Usually when you sign up for a service, you get an email which says something like ‘please click this link to verify your account’
How can I create the email link to achieve this same result?
The user would have to remain on a tracked path in order to fully verify.
Process will be user signs up> Account is set to ‘unverified’ > user click verification link and is redirected > Account is changed to ‘verified’ > new user has full access.
Thanks!
Hey All, here’s a video on how you can accomplish this using the Random Number Generator and Tadabase REST API Pipes.
Hi Chem
I was looking at this and wonder if its possible to create a variant that would be useful here in europe and meet some GDPR needs. Here is my scenario.
I have much of this working. I can create the email, with the verification link, which goes to a page that contains a user table Form asking for the verification number. I have used a URL var to load the verification number into the form. But now I have hit a brick wall.
I want to verify the form by checking IF the verify code presented is valid and (as the form is in effect anonymous) it needs to verify of its valid against anyone in the Users table … and I don’t know if or how this is possible. I have looked a various pipes, but am not sure which is right. Effectively I want to search the column of verify field, and match for the value in the form. I have looked particulary at the Filter by a single Field Pipe. But, this does not accept the ‘form’ input for the variable part (only records). So I am stumped.
If I could validate the code, I would set the the user to verified, and delete the verify code from their record. Effectively only the unverified users would have an active code, and whilst all are long digits and verification could therefore be forced, its not a concern in my scenario. I am slightly concerned that the random number generator may throw a duplicate, but with a 12 digit number and only a few dozen being ‘active’ at any time thats also not a worry.
… and one other wish. I don’t really want the user to have to press ‘submit’ on the form at all. The link they click has all the data that’s needed. Which makes me wonder if I should be using something else like Zapier or a Webhook for this … I just don’t know.
I have answered my own question and now have a working system for my purposes. I describe it below is case anyone (in EU) is having similar issues.
Need:
This is for a service that will use the customers name and email address for outbound contact. We must have the customer’s double opt in to allow it.
What I have set up is a simple form, where a User adds their name and email address, and clicks to accept the T&C’s. Upon their submission an email is sent to their email address asking them to click the Link it contains to verify it is them, and that they are happy to proceed.
They are taken to a page, where they are asked to click a futher button saying “Verify” - and thats it, its done !
Solution
Add 3 fields to Users table. Text field “VariableX”, Text Field “VariableY”, and an option field where the customer can agree you the Terms.
Create a sign-up form, connected to Users table.
Create rules in that form to set the User to status ‘unverified’.
Use the Tadabase Numeric Utilities pipe to create a large random number (1 use 10 digits) and store this as text in VariableX.
Repeat for Variable Y.
Create a Notification email to user that will redirect them to the URL of a page (that you will create next) and include URL variables like this “?x={variablex}&y={variabley}”
Create a validation page… which has a Search component
The search is in Users table
Add the Variablex field and in its options set a pre-determined logic of ‘is’ and click yes for ‘Get variable from URL’ and set the variable name to x
Repeat for Variabley
Add a table element to the page for the Users table - add a single ‘Action’ field connected to a Buttom saying Verify
In the Action field logic check that the User status is not already Active (notifiy if it is), then set user Status to Active and show a success message.
Edit the page CSS to hide the {display:none;} the whole search component and the User table header
NB: You will note that verification is based upon a correct combination of 2x 10 digit numbers. This is more that sufficient for my needs - others may want to harden it a bit more.
This is excellent and ingenious.
From a security perspective, the email verification code is valid forever. The use can verify an unlimited number of combinations. Eventually the code will be guessed, and someone could sign up with a corporate email, pretending to be someone from an organization.
Would it be possible to make the validation such that there are limits: for instance only 3 attempts with the code (then resend a new code if it doesn’t work), or limit the time elapsed between the account creation date and the form submission (e.g. 2 days).
I don’t know how to modify the validation rule. Should we use more than one Pipe? or something else?
Thanks Ivan
Even reading back what i did a few months ago I have to admit this is ingenious, but not foolproof.
I think I knew that, and for our purposes it is quite sufficient. But yes, you are correct a validation attempt counter would be an easy way to harden this process.
Regards
M