hiding e.g. ?id=12

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jamrop
Forum Commoner
Posts: 80
Joined: Fri May 16, 2003 5:38 pm

hiding e.g. ?id=12

Post by jamrop »

When someone registers on my site, php sends an email with a link to activate their account. The link goes as validate.php?member_id=$member_id'
I wanted to know if u could hide the member_id and disguise it. So instead of member_id=12 , could it be like member_id=123h1o280hdf90

the code

Code: Select all

<?php
$id="select member_id, username from members where username = '$username'";
$rs=mysql_query($id,$db);
while ($r = mysql_fetch_array($rs))
{
$member_id = $r["member_id"]; 
}
					
$headers = "MIME-Version: 1.0\n"; 
$headers .= "Content-type: text/html; charset=iso-8859-1\n"; 
$headers .= "From: info <info@ad.co.uk>\n";
$subject = "Member Details";
$body ="<html><head></head><body>Welcome $username for joining AdHudd.  
Your username is $username and your password is $password. 
Please keep these details safe
<br><br><br>To validate you account please 
<a href='http://www.supre.co.uk/validate.php?member_id=$member_id'>
click here</a></body></html>";

?>
many thanks
User avatar
mikusan
Forum Contributor
Posts: 247
Joined: Thu May 01, 2003 1:48 pm

Post by mikusan »

md5();
That's what i do to unsubscribe people from my mail-list i md5($email) and then concatenate it with the link.

If i wasn't clear enough tell me. But it's quite straightforward.
jamrop
Forum Commoner
Posts: 80
Joined: Fri May 16, 2003 5:38 pm

Post by jamrop »

Not sure if i get u. How would md5 disguise the member_id??

i have tried md5 with logins but they never seem to work

many thanks
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

...

Post by kettle_drum »

I would suggest just using base64 as md5 is one wy so the page couldnt decrypted it and find out the user.

Just base64 all the info you want and then pass that as a variable in the url. Then get the page to take the variable, decode it and use the info.
User avatar
mikusan
Forum Contributor
Posts: 247
Joined: Thu May 01, 2003 1:48 pm

Post by mikusan »

md5() is a tool to check if the original entry corresponds to the stored entry. Say for example my unsubscribe from mail list.
I don't want people unsubscribing someone they know the email of, so to make sure it is only the receiver of the newsletter to unsubscribe I take a secret server keyword, concatenate it to the email, md5() the whole thing and truncate so that only the first 8 show.

The result is that the person receives the newsletter with somehing like http://www.mydomain.com/?action=unsubsc ... d=dk235z1c
I catch the ud using $_GET['ud'] and then check that if i take any email from the database and do the encrypt process i did above i get a result, then delete it.

In my case i wanted to cut on loop-time so i included an encrypted 8 varchar in every row beside each email, so i could directly check it, but that is eventually up to you!
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Reference material: http://www.php.net/md5
Post Reply