Email verification ni muhimu kwa:

Kuthibitisha kuwa user ana control ya email waliyoingiza.

Kuzuia fake accounts na spam registrations.

Kuweka security na integrity ya system.

Mfumo huu unatumia:

Token unique kwa verification.

Database column ya is_verified kuonyesha status.

Link ya verification inayotumwa kwa email.

βš™οΈ 2. Database Setup

Tengeneza table users na field ya is_verified na verification_token:

CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
is_verified TINYINT(1) DEFAULT 0,
verification_token VARCHAR(255),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);


πŸ’‘ Maelezo:

is_verified = 0 inamaanisha email haijathibitishwa.

verification_token itumike ku-link user na verification.

🧩 3. Registration na Token Generation
<?php
include 'config.php';

if($_SERVER['REQUEST_METHOD'] === 'POST'){
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];

if($password !== $confirm_password){
$error = "❌ Passwords do not match!";
} else {
// Hash password
$hash = password_hash($password, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes(50));

// Insert user with token
$stmt = $pdo->prepare("INSERT INTO users (username,email,password,verification_token) VALUES (:username,:email,:password,:token)");
$stmt->execute([
'username'=>$username,
'email'=>$email,
'password'=>$hash,
'token'=>$token
]);

// Send email verification link (pseudo)
$verify_link = "https://yourdomain.com/verify_email.php?token=$token&quot;;
echo "βœ… Registration successful! Verify your email: <a href='$verify_link'>$verify_link</a>";
// In production, use mail() or PHPMailer
}
}
?>

<h2>Registration</h2>
<form method="POST">
<input type="text" name="username" placeholder="Username" required><br><br>
<input type="email" name="email" placeholder="Email" required><br><br>
<input type="password" name="password" placeholder="Password" required><br><br>
<input type="password" name="confirm_password" placeholder="Confirm Password" required><br><br>
<button type="submit">Register</button>
</form>

πŸ”‘ 4. Email Verification Page (verify_email.php)
<?php
include 'config.php';

if(isset($_GET['token'])){
$token = $_GET['token'];

$stmt = $pdo->prepare("SELECT * FROM users WHERE verification_token=:token");
$stmt->execute(['token'=>$token]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if($user){
// Update verification status
$stmt = $pdo->prepare("UPDATE users SET is_verified=1, verification_token=NULL WHERE id=:id");
$stmt->execute(['id'=>$user['id']]);
echo "βœ… Email verified successfully! You can now <a href='login.php'>login</a>.";
} else {
echo "❌ Invalid verification token!";
}
} else {
echo "❌ No token provided!";
}
?>


πŸ’‘ Maelezo:

Baada ya verification, token inafutwa ili kuzuia reuse.

User sasa inaweza ku-login tu ikiwa is_verified = 1.

πŸ“ 5. Login Check kwa Verification
if($user && password_verify($password, $user['password'])){
if($user['is_verified'] == 0){
$error = "❌ Please verify your email first!";
} else {
// Continue login
}
}


Hii inazuia unverified users ku-access system.

🧠 6. Vidokezo vya Usalama

Use unique tokens (bin2hex(random_bytes(50))).

Expire token after certain time (optional).

Send email via secure method (PHPMailer with SMTP recommended).

Always hash passwords.

Check is_verified before allowing login.

βœ… 7. Hitimisho

Email verification ni muhimu kwa account security na integrity.

Hutoa njia ya kudhibitisha email ya user kabla ya login.

Best practices: unique token, optional expiration, secure email sending, and password hashing.

πŸ”— Tembelea:

πŸ‘‰ https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, user authentication, na web security.