0
PHP login system: validate mail
Hello. What would be the best solution to properly validate the user‘s ownership of a certain email address? I already thought about generating a random string, storing the hash of it in a database and then sending the user a link to a php file with extension .php?code=randomString Then the php script checks if the hash of the password from the url of the email matches the hash stored in the database. Any ideas?
4 Respuestas
+ 2
And where is the question?
Looks like a solid plan and don't forget to delete the hash afterwards
+ 1
As long as you don't feed the get string in the sql querry there shouldn't be a problem
Mby you should use htmlspecialchars()
But now I'm a little bit worried about you password encryption.
What's your plan of attack there
0
Lexfuturorum I‘m not very experienced in PHP safety so I wanted to ask whether this could be a good and safe solution.
Sure, the hash will be deleted afterwards and a boolean for the column account_verified will be set to true.
0
Password? Secure question? Maybe easiest especially since you are not to experienced in PHP