用户注册电子邮件验证 [英] User sign-up with email verification
问题描述
我正在使用struts2和jsp页面开发一个网站。在您注册后的许多网站中,都会向您的电子邮件发送一个链接,点击该链接后注册即告完成。我想在我的网站上使用此功能,但我不知道如何做到这一点,这是如何工作的?我是否应该将用户的信息保存在我的数据库中,直到他/她被验证为止?我搜索了网页,但有学习php表格。
I'm developing a website with using struts2 and jsp pages. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? Should I save user's information on my database until he/she is verified or not? I searched web but there is learning for php forms.
任何教程?
提前致谢。
推荐答案
算法是这样的:
- 保存用户的信息,将其标记为待处理状态。
- 生成一个包含与用户帐户相关的信息
的令牌。 - 生成电子邮件,其中
必须包含激活
帐户的网址,并且该网址中包含
令牌。 - URL必须指向
你的应用程序
中的一些servlet或服务将验证令牌,如果与令牌相关的用户是
非活动状态,请检查
,提供完成表格
(让用户设置密码,
提供验证码等),并在表格
提交时,使用他们设置的密码激活帐户
。 - 您应该定期扫描
停用帐户并删除几天的
ld和
尚未激活。
- Save the user's info, marking it with a pending status.
- Generate a token that contains some info related to the user's account.
- Generate the email, which must include the URL to activate the account and the URL will have the token in it.
- The URL must point to some servlet or service in your app that will validate the token, check if the user related to the token is inactive, present a completion form (let the user set a password, present a captcha, etc) and on form submission you activate the account with the password they set.
- You should periodically scan the inactivate accounts and delete the ones that are several days old and have not been activated.
要生成令牌,您可以加密某些数据,例如用户ID,电子邮件等,并在Base 64(URL安全变体)中对其进行编码 - 记得在加密时加盐。当您收到令牌时,您需要对其进行解码和解密,并且必须指向停用的用户帐户。
To generate the token, you can encrypt some data such as user ID, email, etc and encode it in Base 64 (the URL-safe variant) - remember to salt it when you encrypt. When you receive the token, you decode and decrypt it, and it must point to an inactivate user account.
这篇关于用户注册电子邮件验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
