2013-10-21 12:10
浏览 76


I need to create an activation system for a website. The user registers, gets an email, then clicks a link with a secret key in the query string, and a script on my end decodes it.

My question is not on the programming itself, but rather, what is a good way of generating the link? Hashing was a thought but it is one way. Should I be encrypting something? Does anyone who has been tasked with this same thing have any insight?

Is there a way to do it that both: Does not store any secret code in the database, Does not put any obvious user info in the query string

The user is in a table with primary key id and other info. It does not need to be insanely secure but should not be easily breakable. I'm doing this with php. I couldn't find a similar question so if I have overlooked one I would appreciate a link.

图片转代码服务由CSDN问答提供 功能建议

我需要为网站创建一个激活系统。 用户注册,获取电子邮件,然后单击查询字符串中带有密钥的链接,我端的脚本对其进行解码。

我的问题不在于编程本身, 但是,产生链接的好方法是什么? 哈希是一种思想,但它是一种方式。 我应该加密一些东西吗? 任何负责同样事情的人都有任何见解吗?

有没有办法做到这两点: 不在数据库中存储任何密码, 不要在查询字符串中放置任何明显的用户信息

用户位于具有主键ID和其他信息的表中。 它不需要疯狂安全,但不应该容易破碎。 我用php做这个。 我找不到类似的问题所以如果我忽略了一个我会很感激的链接。

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douhuan3448 2013-10-21 12:20

    I have done this before by doing and md5 on the concatenated record id and email address. You could throw in a few extra characters or fields if you want. Then when the user clicks the link you just run the same select again to see if you get a match.

    // generate the key
    select md5(concat(id,email,'Some custom text')) as `verification_key` from ...
    // verify the user
    select * from user where '$verifikation_key' = md5(concat(id,email,'Some custom text'));

    Then you can update the user record to mark as verified.

    解决 无用
    打赏 举报

相关推荐 更多相似问题