I'm working on a php/laravel-4 project, and we need to auto authenticate users coming from the links in the emails we send them, we need to have time limit for links so a link in email would not authenticate after the expire time is passed, I've come to this approach but I have some doubts about it's security:
first I make a md5 hash using user's email, timestamp and a secret key like this:
$timestamp = time();
$hash = md5($email . $timestamp . $secret_key);
then I can generate a url like this:
$url = "http://www.example.com/url?email={$email}&hash={$hash}×tamp={$timestamp}
so then I can check the timestamp (for time validation) and regenerate the hash and authenticate the user with the provided email, do you think it has any security flaw? if yes please suggest me the secure method.