Codarz360 Posted August 24, 2011 Share Posted August 24, 2011 Hey, I'm wondering how to secure my unsubscribe link. Currently the link looks something like this delete.php?id=6 the number is the field id of the email address. However when if someone then changed the to delete.php?id=5 then the email address with the id 5 would be deleted. I have tried doing an MD5 but it doesn't seem to work. Any ideas I've been trying all day. Link to comment https://forums.phpfreaks.com/topic/245586-securing-unsubscribe/ Share on other sites More sharing options...
WebStyles Posted August 24, 2011 Share Posted August 24, 2011 you can do an md5 on the email... imagine you link becomes: delete.php?id=5&e=XXXKDGDHFGFTSGSJAAS (simulating md5 hash of email) then instead of deleting straight away, you first grab the email with id number = 5, apply md5 to it and check if result is the same as $_GET['e'], if it is, you're good to go. this way, a hacker would need to know the person's email, and also their id in the database. You could also add salt to your hash to make it even more secure. Link to comment https://forums.phpfreaks.com/topic/245586-securing-unsubscribe/#findComment-1261370 Share on other sites More sharing options...
Codarz360 Posted August 24, 2011 Author Share Posted August 24, 2011 Thanks for the help I will try that. Link to comment https://forums.phpfreaks.com/topic/245586-securing-unsubscribe/#findComment-1261416 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.