I am working on a web app registration form with several fields including an email field all to be added to an SQLite database. It is important that the email address be verified before all the details are entered and submitted to the database. Ideally, when the field is completed, the email is generated, possibly with an alert first, then the response has to be received, then the user needs informing that the email has been accepted and he or she can continue. How do I go about all this?
What do you mean with verified? You can check if an email address is an email address. Other than that you verify an email address by sending an email to it. This always has been a problem.
On my website I use the PHP function getmxrr to validate the domain portion of the email address:
How one might do that in other languages I know not. AFAIK, that is the best that one can do.
That’s what I’m talking about. It seems fairly standard these days that if you are asked for an email address by a website you are automatically sent an email immediately by the site and you have to click on a link in the incoming email so that the website that sent you it knows that you have received it and that consequently the address is a good one. It’s done within seconds and it’s one small step towards confirming the identity of the user.
I’m just asking how that is done because it isn’t immediately obvious to me how to program a Xojo web app to send the email when - for example – the user tabs out of the email field having entered something - and how the app is then informed that the email link has been clicked on so that it can continue to process the registration and add the email to the database.
I suppose I could have a temporary database or temporary table and could manually check the email the next day and reject the registration if the email doesn’t pan out but that would be time-consuming and it wouldn’t be very efficient.
Thanks for your suggestion Tim. If it’s too difficult or too expensive to implement an automatic check that may be the best I will be able to do.
You could just add a “validated” field to the database and just not let the person log in until the link is clicked and the flag is set to true. If you also added a creation timestamp, you could also periodically clean up the ones that are not validated but have aged out.
It’s been a few years since I’ve done it but once the user hits submit, your Xojo web app saves their info to database, and then creates an email (using standard email classes) to their address with standard body text but along with a URL that goes to your web app with special URL handling that essentially verifies it’s who they say they are. In my URL that I generated I had some salted variables that could not be used by any other user for verification.
Then, you update your db to say that they indeed are verified and then you send them to the Login screen so they can test their new fangled username/passoword.
Keep in mind I did this for Web1 so any examples I have would be useless for Web2. But this is what I did for many years (until I closed all my web 1 apps down).
I get them to enter their email address then click the Send button. This gets the WebApp to run a URLConnection to the server that sends the user an email with a 6-digit code. It arrives in seconds in their email. They enter it below (along with their Password) and click Login. They have four attempts to enter the email/password/code combination before the WebApp disconnects them.
Hi David, that sounds pretty close to the kind of thing I’ve experienced several times now.
Thinking aloud: my user will have a GuestUser name (but no password) giving her access to a subset of the main site with information only and the registration page.
I can generate a 6-digit number when she enters the Registration Page then when she has entered all her details and hit the Submit button, the database data string can go on hold while she is taken to a validationPage telling her she is being sent an email with a six-digit code she needs to enter in the six boxes on the page.
When she gets the email she can enter the code, or if she gets in a muddle and gets cut off, she can log in again with her temporary UserName and then get taken back very simply to the validationPage to enter the code.
When she enters it correctly, her database string is executed and she gets a Success, Welcome New Member message. That sounds great.
All I don’t know now is how to get the website to send the email. I’ll try a search for URL Connection. If you or anyone can amplify on how to get the website to email the lady, I’d be grateful!
You need the EmailMessage class. See:
(I’ve not used these myself).
You need an email server to send the email. For something like this, a transactional email service is the way to go. I wrote a class to send emails with Mailjet using Xojo’s EmailMessage class. Mailjet has a free sending level, so you should have everything you need to send verification emails
After checking the MX records exists, you can then connect to the email server (using an SSLSocket for example) and send the “HELO” (or “EHLO”), “FROM” and “RCPT TO”. If the server responds with a 250… it’s likely the email address exists. The whole process takes 1~5 seconds.
The gotcha is the IP address you’re sending these commands from should be in a whitelist.
It’s a fun project to learn more about email servers.