aspose file tools*
The moose likes Other JSE/JEE APIs and the fly likes any available API's for sending out user verification mails Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "any available API Watch "any available API New topic
Author

any available API's for sending out user verification mails

Rakesh Shah
Greenhorn

Joined: Feb 14, 2008
Posts: 21
Sorry for posting 3 consecutive mails. but these are 3 genuine problems that i have been facing for the past two days.
When ever a user registers into a forum or a site, Some sites do send out a link on clicking which the user is verified.
Is there any available api's which helps to do this verification process. if not can someone suggest me how to go along with this process.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
There's no particular API I'm aware of, but with a combination of a web site and JavaMail use it's not hard to do. Every web site has their own flow of how the registration should proceed; what ideas/requirements do you have for yours?


Ping & DNS - my free Android networking tools app
Rakesh Shah
Greenhorn

Joined: Feb 14, 2008
Posts: 21
hi Ulf, thanks for the quick response. its just for a final term posject that i thought i would do this. its a complex banking application that has got its own mail server and db servers and all that.
for this when the user registers, he will get an sms with a verification code, that he is supposed to enter into that verification link thats sent out using the Java mail. so fir this i am not able to get that sms api working and got doubt in this user verification mail too.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
This is a very unusual architecture for a registration system. Generally you would send a mail that contains a link which the user must visit. The link would contain an encrypted ID that is tied to the user. So this ID must be stored in the DB together with the user's data. Once the user visits the URL, the system checks that this ID has not been used before (meaning that the link can only be used once) and that it is not too old (meaning it's good for only 24 hours or so).

Note that email is not a secure communications channel, so this must not be the only way of identifying a user. Using SMS along with it doesn't make it a whole lot better. If the user is not authenticated by much stronger means, he must not be allowed to access any account information.
Rakesh Shah
Greenhorn

Joined: Feb 14, 2008
Posts: 21
well right now there is only the mail verfication and sms registration thats possible in a low level right making it not too complicated.
so how do you suggest i go ahead for the mail verification. i mean how do i generate that link for a new user and also how do i check if that link is used or not and also how to check the expiry of the links.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
so how do you suggest i go ahead for the mail verification.

Well, it's an assignment, isn't it? You should figure that out :-)

i mean how do i generate that link for a new user and also how do i check if that link is used or not and also how to check the expiry of the links.

The link needs to contain some hard-to-fake ID, e.g. an MD5 hash of some not-too-short piece of information - maybe the concatenation of the username and the millisecond that the hash was generated. Something you can verify on the server. (A hash is actually better than something encrypted, which I mentioned earlier.)

You need to store all this information along with the rest of the user registration data, wherever you store that. Then if the URL is accessed you can check that all conditions are met.

None of this is rocket science, but if you're still wondering how it all might work, go register yourself on a few web sites and see what they do. That should provide you with ideas.
Rakesh Shah
Greenhorn

Joined: Feb 14, 2008
Posts: 21
thanks Ulf for those motivating words creating a md5 hash is also fine , storing it in the database is also ok.. but problem comes when i want to know if the link is accessed or not,
if its accessed once or not(for that i can use a flag variable right) ,
if the link is expired or not( for that i can check if the time > the time when the hash has been generated right).

but i just didnt get the idea how to know if the link is accessed( that is if the link has been clicked or not)
[ February 17, 2008: Message edited by: Rakesh Shah ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
but i just didnt get the idea how to know if the link is accessed( that is if the link has been clicked or not)


The URL would go to some server component (maybe a servlet) you wrote that records the fact that it has been accessed.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: any available API's for sending out user verification mails