I am building a method for users of my website to link their accounts together, so that resources can be shared between them. My process so far is:
- 1) User enters email addresses of users he wants to link with.
- 2) If matches are found, these users receive an email.
- 3) Email contains a confirmation link. If the recipient clicks this, the connection between the two accounts will be formed.
I'm wondering how secure I need to be with this final step. My confirmation link is in the format: domain.com/link-confirm.php?fromid=xxx&toid=yyy
In theory, it would be possible for anyone to spoof this link, if they knew the user id of their target, thus setting up a connection without permission.
I tried hashing both user ids, then scanning through the user database for matches, but the password_verify function takes so long to run that the page times out (and that's with only 1000 users).
What I would like to know is: Does my plan above make sense? Is there a neater way of doing it? Am I right to be concerned about the spoofing (connecting the accounts does not in itself share any data between users, it merely makes it possible for either user to initiate)?
Thanks
