HGeneAnthony Posted May 13, 2011 Share Posted May 13, 2011 I'm working on a new user submission form and I was wondering whether it's safe to send a confirmation letter to the user using their hashed password as their confirmation code? Since this is a hashed password it can't be decrypted (I believe), the password is useless because it's always hashed before login so it can't be used to login to the system, it's only being emailed to the user who's account is tied to the account, and it would save me the option of having to store a confirmation code field in my DB. Is this safe? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted May 13, 2011 Share Posted May 13, 2011 I generally just generate a random confirmation code like you mentioned. Only takes a couple extra lines of code. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 13, 2011 Share Posted May 13, 2011 I would do something like this function genURL($id,$uname){ $salt = rand(0,94821); return base_convert($id.$uname.$salt,34,16); } Then, store the result in your database as verification key. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.