email-confirmation

Best practices for email confirmation codes

Hi I'm creating a PHP website which involves users signing up, and I'm wondering about best practices for "email confirmation" codes. New users must confirm their email addresses - I do this by generating a code and sending it to the user in an email, which he can then use to activate his account. Rather than storing this key in a data...

Manually logging in a user without password

Hi everybody; I hope you can help me figure the best way to implement a manual (server-side initiated) login without using the password. Let me explain the workflow: User registers Thank you! An email with an activation link has been sent blablabla (Account now exists but is marked not enabled) User opens email, clicks link (Account ...