md5 has for double opt-in: missing something ?

hi all,

I have made a script to register contacts in a database with the double
opt-in system.

Anyway, when looking for some examples, I have found the following
script which uses a md5 hash code to append on the confirm url sent by
email to the registering user.
I tried it but with no results. Don't you think is it missing anything
?
How could it work without storing the hash code for the user in a
database?
To confirm a registration I think the script should look if the access
key matches the one it already knows, shouldn't it ?

Anyway I have no problem to insert into the database the hash code ,
it's just I want to know if I am right to believe the following script
was wrong .

tia

johnny

hi all,

I have made a script to register contacts in a database with the double
opt-in system.

Anyway, when looking for some examples, I have found the following
script which uses a md5 hash code to append on the confirm url sent by
email to the registering user.
I tried it but with no results. Don't you think is it missing anything
?
How could it work without storing the hash code for the user in a
database?
To confirm a registration I think the script should look if the access
key matches the one it already knows, shouldn't it ?

Anyway I have no problem to insert into the database the hash code ,
it's just I want to know if I am right to believe the following script
was wrong .

tia

johnny
here's the code

<?
/* Simple email validation by TDavid at http://www.tdscripts.com/
for http://www.php-scripts.com/php_diary/011103.php3
If you use this code then please do not remove this header
*/

$from = $_REQUEST['e_addy'];

// is the $from email address in valid format?
if(eregi("([[:alnum:]\.\-]+)(\@[[:alnum:]\.\-]+\.+)", $from)) {

eregi will (because it's POSIX extended) not use the \ as escape but rather
treat them as a \ character. [:alnum:] will work though. \ in a POSIX
character class loses its significance (as I've recently learned). so strip
those out of the character classes. should be
if(eregi("([[:alnum:].-]+)(\@[[:alnum:].-]+\.+)", $from)) {

<?php if(eregi("[[:alnum:]]","z")) echo 1; else echo 0; ?>
1
<?php if(eregi("[\.\-]+","\\")) echo 1; else echo 0; ?>
1
maybe they were looking for preg_match instead.
<?php print preg_match("/[\.]/","\\") . "\n" . preg_match("/[.]/","z"); ?>
0
0
<?php print preg_match("/[\.]/","."); ?>
1

I dunno - loks like the validation thing might work.might need an <a
href=""></a> in the link and send the mail as html email though.

// create the MD5 hash
$secret_code = 'secret';
$formatted_email = preg_replace("/(-|\@|\.)/", "", $from);
$hashed = md5("$secret_code $formatted_email");

// wait, are we verifying the email?
if($_REQUEST['m'] != "") {
// this is validation routine
if($hashed == $_REQUEST['m']) {
print("Congrats, you have successfully validated your email
address. This is just a test and your email address has <b>not</b> been
saved.");
// add the email to your double opt-in list here
exit;
} else {
print("Sorry, this email does not validate");
}
} else {
// since we aren't validating then it is time to send out
validation mail

$mail_body = "To validate this email click the following
link:\nhttp://www.php-scripts.com/php_diary/example37.php?e_addy=$from&m=$hashed";

mail($from, "Validation Email", $mail_body, "From:
ex*******@php-scripts.com\n");
print("Please check your email <b>$from</b> for the test validation
message");
}
} else {
print("Sorry, this email address: <b>$from</b> doesn't seem to be in
the right format.");
}
?>