Standard procedure for confirming email for a web app
I have created a web app that is almost finished. I need it to confirm new emails. I just want to know if the these are the right procedures for that, because I'm not familiar with this.
I create a new table called "confirmEmails" with only one column with uniqueId. A unique Id is created with PHP: uniqueid()
which is created directly after a user hit the submit button. And the php script stores it on the table. An email is sent together with a link www.dom开发者_如何学Goain.com/confirmEmail.php?uniqueId=kushfpuhrufhufhfhuhfheriufhehu. I have an another php script called confirmEmail.php that gets the value if uniqueId through the link with $_GET['uniqueId'];(maybe I shall use post instead her). And now it stores the new email in table called user
Is it right procedures? Pls give me some feedback!
Your description says that you have only one column in your unique table. You need to associate the unique Id (token) with the specific user you validate. Otherwise a user could confirm a fake address using another user's unique id.
You could put the unique id in a column of the user table to make sure the right unique id used for activating an account.
Note: Another way would be to create a activation token from the user id and some secret in your configuration, such as sha1($userid . 'yourSecret')
. With that you would not need to store additional data, but it is not possible to guess this token without knowing your secret.
That sounds like it would work fine. Seems like the standard now a days.
精彩评论