Ideas not code

[onlyican]

Hey

I have created an affiliation script
The affiliates log in and can check how much money they made
The admin uses the email address provided on registration to pay them with paypal.

The affiliate logs in using there email address and password

NOW

I was thinking, what if the user needs to change the email address for some reason, as we are talking about money here, what is the best way to do this

One idea I had was to send an email to the affiliate to there OLD email address, to confirm the changes.
This way, if someone else did hack in and change the email address so they get paid, the other guy knows

Anyone got any better ideas?

[hostfreak]

That sounds like the best idea to me.

[ScottRiley]

Yeah, I'd say so, send them an e-mail saying that someone has requested a change in e-mail, ask them to confirm by e-mailing you a code you sent to their old address, from their new adress.

eg [email protected] wants to change their address to [email protected]

email [email protected] with a code and an explanation of what has happened, ask them to e-mail you this code from [email protected].

Just a suggestion.

[Orio]

When someone want's to change his email, add to their row in the database, in the column email_change_code, a random md5 string for example- $rand_code=md5("abc".time().rand(1000,9999)."123"). Then, send to [email protected] a email with the following link:
www.domain.com/emailchange.php?code=$rand_code&id=$id ($id is the number that is set for the company in the table, in the auto increment field)

emailchange.php will check if the value in $_GET['code'] is the same as in the database in the row where it's id is $_GET['id']. If there's a match, continue and change the email :)

Orio.

[onlyican]

I like that idea Orio

Thanks guys, I might finish this tomorrow