tjdww Posted June 11, 2015 Share Posted June 11, 2015 Hi all. Am trying to write a login/register script (bare with - I am brand spanking new to this!!). I have followed tutorials and such and have gotten most of what I need however this issue is now bugging the hell out of me... From my registration page I have validated the form data, uploaded it into a db and can send the verification email with a link. BUT... if I hit 'view cource' once I see my echo message to tell the new user that they have mail I can clearly view the link and the hash code I have inserted. Please (please!) correct me if I have this wrong but that means I don't need to receive an actual email to verify my registration??! I could just make up an email (or worse - use yours!) and register with that. Cut/paste the link into a browers -boom!? My form uses bootstrap and a jquery plugin for client side validation. And I am using PHPMailer to send the email. Many thanks in advance... Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 11, 2015 Share Posted June 11, 2015 Instead of adding the hash code to link, you could just add the user's login ID. You can then have the link lead to a script that looks up the ID and sends the hash code via email. The hash code never needs to be sent to the browser. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.