[SOLVED] Unsubscribe Link - Random String

[twofivethreetwo]

Here is what I have; a script like a mailing list, its for club and orgs to keep their club members updated on their field status. Emails are sent to those who subscribe via the website.

 

Here is what i'm looking for; To unsubscribe they will click a link in their email (either the welcome email or any of the emails to the list). The unsubscribe link will be www.domain.com/fieldstatus/unsubscribe.php?id=1&validate=RANDOM_STRING ... What is the best way to create a random string of characters when a user subscribes and verify it isn't used in the database already? Would I just have it create the random string and then just sql check it against the database before inserting, if its there random again, if not insert.

 

The sql for subscribers is like this;

id  |  email  |  validate |

 

I want a random string for validate as I don't want people directly accessing unsubscribe.php?id= and putting in a random id number removing people. This way the validate string will be included but be random... Or do you have other suggestions for this?

[igor berger]

Yes, you got the idea!

[twofivethreetwo]

Alright, I just wasn't sure if there was another way or a better way then that or if php/sql had a function just for that creating a unique string or id... Thanks for the reply.

[igor berger]

random()

[Ninjakreborn]

It's not too hard.  Simply when they sign up create a random variable with a random combination of letter's, number's and possible some symbols (keep them url safe).  Then email that link over to the email address and save the code in the db.  In the link have auth=code (whatever the code was) on te website, just grab the url and parse that variable auth and check to see if it's in the databsae.  HAVE THEM enter the email address/auth code BACK into the system (with captcha) for security and then they are validated into the system and can login.  On the login page check if they are activated (just set activated to 0 at first and 1 after they are validated.

[twofivethreetwo]

How would I limit the rand() string to like 7 chars?

[only one]

How would I limit the rand() string to like 7 chars?

 

getrandmax()

[twofivethreetwo]

Doesn't that just return the max rand? I am creating a unique auth code to validate users but want to limit the chars the rand code generates.

[only one]

Why don't you rand and then strip the string, check the substr() manual: http://php.net/substr

[unidox]

Use This to gen a random alphanum string:

 

// Generates Random String
$allow = "abcdefghijkmnpqrstuvwxyz23456789";
srand((double)microtime()*1000000);
for($i=0; $i<8; $i++) { // Change $i<8; to a number of digits you want. I like 8.
$activation .= $allow[rand()%strlen($allow)];
}

[kratsg]

actually, I just prefer the following o_o

 

Adding on from previous for nearly random.

 

$allow = "abcdefghijkmnpqrstuvwxyz23456789";
srand((double)microtime()*1000000);
for($i=0; $i<8; $i++) { // Change $i<8; to a number of digits you want. I like 8.
$activation .= $allow[rand()%strlen($allow)];
}

$number = rand(0,99999999);//max of 7 digits
$random_string = md5($activation.sha1($number));

 

I can almost guarantee that $random_string will be almost nearly random, lol (don't argue semantics with me o_o) the hashes generate encrypted strings that involve all the characters you want really, not that you would want to decrypt it.

[twofivethreetwo]

Thanks for the replies guys. Exactly what I was looking for.