| |
|
Verifying Email Addresses the new way! |
|
| |
| | | | <font size=2 face="Verdana,tahoma">
Today, two of the biggest assets a portal has are its users and the data about them. As the database grows, its important that the
information being collected is accurate or else it would be worthless. While there are many things like the name, age or profession of a user
which a site cannot verify without using a third-part solution, there is the e-mail address of users which can and must be verified. Today,
more than 75% of portals verify e-mail addresses. Website do this in many diffrent ways. The methods range from sending activation code to
links on the e-mail address and wait till the user, in one way or another, "responds" to the mail. In this article today, I will discuss one
of the newly introduced methods which <B>does not</B> require the member to do anything except open the welcome letter when he/she
signup.<BR><BR>
The technique used in this article has several advantages:<BR><BR>
<LI> No activation code for user to enter or URLs for user to click on in the e-mail message
<LI> In someways, more secure than other solutions as the user does not find out anything about whats going on in the background when the
welcome message loads.
</LI><BR><BR>
This article has accompanying files
| | | |
Terms of Agreement:
By using this article, you agree to the following terms...
1) You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description. |
Today, two of the biggest assets a portal has are its users and the data about them. As the database grows, its important that the
information being collected is accurate or else it would be worthless. While there are many things like the name, age or profession of a user
which a site cannot verify without using a third-part solution, there is the e-mail address of users which can and must be verified. Today,
more than 75% of portals verify e-mail addresses. Website do this in many diffrent ways. The methods range from sending activation code to
links on the e-mail address and wait till the user, in one way or another, "responds" to the mail. In this article today, I will discuss one
of the newly introduced methods which does not require the member to do anything except open the welcome letter when he/she
signup.
The technique used in this article has several advantages:
No activation code for user to enter or URLs for user to click on in the e-mail message
In someways, more secure than other solutions as the user does not find out anything about whats going on in the background when the
welcome message loads.
I can hear you saying "whatever... lets move on"... well I cannot agree with you anymore!
How Its Done
The way we verify the e-mail address of the user in this example is very interesting. When we send the user the welcome letter to their
e-mail address they provided us with, we will imbed in that e-mail message an image. When we specify the image in our message, we will use
an HTML < IMG> like shown below:
< img src="http://www.bakery.biz/activate.asp?aCode=1234" >
|
When the user opens the welcome message, the request for the image will be sent to activate.asp along with the querystring data. When
the request comes to activate.asp,it can then do the database processing and send the image.
The following illustration may help you better understand the whole concept.
Application Structure
This application will consist of four total files including the database. Following are their names along with a brief description.
RegisterForm.asp- This will have the registration form used to signup.
Register_action.asp- This file will contain insert the data passed from RegisterForm.asp into the database(DB.mdb).
Activate.asp- Activate.asp will do the dirty work of activating the user's account when the user opens the welcome letter.
DB.mdb- This will hold the registration information of users.
DB.MDB
DB.MDB is going to be where the registration data will be stored. The database itself contains 6 fields(as shown below).
You can see the IsEmailVerified field above. That is how we will keep track of whether the registrar's
account has been activated or not(with yes being activated and no being not activated).
RegisterForm.asp
We can quickly go through RegisterForm.asp as it is nothing more than the file which contains the HTML form for signup. I wont go through the
whole HTML code as its pretty self-explanatory. But, to give you the idea, below is the screenshot of RegisterForm.asp.
Register_action.asp
Register_action.asp contains the ASP code which adds the user's input from Register_Form.asp into the databse. This file also contains the code which sends the welcome letter to the user on the
email address the user provides. Below is the complete source code of this file.
NOTE:This application uses ASP email to send
the welcome mail. If you have some other component, you will have to make the respected changes into Register_action.asp.
<%
'Connection string
strConnect="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="& Server.MapPath("DB.mdb")&";"
'Define the variable
Dim objSignup
'Create a Recordset object
Set objSignup = Server.CreateObject("Adodb.Recordset")
'Open tbl_Users
objSignup.Open "SELECT * FROM tbl_Users",strConnect,3, 3 '3=adOpenStatic,adLockOptimistic
'Add a new entry into tbl_Users
objSignup.AddNew
objSignup("Username")=Request.Form("Username")
objSignup("Password")=Request.Form("Password")
objSignup("Name")=Request.Form("Name")
objSignup("Email")=Request.Form("Email")
'Save the record and close objSignup(the recordset)
objSignup.Update
'We will make the userID our activation code.
'We have to save the activation code into a variable so that we can access it later
activationCode = objSignup("UserID")
objSignup.Close
'Remove objSignup from the memory
Set objSignup = Nothing
'Now lets send the welcome mail to the user
strMailContent="<HTML><BODY>"
strMailContent=strMailContent & "<img
src='http://127.0.0.1/EmailChecking/activate.asp?ActivationCode=" & activationCode & "'>"
strMailContent=strMailContent & "<BR><BR><font size=2 face='Verdana'>Hello!<BR><BR>"
strMailContent=strMailContent & "You have successfully
become a member of bakery.biz! You can now enjoy many benefits. Just logon to bakery.biz and let the fun begin."
strMailContent=strMailContent & "<BR><BR>Thanks,<BR><BR>The Bakery.Biz Team</HTML></BODY>"
SendMail "Zaid","zaid@designMD.com",strMailContent,Request.Form("email"),"Welcome to
bakery.biz!"
Function SendMail
(FromName,FromEmail,MailContent,MailingAddress,Subject)
Set Mail = Server.CreateObject("Persits.MailSender")
Mail.Host = "smtp.amexol.net" ' Specify a valid SMTP server
Mail.From = FromEmail ' Specify sender's address
Mail.FromName = FromName ' Specify sender's name
Mail.AddBcc MailingAddress
Mail.Subject = subject
Mail.Body = MailContent
'On Error Resume Next
'Mail.Send
'If Err <> 0 Then
'Response.Write "Error encountered:
" & Err.Description
'End If
mail.IsHTML = True
mail.Send
End Function
%>
<font face="Verdana" size="2">
Congratulations! You have successfully signed-up! A welcome mail has been sent to the e-mail address you provided. In order to successfully
activate you account, you <b>must</b> read the welcome mail we sent. Thank you.
|
The code above is self-explanatory for most of the part. However, there are some key pieces of code that cannot be ignored.
The code starts out by initiating a recordset object called objSignup. We use this object to write the
user's info in the database. Note that before we close this object, we save the user's userid into a variable called activationCode. You will see why we do this in the next paragraph.
Once the user's userinfo is saved into the
database, we have to send the confirmation/welcome e-mail. The content of the email to be sent is stored in the strMailContent variable. The most important part of the e-mail is the < img
src tag part of the mail shown below: (Notice that here is where we make use of the activationCode variable we saved
earlier in the file.)
NOTEFor those of you who have read my previous article titled "Sending emails from asp by
reading them from text files", you might be wondering why I chose to embed the mail directly into the ASP file rather than use the
technique I described in my last submission. Well to answer your question, I did that to keep things simple as people who have not read my
previous article can get confused for something not required.
strMailContent=strMailContent & "<img src='http://127.0.0.1/EmailChecking/activate.asp?ActivationCode=" & activationCode & "'>"
|
If you are not familiar, you will probably freak out after looking at the src attribute of the img tag above. But this is the most exciting
part of all. When the e-mail message is sent and is retreived by the user, the mail server goes to this ASP page to retreive the image. As
you may/may not know, ASP pages can be made to output JPG/GIF files to the client. And this is what we will discuss next!
Activate.asp
This is the file which the browser will go to in order to retreive the image in the email. Take a look at the source code.
<%
Response.ContentType = "image/gif"
<--METADATA TYPE="typelib"
UUID="00000205-0000-0010-8000-00AA006D2EA4"
NAME="ADODB Type Library"
'Connection string
strConnect="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="& Server.MapPath("DB.mdb")&";"
'SQL Query which activates the account in the database (sets IsEmailVerified field to True
SQL = "UPDATE tbl_Users SET tbl_Users.IsEmailVerified = True WHERE tbl_Users.UserID=" & Request.QueryString("ActivationCode")
'Define the variable
Dim objActivate
'Create a Recordset object
Set objActivate = Server.CreateObject("Adodb.Recordset")
objActivate.Open SQL,strConnect
SendPicture
Function SendPicture
'Create a stream object
Dim objGetFile
Set objGetFile = Server.CreateObject("ADODB.Stream")
'Open a GIF file
objGetFile.Type = adTypeBinary
objGetFile.Open
objGetFile.LoadFromFile "c:/inetpub/wwwroot/EmailChecking/welcome.gif"
'Output the contents of the stream objec
' t
Response.BinaryWrite objGetFile.Read
'Clean up....
objGetFile.Close
Set objGetFile = Nothing
End Function
%>
|
This is the most important part of the application. This code starts out by telling the browser that the output will be sent in GIF form.
Next, we have to load the ADODB constants.
After defining the output type and loading the constants, we are ready to activate the user's account into the database. We do this by
running an update SQL query as shown below. The query requests the activationCode and sets the IsEmailVerified field to true into the db.
'Connection string
strConnect="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="& Server.MapPath("DB.mdb")&";"
'SQL Query which activates the account i
' n the database (sets IsEmailVerified fie
' ld to True
SQL = "UPDATE tbl_Users SET tbl_Users.IsEmailVerified = True WHERE tbl_Users.UserID=" & Request.QueryString("ActivationCode")
'Define the variable
Dim objActivate
'Create a Recordset object
Set objActivate = Server.CreateObject("Adodb.Recordset")
objActivate.Open SQL,strConnect
|
Once we have updated the account into the database, we still have to send the output. To keep things clear, I seperated the
updating part of the code and the output part of the code by creating a function called SendPicture. SendPicture function sends a picture
called welcome.gif back to the browser. And thats it... enjoy and dont forget to vote!
Dont forget to contact me at zaid@designMD.com
or leave comments below if you have any questions about this or any other submission of mine.
Setting Up The Application
This sample can be setup by following the direction below:
1. Download and unzip the file.
2. Move the folder named EmailChecking into wwwroot.
3. Run http://127.0.0.1/EmailChecking/registerform.asp
Other Submissions of mine!
Sending emails from asp by reading them
from text files
Trim HTML from an ASP String
(exceptions to certain HTML tags can be made) | |  Download article
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzipto decompress it.
Virus note:All files are scanned once-a-day by Planet Source Code for viruses,but new viruses come out every day, so no prevention program can catch 100% of them.
FOR YOUR OWN SAFETY, PLEASE:
1)Re-scan downloaded files using your personal virus checker before using it.
2)NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
If you don't have a virus scanner, you can get one at many places on the net including:McAfee.com
|
Terms of Agreement:
By using this article, you agree to the following terms...
1) You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description. |
Other 2 submission(s) by this author
| | | | | Report Bad Submission | | | | | Your Vote! | |
See Voting Log | | | | Other User Comments | 4/18/2001 4:05:08 PM:Don
nice idea with one problem. What if
they don't view there emails in html?
| 4/18/2001 4:43:29 PM:Paul
I would agree... this is limiting and
can not be used in ALL situations. Nice
try though.
| 4/18/2001 5:16:51 PM:zaid farooqui
Yes, it is limiting as you said... but
if you use AspMail, you can send two
versions of a message, HTML and pure
text. The mail server will decide which
one to show. In the text message, you
can provide the "old" method of
activating by clicking a url.
| 4/19/2001 12:20:28 AM:Minnow
Very impressive. Because of the pure
diversity of the net and it's users and
thier individual system settings,
almost all web technologies have
limitations. You've done well to
accomodate most of the users on the
next (i.e. the ones using HTML mail) as
well as leaving an opt out for the
users that are still using plain mail.
Keep up the good work. It's ideas like
this one that make PSC such a great
community for the open source developer.
| 4/20/2001 2:22:24 AM:Lewis Moten
Awesome! I hadn't thought about using
HTML image requests. For you
text-based email programs, you may want
to also offer a link just below the
image that lets them verify manually if
they don't see an image.
| 4/23/2001 10:21:24 AM:Chris Walker
Here is a scary thought. If spammers
use something like this they can verify
your e-mail address just by reading one
of their e-mails.
Nice code,
excelent job of presenting your idea.
Keep up the good work.
| 4/23/2001 3:05:55 PM:zaid farooqui
Exactly! I was thinking about that too.
That is why we should not open spam
mails. I have heard a lot of people say
that one should not
| 5/5/2001 2:36:15 PM:Kaustav
Just incredible!
| 5/5/2001 3:27:32 PM:anonymous
I don't mean this as a flame...
Please don't take it the wrong
way.
This hack has been around
forever and you can also embed
JavaScript as well...
I think this
practice of 'Behind the Scene' is
deceptive and unethical.
It ranks
right up there next to purposely
attaching a macro virus.
This is why
I keep my mail reader set to text only,
that way your URL shows up in my
message and I get to flood your script
and bring your server down!
Maybe
even corrupting your entire database in
the process.
I have to give you some
credit thought, nice explaintion of
your approach.
Just My Two Cents!
| 5/5/2001 4:18:20 PM:zaid farooqui
Hi..
I agree with you but this was
more for educational purpose and the
example showed just of the many
possibilities where this technique can
benefit your site. If you talk about
exploiting... every technique can be
exploited in one way or another.. for
example when someone visits a site,
tens of lines of info. about you is
saved in the database and is later used
to target you. i hope you see what i
mean. This technique can be used for
many ways such as building a counter
sstem etc.
--Zaid
| 5/17/2001 6:59:47 PM:Doug
When I edit the ASP code to what I use
and run this I get an error:
Microsoft
JET Database Engine (0x80040E21)
The changes you requested to the table
were not successful because they would
create duplicate values in the
index, primary key, or relationship.
Change the data in the field or fields
that contain duplicate data, remove
the
index, or redefine the
index to permit duplicate entries and
try again.
/omicronrealms/download/beta/Register_Ac
tion.asp, line 23
I fill out the
fields, then click "Sign-Up!" and when
it goes to the Register_Action.asp
page, I get that. Anyone have any ideas?
| 5/20/2001 11:58:51 PM:SC Ang
Hi, when i click signup on the
RegisterForm.asp, i'll get the
following error:
Server object error
'ASP 0177 : 800401f3'
Server.CreateObject Failed
/EmailChecking/Register_Action.asp,
line 43
Invalid class string
how do i get it to work?
please
mail me at
anselmang@allomail.com
thanks!
| 5/22/2001 12:19:21 PM:???QUESTION!??
WHAT IF: The registrant, (The guy
registering dosn't read his mail
online, WHAT IF HE (AS I ALWAYS DO)
reads his mail offline to save
money...???
Then this won't work, will
it???
| 8/2/2001 3:07:29 PM:D. Jordan
I'll have to agree with most of the
posts here, and also to remember that
some people put in other people's email
addresses so that you may validate it
for someone who does not want it
validated.
| 10/7/2001 11:18:46 AM:syd
i was just thinking - could this be
used to round up e-mail address from a
chain e-mail - scary!!!
| 11/1/2001 5:34:23 PM:Trevor
Most of the feed back here is negative
I think.
I am looking for a way to
validate members email address befor
they get entered in to my programs
database. I have tries to test this
code but, when I click the join button,
I get
| 11/1/2001 5:37:22 PM:ckyweriga
a "page cannot be displayed" Does
anyone have a good way of validating
email address? I will even pay for the
code to be writen for me. Please email
me at, Admin@quickprofitclub.com
| | | Add Your Feedback! | Note:Not only will your feedback be posted, but an email will be sent to the code's author in your name.
NOTICE: The author of this article has been kind enough to share it with you. If you have a criticism, please state it politely or it will be deleted.
For feedback not related to this particular article, please click here.
| |
|
