I'm working with Tornado and MongoDB and I would like to send a confirmation email to the user when he creates an account in my application.
For the m开发者_高级运维oment, I use a simple XHTML page with a form and I send information to my MongoDB database using Tornado. I would like to have an intermediate step which sends an email to the user before inserting the data into the database.
I would like to know how could I send this email and insert the user account only after the user receives the email and confirms his registration.
What you need is an activation URL. The activation URL contains a unique ID, a UUID perhaps, which is verified when the user clicks the activation URL.
To avoid storing the user data in the database, you could store the user data in the activation URL sent to the user:
import urllib
data = urllib.urlencode({'name':'joe', 'password':'1234'})
activation_url = 'http://example.com/activate?%s' % data
But because user information is sent in plain text this method is very insecure.
The correct way to approach this is to store the user's information along with an activation flag in the database. When the user clicks the activation URL, the unique ID is verified and the activation flag is set to true enabling the new user account.
Sending email in Python is pretty straight forward when you have access to a SMTP server or Gmail account.
The Python docs contain some examples of sending email from Python.
I wonder why you would handle registration like that. The usual way to handle registration is:
- Write the user info to the database, but with an 'inactive' label attached to the user.
- Send an email to the user.
- If the user confirms the registration, then switch the user to 'active'.
If you don't want to write to the database, you can write to a cache (like memcache, redis), then when the user confirms the registration, you can get the user info from the cache and write it to the database.
精彩评论