Reputation: 2339
Algorithm to change email of users
i have web application and in my web application have fiture to change email, this is the effect if users change their email
- after change email will be logout automatically & i'm send activation code to new email.
- if users try to login with new email without activation, it's will be show error because email not activated.
- when users change their email, on my database, email is changed with their new email and i'm change status of users from 1 to 0, 1 is active user 0 is waiting activation. if status is 1 user can be login but if status 0 user cannot login. with code activation that have been sended to their new email user can be activate from 0 to 1 status and can login normaly.
the problem is :
- if new email of users is fake or not valid, users cannot login again.
what your suggestion to fix this problem?
thanks for your answer.
Upvotes: 1
Views: 335
Answers (4)
Reputation: 3998
I would make an additional table called user_emails with next structure:
email_id
email
user_id
currently_active
date_added
Migrate data of emails from users table.
Then I would change my applicaiton to work with this new table where ever you need to get user email.
And drop field email in users table.
After this you have support for multiple emails for one user, which is great for many reasons.
Field currently_active in user_emails table needs to be set to active for some email as far as user did not confirmed new email.
After confirmation just set old email currently_active to 0 and new to 1 and use that condition where ever you need user email.
Upvotes: 0
Reputation: 94
You will just have to add a new table / column for pending mail change. And the process would be like this.
User changes email address and server sends a confirmation/activation mail to old address. At the same time server will also add a pending mail change attribute to user. User still have to log in with old mail address.
User have not activated the new address and logs in with old address. Tell the user that he still have pending mail address change. At this point user can cancel the mail change or go to new mail address and activate the new address.
2.1 User logs off and activates the mail change from the old mail address. Until this activation is done user still have to log in to the system with old mail address.
- After activation / confirmation pending mail address comes the primary address and pending attribute is gone. User can not log in with old mail address.
Upvotes: 0
Reputation: 198101
Do not log them out automatically. If you want, you can already regenerate the session ID, however I do not think that this needs any logout.
Then, do not make the new email address valid unless it has been verified. Also require that users who change their email need to provide the password again before you start to change it.
Then send out the verification email. Only after it has been confirmed, set the new email address for the login.
Upvotes: 1
Reputation: 3496
Only change the email address (what you are doing in step 3) after they click the activation code/link.
Upvotes: 1
Related Questions
- How to give my users email addresses with PHP/SQL and set up Webmail?
- Best algorithm to activate user's account
- How to deal with user email change
- PHP Email change script
- change email address that is being used in server
- PHP change email address on account when logged in
- How can I automatically create an email address for my website members?
- How to identify correct email to update proper database record?
- Designing login system for "lost email"
- Transfer all new e-mails to a database