Double opt-in via PHP with Mailgun
Creating a custom signup form with Mailgun can be trivial. I receive tons of messages from people asking me to write a tutorial on how to do this in PHP so here it is.
Creating a custom signup form with Mailgun can be trivial. I receive tons of messages from people asking me to write a tutorial on how to do this in PHP so here it is. Before talking code, let’s briefly discuss best practices. If you know everything about double opt-in, skip the next paragraph and move on to the engineering part using our table of contents below.
Table of content
What is double opt-in and as a developer, why do I care?
A double opt-in process is a way of verifying that when a person leaves their details in your newsletter sign-up form on your website, that they actually did sign for it. It achieves this by asking you to acknowledge and confirm that your email address has been added to a certain mailing list. How does it do that? Simply by sending you an email and asking you to confirm you really want to receive emails from that sender. If you don’t confirm your subscription (mostly by clicking on a confirmation link within a confirmation email) you should never receive a marketing (or similar) email from that sender.
Marketing people have learned to dislike this practice as it adds one extra step from reaching their audience, but it is important to understand that without this process anyone could be a target of unsolicited email spam
Without double opt-in, anyone that knows your email address could sign you up to thousands of newsletters and marketing lists on your behalf without your consent.
In most countries, this is required by law but either way, I believe it is a best practice and protects your business from stumbling upon deliverability issues and email abuse complaints.
The first thing you will want to do is create a form that you will have somewhere on your website. This form will ask people for their details that you can save in a database or if supported, within the email platform itself. Mailgun supports the latter (and even more when using custom variable parameters), so you don’t have to worry about having to set up a database to hold this data.
The form will post to a file called
contact.php and will have two fields that are mandatory. You can obviously make the name field non-mandatory or add more, but for the purpose of this article, we will keep it simple!
Feel free to add some style to the form. Right now it’s very basic, but functional.
The interesting part begins here – a file containing all the functions needed to make the form work.
Here is a brief listing of all function created and an explanation of what they do:
SanitizeInputs(): This function is used to clean the userinput from any “damaging” characters
SanitizeEmail(): Same as above but instead, performs a regex check on the email address, we don’t want to send emails to mispelled addresses now do we?
SendConfirmationEmail(): Sends an email to a specified email address, in our case it is the email address specified by the user
MakeConfirmationHash(): Creates a unique hash based on a string concatenation of the user email’s address and a secret string. This string will be sent as part of the URL the user needs to click to verify it wants to receive emails from our site. Secure double opt-in awesomeness.
CheckConfirmationHash(): A function checking that when the user clicks on the confirmation link, the hash contained in the URL is valid. This is very important for the double opt-in procedure, otherwise, anyone could verify each other’s email address.
You can change the text of the email as you wish. Keep in mind that you will be passing the secret hash, the email address and the name of the user back to the script as GET parameters!
Dependency Alert: I’ve used the official mailgun php library available on GitHub
For the logic section, I’ll explain the reasoning behind the code.
When the user enters his email address and name inside the box and submits the form, the following happens:
The script generates a unique code and emails it to the user
The user receives an email with a confirmation link, containing information about him and unique code: Clicking on the email will confirm he is okay with his address being part of our mailing list.
Clicking the URL sends back details of the user who are checked against the unique code and triggers his addition to the mailing list on Mailgun.
And that’s it, double-opt in respected, a well job done!
Let me know if you’ve enjoyed this article by sharing your thoughts in the comment box below or on Twitter; and if you’d love to see this tutorial in a different programming language, please let me know.