Right now the token is indefinite, but I'll add in a time based token at some point. I already laid the foundation for the time token in the database & script, but the system is fairly simple.
As you can see here, the activate.php file just takes a token, does some "very basic" checks on html chars / alphanumeric chars and then simply flips a boolean character in the database saying that this e-mail has been authenticated.
It's important to validate e-mails in this way as you want to keep a high sender reputation from your mail server. Bounced e-mails are no bueno.
Also Anomaly has been updated to have 10 levels. The only problem is that it's fairly easy right now because of the rule sets. I need to add more variety to the rules and include multiple rules on the harder levels to mix things up. Right now this will let me play around with rule sets, what is fun, what is challenging, etc and get some feedback as well.
I need to mix it up a bit so that the Anomaly is slightly better hidden on the larger levels. Right now it becomes fairly easy to locate the Anomaly with the ruleset "Adjacent".
Please check out Anomaly and let me know what you think! I'm always looking for feedback on this kind of stuff.