doute3621 2013-10-21 12:10
浏览 76
已采纳

为网站创建激活链接,生成它的方法是什么?

I need to create an activation system for a website. The user registers, gets an email, then clicks a link with a secret key in the query string, and a script on my end decodes it.

My question is not on the programming itself, but rather, what is a good way of generating the link? Hashing was a thought but it is one way. Should I be encrypting something? Does anyone who has been tasked with this same thing have any insight?

Is there a way to do it that both: Does not store any secret code in the database, Does not put any obvious user info in the query string

The user is in a table with primary key id and other info. It does not need to be insanely secure but should not be easily breakable. I'm doing this with php. I couldn't find a similar question so if I have overlooked one I would appreciate a link.

  • 写回答

1条回答 默认 最新

  • douhuan3448 2013-10-21 12:20
    关注

    I have done this before by doing and md5 on the concatenated record id and email address. You could throw in a few extra characters or fields if you want. Then when the user clicks the link you just run the same select again to see if you get a match.

    // generate the key
select md5(concat(id,email,'Some custom text')) as `verification_key` from ...

// verify the user
select * from user where '$verifikation_key' = md5(concat(id,email,'Some custom text'));

    Then you can update the user record to mark as verified.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler
  • ¥15 关于#python#的问题:自动化测试