verify e-mail address

Hi, I have a sign up form where I have 2 fields to verify it has the same e-mail, and a capachta on it, but I still get lots of bad e-mail address. How hard would it be to re write the application to have it so when the user signs up a verification e-mails go out, they click on a link and then they would be added to the database. I have seen this on some sites, where you have to verify your e-mail by a e-mail being sent. It seems like it would be complex to do this, as once they verified the e-mail address by clicking on the link, how to add them to the database then. Any help or ideas would be greatly appreciated thanks, Johnny

> I have a sign up form where I have 2 fields to verify it > has the same e-mail, and a capachta on it, but I still > get lots of bad e-mail address. First, I would recommend looking into the wonderful CFFormProtect project at RIAForge (http://cfformprotect.riaforge.org/) rather than using the CAPTCHA.  If your hosting environment can support it, you will see a pretty amazing reduction in garbage making it through your forms with less irritation on the part of your users. > How hard would it be to re write the application to have it so > when the user signs up a verification e-mails go out, they click > on a link and then they would be added to the database. It's actually fairly simple, though there are several pieces involved. The way I generally approach this is to have the initial registration collect the information, do error checking and such, and if everything is okay it will go ahead and create the database record as usual, but with an "isVerified" field set to false.  Another field would contain a randomly generated "activation code" which is sent to the user via e-mail embedded in a link or just in the e-mail content so they can come back to the website, select the activation page, and enter the code to verify their account.  Coupled with a "date created" field you can periodically purge records which have not been activated within a certain period of time.  Doing this can impact other things (such as a lost password process; you have to check to see if the account has been verified before going into the normal process and perhaps re-send their activation code instead). It's actually not terribly complicated once you get the hang of it. If you have any questions please feel free to ask here. -Justin

HI Justin, thanks so much for your reply. I am very sorry it has taken a while to get back to you, as I have been sick. I just download the CFFormProtect and I am going to try it on my localhost, and hopefully my host will support it as well. The registration application sounds complex right now, but I have been asked to do this, so I hope that when I run into issues i can post it here and get some help. again thanks so much for getting back to me! Johnny