• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

My Implementation of Login and Registration Module

 
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am almost done with this module. Here is my implementation.

Whenever the user register with my website. One link will be sent to her email address for activation.
I am little bit confused here. What should I include in the link so that I can identify the user uniquely. I should not include the userId itself. I am thinking to include current timestamp in milliseconds and map it with particular user. Does this sound good to you guys? Please provide me some better way. I know that this is very very basic functionality and it's been implemented tons of times in different websites. How did you implement it?

In case I continue with this way of implementation then this is how the database would look like.

Login table

- Id
- email address
- password
- isUserActivated

UserActivation Table

- id
- userId(FK from Login table)
- The Code To Identify The User Uniquely
- isUserActivated

Everytime user logs into the system we can verify emailAddress, password and she is active user or not.

This is how I am thinking to implement it. Please provide your thoughts.
 
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Generate a long and unique key which is hard to guess (thus certainly not a timestamp). For example a MD5 of a random string. You can also use a preshared key. Store it in the database table along with the user ID and an expiration date (e.g. 24 hours later). Use that key as parameter or pathinfo in a link. When the page is opened, the key is captured from the link, the eventual preshared key is evaluated, the expiration date is evaluated and the user will be set to active. Then the key can be removed from the DB (it makes no sense to set the 'activated' in the key's table of the DB, keep it in the user table).
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Bauke,

Thanks for your reply. I still have some doubts.
1) In case I use a Preshared key, I can ask the user to enter it at the registration time,right?
2) Is it good practice to expire the activation link? What is good/benefit of that?
3)

Bauke
Then the key can be removed from the DB

.
Is it because there is a chance of getting it repeated?
4)

Bauke
it makes no sense to set the 'activated' in the key's table of the DB, keep it in the user tableit makes no sense to set the 'activated' in the key's table of the DB, keep it in the user table


You mean we should keep it in only Login table, right?
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Vishal Pandya wrote:I still have some doubts.


doubt = "I understand it, but I don't agree with it.".

You have some questions "I don't understand it".


1) In case I use a Preshared key, I can ask the user to enter it at the registration time,right?


No. You generate it yourself based on for example the username and a string constant which is only known at the server side.


2) Is it good practice to expire the activation link? What is good/benefit of that?


It's normal that an user activates its account immediately after registration. But OK, that's your choice after all.


3)

Bauke
Then the key can be removed from the DB

.
Is it because there is a chance of getting it repeated?


No. Just to clean up data which you aren't going to use anymore.


4)

Bauke
it makes no sense to set the 'activated' in the key's table of the DB, keep it in the user tableit makes no sense to set the 'activated' in the key's table of the DB, keep it in the user table


You mean we should keep it in only Login table, right?


I would call it the User table. You have users in there, not logins.
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bauke
doubt = "I understand it, but I don't agree with it.".


OK.

Anyways it was a great help Bauke.
 
reply
    Bookmark Topic Watch Topic
  • New Topic