How to do an Encode/Decode function in Base62 with no obvious pattern in the Results?
I have a site where users must confirm their e-mail using a typical e-mail confirmation script with a specific (but long) Confirmation Link for each user that includes the usual hash parameter.
The problem I'm having is that some users are having problems with the long and complicated Confirmation Link due to the device they are using.
So I need to create an alternative way to generate the unique Confirmation Link for each user such that no pattern is obvious so that it cannot be figured out and abused.
I've been looking at Base62 encoding and decoding, but the one I found is based on numbers only, which would limit me to using the sequential unique User ID's, which then creates an obvious sequential pattern in the encoded results which could easily be abused.
Preferably, I want a solution that will not require me to alter the DB.
Ideally, I wo开发者_运维知识库uld like to basically create a shortened URL similar to how Bit.ly and other url shorteners create their unique URL's, but that can be encoded and decoded either off of the User ID, username, or e-mail, and preferably have the encoding/decoding "salted" with a unique key so that no pattern emerges in the encoded results.
EXAMPLE:
So instead of the confirmation link looking like:
http://domain.com/confirm?email=blah@blah.com&hash=1f3870be274f6c49b3e31a0c6728957f
I would like it to look like:
http://domain.com/confirm/Sg5rdn
Where I would then simply decode Sg5rdn to get the Username, User ID, or E-mail of the user and confirm them.
Is this even possible?
Instead, just create a table with confirmation codes. When a user should do a confirmation, create an unique code (using base62 or whatever), insert it into that table and assign it to the user id.
Then, when the user hits the confirmation link, just fetch the user id etc from the confirmation code table (and check that the code exists and still isn't confirmed etc).
I would suggest you store the code in a column in the user table: example table very shortened:
id--user---email--------------key-----confirmed----other stuff
1 bob bob@example.com 1h323f 1 ...
2 rob rob@example.com 18gg3f 0 ...
3 steve steve@example.com a862gf 1 ...
4 tom tom@example.com 17g23f 0 ...
As the user signs up for an account pre create the key and store it along with the username ect
Then when the link is clicked check for the key against the email, then update the confirmed to 1. You could use .htaccess on the link to make it even shorter:
RewriteRule ^confirm/(.*)/([a-zA-Z0-9]+)$ confirm.php?email=$1&hash=$2 [L]
eg:http://domain.com/confirm/tom@example.com/17g23f
Hope this helps
I'm afraid your expectations a bit exaggerated.
The only thing you can really do is to shorten a hash a little.
the only way to "decode" Username, User ID and E-mail out of Sg5rdn is to fetch them all from the database.
精彩评论