This tutorial walks you through the steps to create a double opt in registration system, where users have to verify their email address after they register. You can use Data Bridge to follow these steps in Dreamweaver.
- A dynamic site set up within Dreamweaver
- Web Browser (Chrome, Firefox, Internet Explorer, etc.)
- Dreamweaver CS3 or later
- Data Bridge installed and activated in Dreamweaver
The very first step in this whole process will br creating a database for your user information. You don't need to create any tables within the database, as Data Bridge will create all needed tables, and add the information as users register for your site.
For more information regarding the creation of a database within your specific website environment, please contact your hosting provider.
We're going to create the pages needed for users to register, login, logout, and so on. These will be automatically created by SecurityAssist, as will the tables in your database.
- Open a php page in your site.
- In the menu bar, click WebAssist > SecurityAssist > Create Security Pages.
- In the Select Preset section, change the Preset drop down list to Simple Registration SP.
- In the Database Settings section, click the Define button.
- Click New.
- Click MySQL Connection.
- Enter the correct information for the database you created for the tutorial and ensure a connection can be made.
- Select the newly created connection from the Connection drop down list in the Database Settings section.
- Click OK.
After the pages are created by the SecurityAssist wizard, the Access Pages Manager will pop up.
- Click OK.
Once the wizard has completed it's dark task, you are ready to move on to the next step.
At this point we're going to need to create additional pages for the double opt in registration system to work. The first of these pages is a simple success page.
- Click File > New in the menu bar.
- Create a blank PHP page named register-confirm.php .
- In the body of the page, enter the following text. Note that this is just for this tutorial. You may want to use something more personalized to your site.
Please check the inbox of the email address you registered with, where you can verify your email. Once you have done that, you can log in.
- Change the "log in" text in the message to be a link to the login page created by the SecurityAssist Wizard.
- Save the page.
Now we have a rudimentary success page that will be shown once the registration form is submitted.
The second of these pages is the verification page. This is the page the user will see when they click the verification link within their registration email.
- Click File > New in the menu bar.
- Create a blank PHP page named user-confirm.php .
- In the body of the page, enter the following text. Note that this is just for this tutorial. You may want to use something more personalized to your site.
- Thank you for verifying your email address. You may now access restricted content.
Your verification link has expired. Visit your profile page to send a new link.
- Change the "access restricted content" text in the message to be a link to the login page created by the SecurityAssist Wizard.
- Change the "profile page" text in the message to be a link to the userupdate.php page created by the SecurityAssist Wizard.
- Save the page.
Now we need to create the email that will be sent to the user letting them know they need to confirm their registration, and the information they need to actually go about confirming it.
- Open the registration.php page created by SecurityAssist.
- In the menu bar, click WebAssist > Create Email Message.
- Click the browse button next to the Go To Page field.
- Select the register-confirm.php that we created earlier.
- Click OK.
- In the From field, enter whatever email you wish the registration emails to come from.
- Next to the To field, click the lightning bolt.
- Expand the Registration_Basic_Default list in the bindings dialog.
- Select the Registration_group_Email binding.
- Click OK.
- In the Subject field, enter "Please verify your email address". This can be customized for your particular site.
- Click Finish.
- Save the page.
Basic email functionality has been added to the registration form that will send an email when the form has been submitted. A new page has also been created for the body of the email called Blank.php.
Next up, we need to add two additional fields to the database. One to hold a random string to send the user in their verification URL so we know exactly which user is verifying their registration, as well as a field to determine if the user has verified their email or not.
- In your specific database manager, open the database created for this tutorial.
- Open the users table.
- Insert two additional fields in the table.
- Name the first field randomString.
- Change the Type of the field to TEXT.
- Name the second forms emailVerified.
- Change the Type to INT.
- Set the Default Value to 0.
This indicated the user is not verified by default.
- Save the new fields.
Since we've created a database field to hold the random string for the verification URL, we're going to need to create the random string itself.
- Return to the registration.php file we were using earlier.
- Click Window > Bindings to open the Bindings panel, if it isn't open already.
- Click the Plus ( ) button.
- Select WebAssist > SecurityAssist > Random Password.
- Toggle to the Server Behaviors panel.
- Click the Plus ( ) button.
- Select WebAssist > Cookies > Set Session Value.
- Set the Trigger to before page load.
- Change the Name to rpw.
- Next to the Value field, click the lightning bolt.
- Expand the SecurityAssist list in the bindings dialog.
- Select the Random Password binding.
This will open the Generate Random Password dialog. Here we can set just how random this string will be. For this tutorial we'll use the default settings.
- Click OK.
- Click OK on the bindings dialog.
- Click OK on the Set Session Value dialog.
- Save the page.
Since we have this fancy random string all created, we need to insert it into the database so we know which string is for which user.
- Click Window > Server Behaviors to open the Server Behaviors panel, if it isn't open already.
- Find the Server Behavior called Insert Record (users).
- Double click the Server Behavior to open it.
- Click the Bindings Tab.
- Click randomString from the Column column.
- Next to the Value field, click the lightning bolt.
- Expand the Session list in the server entity dialog.
- Select rpw.
- Click OK.
- Click the General Tab.
- Clear the Go to (optionall) field in the After Insert section.
Clearing this value allows the trigger we set earlier in Universal Email to fire instead of this one.
- Uncheck the Pass original querystring checkbox.
- Click OK.
- Save the page.
After all this work, the random string that we are creating will be inserted into the database when a user registers.
We're going to edit the email set to the users to show the verification URL they can click to verify their email.
For this URL, we are going to pass in the random string, and for the sake of security, we're going to pass in the email as well.
- Open the Blank.php email page that was created earlier.
The email body can be fully customized by you based on your site and application. The only real required text is the verification URL. For the sake of this blessed tutorial, we're going to do basic edits only to the sections we need.
- Change the Additional Notes header to say "Verify Email".
- Clear the email body text.
- In the Bindings Panel, click the Plus ( ).
- Select Form Data.
- Next to the Form page field, click the browse button.
- Select the registration.php page.
- Set your cursor in the email body area.
- Enter the full URL the user will confirm their email address on. This will be the user-confirm.php page we created earlier (Example: http://localhost/user-confirm.php).
- After the URL, add the following text:
- After the ?id=, drag the SecurityAssist_UserID binding from the Session list in the Bindings panel.
- After the binding, add the following text:
- After the &randomString=, drag the rpw binding from the Session list in the Bindings panel.
- After the bindings, add the following text:
- After the ?email=, drag the Registration_group_Email binding from the Registration_Basic_Default list that we created earlier in the Bindings panel.
- Copy the full URL URL variables in Code View.
- Clear the URL from the email's body area.
- Enter the text, "Click here to verify your email address", or whatever text you would like.
- Make the text a link.
- Paste in the URL URL variables that we just copied.
- Save the page.
Sometimes the & in the URL variables will be changed to & in the code view for the URL. Make sure to change the & to just &.
Your email body%u2026 is beautiful. Now when a user registers, their registration email will have the link they need to click to verify their account.
Now we need to add functionality to the confirm page that will allow it to read the URL variables, and update the account accordingly.
Create the recordset
- Open the user-confirm.php page.
- In the Bindings panel, click Plus ( ).
- Select Recordset.
- Name the recordset rsVerify.
- Make sure the Connection is correct.
- Make sure the users table is selected.
- Change the filter to UserID.
- Click the Advanced button.
- Select colname in the Variables list.
- Click the Edit button.
- Change the runtime value from
to
- Click OK.
- In the Database items list, Expand the Tables list.
- Expand the users list.
- Select randomString.
- Click the WHERE button.
This adds randomString to the WHERE clause of the SQL query.
- After users.randomString in the SQL query, type in the following text:
- Click the Plus ( ) next to the variables list.
- Set the name to paramrandomString.
- Set the type to Text.
- Set the Default value to -1.
- Set the Runtime value to
- Click OK.
- In the Database items list, Expand the Tables list.
- Expand the users list.
- Select UserEmail.
- Click the WHERE button.
- After users.UserEmail in the SQL query, type in the following text:
- Click the Plus ( ) next to the variables list.
- Set the name to paramemail
- Set the type to Text.
- Set the Default value to -1.
- Set the Runtime value to
- Click OK.
- At the end of the SQL query, add the following code:
AND users.randomString <> '0'
- Click OK.
Create the update verified functionality
- In the Bindings panel, click Plus ( ).
- Select URL Variable.
- Set id as the Name.
- Click OK.
- Once again, in the Bindings panel, click Plus ( ).
- Select URL Variable.
- This time, set email as the Name.
- Click OK.
- Go to the Server Behaviors panel.
- Click Plus ( ).
- Select WebAssist > DataAssist > Update > Update Single Record.
- For the Trigger field, select: Recordset rsVerify is not Empty
- Verify the correct Connection is selected.
- Verify the users table is selected.
- For the Value field, click the lightning bolt.
- Expand the Recordset (rsVerify) list.
- Select UserID.
- Click OK.
- Switch to the Bindings tab.
- Select the emailVerified column from the Column list.
- Change the Value to 1.
- Click OK.
Create the expire used random string functionality
- Go to the Server Behaviors panel.
- Click Plus ( ).
- Select WebAssist > DataAssist > Update > Update Single Record.
- Verify the correct Connection is selected.
- Verify the users table is selected.
- For the Key Column field, select UserEmail.
- For the Value field, click the lightning bolt.
- Expand the URL list.
- Select email.
- Click OK.
- Switch to the Bindings tab.
- Select the randomString column from the Column list.
- Change the Value to 0.
- Click OK.
Show the correct message for verification success/ failure
- Select the "Thank you for verifying your email address. You may now access restricted content." text.
- In the Server Behaviors panel, click Plus ( ).
- Select Show Region > Show if Recordset is Not Empty.
- Verify the rsVerify Recordset is selected.
- Click OK.
- Select the "Your verification link has expired. Visit your profile page to send a new link." text.
- In the Server Behaviors panel, click Plus ( ).
- Select Show Region > Show if Recordset is Empty.
- Verify the rsVerify Recordset is selected.
- Click OK.
Reset the user's session variable to verified status
- In the Server Behaviors panel, click Plus ( ).
- Select WebAssist > Cookies > Set Session Value.
- Change the Trigger to Recordset: rsVerify is not empty.
- Make sure the Name is set to emailVerified.
- Set the Value to 1.
- Click OK.
- Save the page.
Now you have a working verification page that will not only update the values in the database to show the user has verified their email, it also sets the session to show this change has also taken place.
Here we are, getting so close to completion. I hope you're sticking with us, because this bit is the absolutely most thrilling thing you will ever do in your life: updating the login Server Behaviors to store verified status on login!!!!
I can only imagine your excitement as you ready yourself for this incredible task.
- Open the login.php page.
- In the Server Behaviors panel, open the first SecurityAssist Authenticate User.
- Change to the Session Values tab.
- Click the Plus ( ).
- Select emailVerified.
- Click OK.
- open the second SecurityAssist Authenticate User.
- Change to the Session Values tab.
- Click the Plus ( ).
- Select emailVerified.
- Click OK.
- Save the page.
The next step in this magical journey of self discovery is to create an access rule for restricted pages. It will check if a user is logged in, and if they aren't, access will be restricted. If they are, it then checks if their account has been verified.
- In the menu bar, click WebAssist > SecurityAssist > Manage Site Access > Access Rules Manager.
- Click Plus ( ).
- Set the name to VerifiedUser.
- Click Plus ( ).
- Select the Restrict radio button.
- For the value field, click the lightning bolt.
- Expand the Session list.
- Select the SecurityAssist_UserID.
- Click OK.
- Click Plus ( ).
- For the value field, click the lightning bolt.
- Expand the Session list.
- Select emailVerified.
- Click OK.
- Set the Compare to value for the Allow condition to 1.
- Click OK.
If a user has registered and their verification link has disappeared, or they have changed their emails and need to reverify, there needs to be a way for them to request a new verification URL easily. This step covers adding such functionality.
- Open the userupdate.php page.
- Add the following text to the top of the page:
Your email hasn't been verified. Please click here and we will email you a new link.
- Select the text you just added.
- In the Server Behaviors panel, click Plus ( ).
- Select WebAssist > SecurityAssist > Show Region.
- Set the Rule to Not VerifiedUser.
- Click OK.
- Select the text "click here" from the text that was added a few steps back.
- In the properties inspector, set the link to the highlighted text to be:
- In the Bindings panel, click Plus ( ).
- Select URL Variable.
- Set the Name to send.
- Click OK.
- In the menu bar, click WebAssist > Create Email Message.
- For the Trigger field, click the lightning bolt.
- Expand the URL list.
- Select send.
- Click OK.
- In the From field, enter the email you wish your verification email to come from.
- For the To field, click the lightning bolt.
- Expand the Recordset (SecurityAssistuser) list.
- Select UserEmail.
- Click OK.
- For the Subject, enter "Verify your email".
- Click Finish.
- Open the old registration email that was edited earlier to include the verification link.
- Select the link that has the verification URL.
- Return to the new email that was created for resending the link.
- Edit the email how you wish.
- Paste the Verification email in the email body.
- View the page in Code View.
- In the URL, select the following text:
<?php echo((isset($_POST["Registration_group_Email"]))?$_POST["Registration_group_Email"]:"") ?>
- And replace it with the following code:
<?php echo $row_SecurityAssistusers['UserEmail']; ?>
- Scroll to the top of the page.
- Add the following line after the very first <?php tag:
global $row_SecurityAssistusers;
- Save your page.
- Open the user update.php page again.
- In the Server Behaviors panel, open the Update Record (users) Server Behavior.
- Click the Bindings tab.
- Select emailVerified from the Column column.
- Set the Value to the following code:
<?php echo(($row_SecurityAssistusers['UserEmail'] != $_POST["User_Update_group_Email"])? '0': $row_SecurityAssistusers['emailVerified']); ?>
- Click the Bindings tab.
- Click OK.
- In the Server Behaviors panel, click Plus ( ).
- Select WebAssist > Cookies > Set Session Value.
- For the Trigger field, click the lightning bolt.
- Expand the URL list.
- Select send.
- Click OK.
- Set the Name to rpw.
- For the Value field, click the lightning bolt.
- Expand the SecurityAssist list.
- Select Random Password.
- Click OK.
- Click OK once again.
- Click OK for the third and final time, thank goodness.
- In the Server Behaviors panel, click Plus ( ).
- Select WebAssist > DataAssist > Update > Update Single Record.
- For the Trigger field, click the lightning bolt.
- Expand the URL list.
- Select send.
- Click OK.
- Make sure the Connection is set to the correct connection.
- Make sure the users table is set as the Table.
- for the Value field, click the lightning bolt.
- Expand the Recordset (SecurityAssistusers) list.
- Select UserID.
- Click OK.
- Give someone a big, friendly hug.
- Click the Bindings tab.
- Select randomString from the Column column.
- For the Value field, click the lightning bolt.
- Expand the Session list.
- Select rpw.
- Click OK.
- And one more OK.
- Save the page.
Congratulations are in order! When a logged in, and unverified user clicks the link, they will have a fresh, new link sent to them.
And here we are... the end of the road. The very last step you want to perform, is locking your site down to keep unverified users, and users who are not logged in, from accessing pages that they shouldn't, and giving access to logged in and verified users.
You going to do the following steps for each page you want secured.
- In the menu bar, Click WebAssist > SecurityAssist > Manage Site Access > Access Pages Manager.
- Select the page you want to lock down from the File Name column.
- For the Grant access if field, select VerifiedUser.
- For the If access denied, go to field, select userupdate.php.
- Once all pages are configured, click OK.
- Save everything. Twice.
You did it! This was a fairly advanced tutorial, and you aced it, champ! You've now created a very professional double opt in registration system, and you're ready to create them for all of your and your client's sites.
sysop349733: 10 Years, 9 Months, 1 Week, 4 Days, 5 Hours, 33 Minutes ago
Excellent! Not only is the process described with precision, but in following these instructions, I learned a little about how to better utilize Webassist server behaviors and bindings.
Thank you.
Massimo: 10 Years, 3 Months, 19 Hours, 27 Minutes ago
Excellent tutorial as all made from web assist!
I have a question: How I can add a "just confirmed link message"?
I think: or add a new db field will be updated to 1 or use a show if $_SESSION["UserEmailVerified"]==1 (but in this case I have two message).
There is a better way?
Team WebAssist: 10 Years, 2 Months, 4 Weeks, 2 Days, 17 Hours, 4 Minutes ago
Massimo, Click on help in the main menu and our technical support team can assist you.
Jonas: 5 Years, 9 Months, 1 Week, 5 Days, 17 Hours, 37 Minutes ago
I really like your tutorials, and also this one. But unfortunately it is not up to date. With DataBridge V2 and Mysqli, much has changed. Unfortunately, I cannot follow this.