开发者

Should I use the md5 password of a user to verify his account through email?

I am creating a register form and I will have an email verification. The email will have an activation link that will update verified column from 0 to 1. Since the user's password is hashed with md5 I thought instead of creating a new column with a random number to use as verification, I thought to use his password.

So instead of *domain.com/verification.php?token=new_random_number* I will have domain.com/veri开发者_如何学Gofication.php?token=md5

How do you find this ?

This is of course just to avoid one column.


Generate a new random ID for the explicit purpose of the email, then you can invalidate/clear the ID after the user has performed the account management action.


you can use something like :
$secret_word ='COMPLEX-WORD-HERE';
$validation_token = substr(md5($user_password.$secret_word),0,10);
I highly recommend using username instead, since it's unique per user
101% secure :)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜