Learn web development

How to create a email verificaiton system

How to create a registration page with email OTP Verification system

In the digital age, where security is critical, OTP (One-Time Password) verification has emerged as a reliable way to ensure the safety of user accounts and sensitive information. In this tutorial, we’ll explore how to implement a PHP-based OTP verification system that securely verifies a user's email address during signup, preventing unauthorized access and protecting user data. Let’s break down each component of this system, from user input validation to database management and email handling with PHPMailer.

1. Understanding OTP Verification and Its Importance

OTP verification adds a layer of security by requiring users to enter a temporary, one-time password sent to their email before completing registration. This extra step ensures that the person signing up has access to the provided email address. For websites handling sensitive data, such as online stores, banks, or management systems, OTP verification helps mitigate risks associated with fake registrations, spam, and unauthorized access.

2. Overview of OTP Sending System

This system relies on a combination of PHP, MySQL, JavaScript, and PHPMailer to achieve a streamlined user experience. Here’s a quick rundown of the tools:

PHP: Handles the server-side logic, from processing form submissions to interacting with the database.
JavaScript: Generates the OTP dynamically on the client-side for secure transmission and display.
MySQL: Stores user information and tracks the OTP verification status, ensuring data integrity.
PHPMailer: A powerful library to handle email functionality, allowing us to send emails via SMTP with high reliability and minimal effort. click here to Download PHP mailer

php mailer from github.

click here to download cover image

3. Setting Up the Signup Form with Bootstrap for Responsiveness

The signup form’s user interface is designed using Bootstrap to provide a modern and responsive design. The form includes fields for name, phone, email, and password, making it simple for users to sign up. Each input field has an accompanying icon for better UX, and the entire form is housed within a styled container to enhance the aesthetic appeal.

The form’s layout is responsive, adapting seamlessly to various screen sizes, so users can complete their registration on both mobile and desktop devices. Additionally, each form field includes validation attributes to ensure users enter their details correctly, reducing potential errors.

4. Generating a Random OTP with JavaScript

To create a unique OTP for each signup attempt, JavaScript generates a random six-digit number every time the signup form is loaded. This OTP is embedded in the form as a hidden field, which is then submitted alongside other user details to the backend.

To ensure the OTP remains unique, JavaScript stores the last generated number in the browser’s local storage. This prevents duplicate OTPs from being generated during successive attempts, making the process secure and reliable. This feature also helps to minimize server load since the OTP is generated on the client side, saving server resources for handling database operations and sending emails.

5. Handling Form Data and Saving OTP in the Database

Once the form is submitted, the PHP script processes the input data and connects to the MySQL database. Here, user details, along with the OTP and IP address, are inserted into an otp table. Storing the IP address adds an additional layer of verification, allowing the system to cross-check the origin of requests and detect potential misuse.

In the database, the OTP is marked with a "pending" status until the user successfully verifies it. This approach helps track unverified OTPs, ensuring users complete the verification step. Should an OTP remain unverified, it can be automatically invalidated after a certain period, further enhancing security.

Database name is sent_otp and table name is otp

table content:

name
email
phone
password
otp
otp_send_time
verify
ip
status

6. Using PHPMailer to Send the OTP to the User’s Email

Once the data is saved, the script initiates an email using PHPMailer. This PHP library simplifies email sending by connecting to an SMTP server (in this case, Gmail’s SMTP server) and delivering the OTP directly to the user's email. PHPMailer handles both plain text and HTML emails, making it versatile for various applications.

By using SMTP authentication with secure encryption, PHPMailer ensures that the email containing the OTP is delivered securely to the recipient. If there’s an error during this process, the user receives feedback, helping them understand if any issues arise.

7. Verifying the OTP Code and Updating the Database

After receiving the OTP email, the user inputs the code into the OTP verification form. When the form is submitted, PHP fetches the latest OTP associated with the user’s IP address from the database and compares it with the user’s input.

If the OTP matches, PHP updates the OTP status in the database from "pending" to "verified," indicating successful verification. Users are then redirected to a confirmation page, completing the signup process. If the OTP doesn’t match, the user receives an error message, prompting them to re-enter the code or request a new OTP if needed.

8. Handling Errors and User Feedback

User experience is essential in any application. This system includes JavaScript-based error handling for the OTP generation and PHP-based error handling during the form submission and database interactions. For instance, if there’s a database error while saving the OTP, the user is informed immediately, preventing confusion and frustration.

Moreover, email feedback ensures that users know the status of their OTP, whether it’s been successfully sent, delivered, or encountered an issue. This level of feedback promotes a smooth user experience, guiding users through the verification process without unnecessary friction.

9. Securing Sensitive Data

With sensitive data being transferred, security is a top priority. Passwords are stored securely using strong hashing algorithms, and the database only saves necessary data. By focusing on security in both email transmission and database storage, this OTP verification system minimizes vulnerabilities and keeps user data safe.

10.Verification Success page

After successful verification .it will redirects into a page called success.php.It will created by html and css. Click here to download success.php

11.Login page.

After successful verification. It will refer into a page login.php.click here to download login.php

Check the page carefully to download the login form .

Full Tutorial of OTP Email verification system

Ending:

OTP verification significantly improves the security of user registration processes, and implementing it in PHP with PHPMailer offers a reliable way to verify user identity. With this approach, you ensure that each new user is authentic and that their details are secure. Whether for websites handling sensitive data or applications aiming for better account security, OTP verification is a practical and essential step. By following this guide, you can implement a secure and user-friendly signup process that instills confidence in your users and protects their data effectively.