limitphp Posted December 4, 2008 Share Posted December 4, 2008 Is it more secure to validate a user's email address using a generated password sent to their email address or using a validation link sent to their email address? Thanks Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted December 4, 2008 Share Posted December 4, 2008 Doesn't really matter either way so long as the link couldn't be guessed. Quote Link to comment Share on other sites More sharing options...
limitphp Posted December 4, 2008 Author Share Posted December 4, 2008 Doesn't really matter either way so long as the link couldn't be guessed. Would something like md5(uniqid(rand(),true).$salt) be ok to use? I understand how to send a link to their email address with a unqiueID as a querystring, but I'm not sure how to implement it from there. Would I create a page, like validateUser.php and on that page accept querystrings with these uniqueIDs, and match them up with a userID in a table? Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted December 4, 2008 Share Posted December 4, 2008 Yep, that should be fine. And that sounds about right. When the user registers, you should store this validation code in the database too. You'd then search the database for the validation code that the user provides and then active that user's account. Quote Link to comment Share on other sites More sharing options...
limitphp Posted December 4, 2008 Author Share Posted December 4, 2008 Thanks for the help! Quote Link to comment Share on other sites More sharing options...
gevans Posted December 4, 2008 Share Posted December 4, 2008 You could just use a guid, php 5+ has a built in function function guid(){ if(function_exists('com_create_guid')) return substr(com_create_guid(), 1, 36); else { $uid = strtoupper(md5(uniqid(rand(), true))); $h = '-'; $uuid = substr($uid, 0, .$h.substr($uid, 8, 4).$h.substr($uid,12, 4).$h.substr($uid,16, 4).$h.substr($uid,20,12); return $uuid; } } Quote Link to comment Share on other sites More sharing options...
limitphp Posted December 4, 2008 Author Share Posted December 4, 2008 You could just use a guid, php 5+ has a built in function What is the difference between a guid and a uniqID? Quote Link to comment Share on other sites More sharing options...
gevans Posted December 4, 2008 Share Posted December 4, 2008 Uniqid; Gets a prefixed unique identifier based on the current time in microseconds GUID; A GUID is generated in the same way as DCE UUID's, except that the Microsoft convention is to enclose a GUID in curly braces. Basically UNIQID can be used to build a GUID in older versions of PHP Quote Link to comment Share on other sites More sharing options...
limitphp Posted December 4, 2008 Author Share Posted December 4, 2008 Uniqid; Gets a prefixed unique identifier based on the current time in microseconds GUID; A GUID is generated in the same way as DCE UUID's, except that the Microsoft convention is to enclose a GUID in curly braces. Basically UNIQID can be used to build a GUID in older versions of PHP When I send the link with the unqiueID, do i need to put the link in curly braces? ex) validate.php?verify={sdhjkjh345kjh45kjh6jha90} Quote Link to comment Share on other sites More sharing options...
gevans Posted December 4, 2008 Share Posted December 4, 2008 no, The function I wrote strips the curly brackets from the start and end of the ID Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.