Easy e-mail verification

What is this?

A PHP e-mail verification algorithm, requiring users to enter in a code from an e-mail to verify that they aren't creating multiple accounts on your site. It's a simple technique which I think many web developers are unaware of.

The problem with existing solutions

These are the usual ways of handling verification codes:

However using the algorithm below no information is stored on the server until after the user has validated their address. The user registration process can begin after the user has been validated, which means less wasted database space and resources, and a more reliable & valid table of user accounts.

How users experience it

A form is shown before the registration process has started prompting the potential new user to enter an EasyCaptcha captcha image code, and their e-mail address.

1. Validate as human

If the captcha is entered correctly an e-mail is sent out to the e-mail address the potential user provided, with a code to allow them to continue the registration process.

2. Validate e-mail address

The user goes to their e-mail inbox, visits the link given in the e-mail with the code, which validates their e-mail and takes them to the full registration form asking for username, password, etc.

3. Register new account

Now the actual registration process begins, without worrying about invalid e-mails.

How does it work?

The e-mail validation code is generated by hashing a secret code and the user's e-mail. The only way the user can know the validation code is by seeing the e-mail that was sent.

EasyCaptcha is used to prevent abuse by ensuring that for each e-mail sent someone must have entered a captcha-code. This prevents the e-mail feature being abused to send unwanted e-mail, and it also requires no server-side storage.

Here is the sample implementation of the algorithm.