[SOLVED] Email an HTTPS address with Encrypted login for users to "Click and Login"

[luciogodoy]

Hi All;

 

I have developed a web site that monitors the state of the user's routers (UP/DOWN & WHY) it has the usual login web page, since the web site monitors the devices and sends emails when there is a problem, i wanted to send an email with an embedded https link, where the user could click and be directed straight onto the web site, without the need to login.

 

I cannot crack this one, could you guys point me onto some tutorial/examples where i could learn how to do it, pls?

 

Thank you

 

Lucio

 

[binarymonkey]

Doing so would comprimse the security of the account in question.

 

If you wanted to allow access to a certain stat page (and ask them to log in to get complete access to everything else), then you could use a time limited unique key in the URL or something.

 

Eg.

 

https://www.yourservice.com/showalert.php?key=07cc694b9b3fc636710fa08b6922c42bfoo

 

 

You'd have to use a different key every time, and never re-use an old key to limit the possibility of other people getting into that page. Of course, you'd need to have your script generate the key, and store it in a table somewhere, which contains the ID of the login account, etc.

 

Matthew

[luciogodoy]

Tha sounds good.

 

I could generate the key, that cointains the https to the alert page, that would allow the user to login to the site directly, and once logged-in the key is disabled - forever.

 

Thanks

 

 

 

[binarymonkey]

Sounds like you got it 

 

I would also personally make the key only work for 48 hours or something though, in case the users email is intercepted. Email is insecure, which is why you shouldnt send passwords through it. Similarly, you shouldnt send an access key (or any other method of account access) unless it is restricted or limited in a way that it doesnt matter if it fell into the wrong hands.

[luciogodoy]

Thanks a lot.