Confirm subscription

[rondog]

I am converting a cold fusion form to PHP. This is a subscription form, however, you need to confirm by clicking a link in your email. The current one sends a link that looks like this:

 

index.cfm?page=xcdi&uid=%"-\5CK0EX %0A

 

Thats what it looks like if I hover over the link. If I copy the link it looks like this:

 

index.cfm?page=xcdi&uid=%25%22%2D%5CK0EX%20%0A

 

I know I can just do a confirm.php?id=xx ,but I figued it would be easy for someone to just type that in the url window and put in any id. Is their a way to avoid that? Another solution than id=xx perhaps?

[rondog]

What if I sent a MD5 of their email as their confirmation key..like:

 

subscribe.php?confirm=$md5edEmail

 

the user will see:

 

subscribe.php?confirm=3b7d2776ddcfe9d17833e1078285302d

 

Since MD5 doesn't work backwards, how can I query that against the database?

[DarkWater]

http://yoursite.com/subscribe.php?id=ID&act=RANDOM_MD5_CODE_IN_DB

 

When they register, set a random MD5 (md5(uniqid(rand(), true))) in their database record.  Then set it to NULL if it matches on subscribe.php.  Then, you know they subscribed if activation = NULL.

[rondog]

Yeah I was afraid of doing that because the table is already made with 15,000+ subscribers. I wanted to try and not alter the table, but I may have to