[nycphp-talk] Email Signup Script
Rolan Yang
rolan at omnistep.com
Mon Aug 30 18:11:25 EDT 2004
You would probably want to add some randomness to the confirmation code
instead of using a straight md5 hash of the email because anyone could
create a email request then confirm it (by md5'ing the email address and
pasting to the end of the confirm url). Better to generate a random
number, add it to the end of the email, maybe add unix time to it, then
md5 the whole mishmash. Save that result as a key in the database. The
confirm script would then look up and validate the user based on that
key value.
~Rolan
David Mintz wrote:
>On Mon, 30 Aug 2004, Joseph Crawford Jr. wrote:
>
>
>
>>
>>
>
>
>(1) create a MySQL table with fields id, email, is_confirmed etc. Make
>email a unique index. Make a varchar(32) column called conf_code for
>holding an md5 hash of the email. make is_confirmed an unsigned tinyint
>default 0.
>
>(2) the signup script:
>
>i
>
>send email to $their_email saying thank you, please go to
>http://yoursite.com/confirm.php?conf_code= . md5($their_email) to confirm
>your address;
>
>redirect to success page that says, thanks, please go check your inbox.
>
>(3
>
>
More information about the talk
mailing list