email 验证表 php

Question

I have a web page registration form which asks for the person's email address plus some other info. When the page is submitted the programs checks if that email address is already in the database. If it is not the info is added to the database and an email is sent to the registered email address with a link which which is then used to verify the person's email. If the email is already present in the database the registration is prevented.

How do I deal with a malicious entry if the email entered does not belong to the person entering the form but belongs to another potential registrant? True a verification email will be sent but it might be ignored since the recipient did not register in my website

Could use some ideas Thanks

I am not sure how to proceed to prevent a malicious entry

Answer 1

You've basically already dealt with it. The validation email is the way you stop someone registering with another person's email address, because - unless they've gained unauthorised access to that mailbox - they can't ever verify the account and complete the registration.

The only problem I can think of with your description is what happens if someone tries to register with an email they cannot verify, and then later the legitimate owner comes along and enters that email again.

There are probably a couple of solutions:

1. At registration, if someone tries to register with an existing but unvalidated email,simply re-send the validation mail again as if nothing had happened.

And / or

2. Set an expiry time so that if an account is not verified within a set amount of time, you automatically delete that record from the database.