• 0

A Little Help Please

Asked by squ1die,

 Share

Question

Collaborator

squ1die

Posted
Posted

http://piliffe.contrasthost.com/notemate

I've been working on this small project. I'm currently trying to implement a simple security measure.

Basically on the protection page:

http://piliffe.contrasthost.com/notemate/p.../protection.php

Users need to be able to submit their email address to be "added" to the email protection database. Currently the email protection database is a flat file named emaildb.txt.

I don't just want users to be able to add their email address by simply typing their address and pressing submit. I want an email sent to the address they supplied asking them to verify the email address by pressing a link within the email. When the link is pressed it takes them to a page on the NoteMate website and says the email address has been verified and automatically adds their email address to the flatfile.

As simple as this may sound I can't seem to be able to be able to create a script capable of doing this.

Also on the protection page is the same form for users to do the same as written above to remove their email from the email protection database. Simply supplying and verifying the email address will remove it from the flat file automatically.

If anyone can please help me with this I will be so very appreciative.

Thank you for your time. :)

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0
Enthusiast

zeddydotorg

Posted
Posted

OK, ive done this recently for my blog - users must create an account to post comments. Once they sign up for an account they have to verify it via email.

I think this is what you'd have to do:

1. When the user enters their email - validate it

2. Save their email in the table along with a random secret code, that could possibly be the md5 of their email.

3. Send an email to them providing them with the code and the url to validate it.

4. The validation script then clears the secret code field in the db upon sucessfull activation.

Not sure if you wanna do it that way, but it works for me.

Link to comment
Share on other sites
  • 0
Rising Star

505

Posted
Posted (edited)

If you really want to keep it secure, just hashing the e-mail address is not such a good idea. Easily guessable. Either user something like md5(email . secret_word). Secret_word is just some string in you source, but you need to keep is save. Another possibility is to hash the time in microseconds, or even just the unix time.

In pseudo code, it would be something like this:

if (isset($_GET['hash']))
{
	 get hash code for this e-mail address from table
	 if hash == $_GET['hash']
		   copy e-mail address to table
}
else
{
	 //user has just entered an e-mail address to sing up with
	compute a hash code
	store e-mail address and hash code in separate table
	mail user the validate URL, like validate.php?email=user@example.com&hash=fb3af44c21f1f68cc25fda7edb8c1bd3
}

Edited by 505
Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.