开发者

How to allow anonymous users to edit their posts by providing it's password? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 8 years ago.

Improve this question

I need some help with a small Classfieds site I'm currently trying to build.

I am letting users publish their classfieds for free and without registering. But I also want to let them be able to edit their classfieds at a later po开发者_运维知识库int. That's why I am asking them to provide a password for their classfied.

What I need to do and can't accomplish is:

  • Show a "login" form to the user
  • He has to provide the ID of the classfied ( he knows it, it's in the description)
  • he has to provide the password he entered when creating the classfied

If those 2 match he is redirected to the edit page of the classfied.

The password is saved in the classfieds table. I can save it as a string or if your example needs it to be hashed, as a hashed_password + salt ( doesn't matter to me ).

Thank you for your help!


I think I'd skip the password part:

As they visit the site for the first time, assign them an authentication token and store it in a cookie. If they've the authentication token for the classified, they may edit for a day or two (short enough that you cannot brute force a token). No password needed.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜