com

The validation code would be
B-13-6

You can create a link to your activation page like this:

[URL unfurl="true"]http://mydomain.com/activateAccount.asp?code=<%=validationCode%>[/URL]

When the user clicks on the link, ask them for their username or email address.

Query the db for this username or email address and get the values

If it doesn't exist, they'll fail validation.

If it does exists, collect the data into variables and check the values against the validation code in the querystring.

The above is just one of a billion ways to come up with a validation code.




--------
GOOGLE is a great resource to find answers to questions like "how do i..."

If you don't know exaclty what you want to do or what to search on, try Google Suggest:

http://www.google.com/webhp?complete=1&hl=en

--------
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javasc

 

[guitarzan]

Thanks to both of you for your replies!

vicvirk, yes that is what I was leaning towards. I admit, I hadn’t thought it through with a clear head. I was thinking about something like your suggestion, but was concerned with others being able to figure out other people’s “activation code”…

Now that I’ve thought about it, I should be able to use a random string as the code… when the user signs up, store that random string in the user’s record, and also send an email with that random string as a query string. When clicked, my script will find the user record with that string, and set an “activated” flag to true. If the user tries to log in before activating, the “activated” flag will be false, and the user denied entry. Not as complicated as I thought.

Thanks for pushing my brain into gear ;-)

 

[vicvirk]

You should validate the random strin against another variable - such as the user's email address, just to make it uber-secure...




--------
GOOGLE is a great resource to find answers to questions like "how do i..."

If you don't know exaclty what you want to do or what to search on, try Google Suggest:

http://www.google.com/webhp?complete=1&hl=en

--------
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javasc