I realize that this question has been asked many times, but I've yet to find a flatfile version.

I'm looking for a way to achieve this:

Scenario:

A person submits their email address via a form.

The email is then stored in flatfile database (.txt)

The person then gets an auto-reply email with a link to confirm their email address.

Upon confirming after clicking the link, their email address is saved to a new file confirmed_emails.txt for example.

Is this possible without the use of a SQL/similar datase, and how can I achieve this?

Note: SQL or other database option, is not an option unfortunately.

The way email validation usually works is to have a unique key or hash that is sent to the email, and then passed back to the webpage when the user clicks on the link. The web page then needs to identify that the hash is the same as that which was generated for that email, the storage mechanism is largely irrelevant to this process.

You could for instance, store the hash together with the email in a flat file.

newuser@hotmail.com=GENERATEDKEYHASH
...

Or you could generate the hash based on the email address itself, so that the confirmation page will recreate the hash from the email and it must match the originally created hash to verify. This way you don't need to actually store the hash at all.

I have researched the idea for 3 solid days now, and have no idea how to set it up.

I will give you a really basic example of how this might work. Take a look at the md5 hash function.

This function will generate a hash (using the md5 algorithm) from any string you provide, the hash will always be the same given the same input string. For instance, 'user@hotmail.com' will always produce the hash '7b928f8a1884fc44709e0b17ec65228c'

So your registration page would include something like this:

$email = $_POST['email']; // get the users email address from the form post
$hash = mdf($email); // generate the hash code
$link = "http://mydomain.com/confirm.php?email=".urlencode($email)."&hash=$hash"; // include the hash code in link to email to user

You then send the email to the registered address with the generated link, and the user must click on the link to confirm their valid email address. The confirm.php page will then check the hash code.

$email = urldecode($_GET['email']); // grab the email & hash code from URL
$hash = $_GET['hash'];
if (md5($email) == $hash) { // check if the hash code matches
    // successfully validated
    // add email to registered user list here...
} else {
    echo "invalid registration";
}

---

Note that md5 is a common algorithm and you may want to vary you hash output by adding something unique of your own to it so that people can't generate their own hash codes to manipulate or bypass the registration system. This is called Salt and is generally a fixed or random string that you add to your data before generating the hash.

Example:

$hash = mdf("mysalt".$email."moresalt");

Of course there are better/more creative ways of doing this, but you must be able to use the same salt when verifying the hash code as well.

if (mdf("mysalt".$email."moresalt") == $hash)

Hopefully this explains enough for you to have a play with some code of your own.

cheers
/H

correcting my code because apparently I'm dyslexic...

md5($email);

etc... not mdf

can't believe I posted that wrong through that whole thing and didn't even notice ... <facepalm/>

Yes, I caught that lol! No harm done, yet I'm getting server error, see comments in code below.

Any idea as to why?

<?PHP
$email = $_POST['email'];

$to = "myemail@somewhere.com";
$subject = "Please confirm your email";
$headers = "From: $email\n";

$message = "A visitor to your site has sent the following email address to be added to your mailing list.\n


$user = "$email";
$usersubject = "Thank You";
$userheaders = "From: myemail@somewhere.com\n";

// this gives me 500 error
//$hash = md5($email); // generate the hash code

// this also gives me 500 error
$hash = md5("mysalt".$email."moresalt");
$usermessage = "Thank you for subscribing to our mailing list. http://www.mysite.com/confirm.php?email=".urlencode($email)."&hash=$hash";";


mail($to,$subject,$message,$headers);

mail($user,$usersubject,$usermessage,$userheaders);

?>

<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Name: <input type="text" name="name" value=""><br />
Email: <input type="text" name="email" value=""><br />
Message:<br><textarea name="message" rows="" cols="30"></textarea><br />
<input type="submit" name="submit" value="submit">
</form>

This is the error I pulled from my log

PHP Parse error:  syntax error, unexpected T_STRING in ...

Update: I figured out what the problem was, it works now.

I don't know if you saw my comment in the upvote box, but said how much I truly appreciated this. You've made someone very happy today, cheers~

No worries. Doesn't look like your comment stuck, but thanks and glad I could help.

I don't know what's wrong with their commenting system. Oh well, they'll fix it I'm sure. Cheers~