Page 1 of 1

hiding e.g. ?id=12

Posted: Tue Jul 29, 2003 5:41 pm
by jamrop
When someone registers on my site, php sends an email with a link to activate their account. The link goes as validate.php?member_id=$member_id'
I wanted to know if u could hide the member_id and disguise it. So instead of member_id=12 , could it be like member_id=123h1o280hdf90

the code

Code: Select all

<?php
$id="select member_id, username from members where username = '$username'";
$rs=mysql_query($id,$db);
while ($r = mysql_fetch_array($rs))
{
$member_id = $r["member_id"]; 
}
					
$headers = "MIME-Version: 1.0\n"; 
$headers .= "Content-type: text/html; charset=iso-8859-1\n"; 
$headers .= "From: info <info@ad.co.uk>\n";
$subject = "Member Details";
$body ="<html><head></head><body>Welcome $username for joining AdHudd.  
Your username is $username and your password is $password. 
Please keep these details safe
<br><br><br>To validate you account please 
<a href='http://www.supre.co.uk/validate.php?member_id=$member_id'>
click here</a></body></html>";

?>
many thanks

Posted: Tue Jul 29, 2003 5:59 pm
by mikusan
md5();
That's what i do to unsubscribe people from my mail-list i md5($email) and then concatenate it with the link.

If i wasn't clear enough tell me. But it's quite straightforward.

Posted: Tue Jul 29, 2003 6:12 pm
by jamrop
Not sure if i get u. How would md5 disguise the member_id??

i have tried md5 with logins but they never seem to work

many thanks

...

Posted: Wed Jul 30, 2003 1:08 am
by kettle_drum
I would suggest just using base64 as md5 is one wy so the page couldnt decrypted it and find out the user.

Just base64 all the info you want and then pass that as a variable in the url. Then get the page to take the variable, decode it and use the info.

Posted: Wed Jul 30, 2003 5:04 am
by mikusan
md5() is a tool to check if the original entry corresponds to the stored entry. Say for example my unsubscribe from mail list.
I don't want people unsubscribing someone they know the email of, so to make sure it is only the receiver of the newsletter to unsubscribe I take a secret server keyword, concatenate it to the email, md5() the whole thing and truncate so that only the first 8 show.

The result is that the person receives the newsletter with somehing like http://www.mydomain.com/?action=unsubsc ... d=dk235z1c
I catch the ud using $_GET['ud'] and then check that if i take any email from the database and do the encrypt process i did above i get a result, then delete it.

In my case i wanted to cut on loop-time so i included an encrypted 8 varchar in every row beside each email, so i could directly check it, but that is eventually up to you!

Posted: Wed Jul 30, 2003 7:10 am
by m3mn0n
Reference material: http://www.php.net/md5