Page 1 of 1

secure hyperlink??

Posted: Mon Feb 21, 2005 8:23 pm
by C_Calav
hey guys,

i need some advice or the best way possible..

my mail() (which i got working after yesterday, thanx guys) loops and sends out a link to the users in a table.

now i want to know the best way on how to do this with regards to the link.

it needs to be secure so only the person can open the link through the email. cant type the address in or give the address to someone else to type it in and access it.

is this possible?

thanx,

Posted: Mon Feb 21, 2005 8:30 pm
by Chris Corbyn
it needs to be secure so only the person can open the link through the email. cant type the address in or give the address to someone else to type it in and access it.
Do you mean... you need the server to check where the link was opened from? Do u mind if I ask why... surely if it is opened from another location then the user had viewed it in the email originally.

Don't forget one thing.... some email clients only support plain text....

8)

Posted: Mon Feb 21, 2005 8:48 pm
by C_Calav
hi,

no i dont mind telling you. if there is a better was of doing what i want then ill go with that!

bassically i have made a survey content mangement system for work. now when they launch the survey it sends a link to all the users.

now i only want those users to be able to open it. or view it.

i dont want them to tell someone else the link, then they go and fill it out.

i need some kind of security, i dont exactly know what can be possible.

any suggestions or if you want to know more just ask!

thanx

Posted: Mon Feb 21, 2005 9:54 pm
by feyd
If these users are on the same network, you may be able to use their known IP/network controlled username. You can match the specific user with a unique key that fits only their user (which you should reverify, potentially with multiple pieces of data). Making the survey only work once per email can help too.. but in the end, there's no universally safe system unless there are very narrow areas you can restrict the data down to.. (like knowning the user's IP ahead of time or similar things)

Posted: Mon Feb 21, 2005 10:31 pm
by magicrobotmonkey
if these users have passwords, you can send the userid and some other unique thing in the link and when they click they are prompted to log in and the password and unique thing are checked. And once the unique thing is used, it cannot be used again.

Posted: Tue Feb 22, 2005 3:20 pm
by C_Calav
hi guys,

thanx for your replys given me alot to think about.

feyd: the users are not on the same network.

magicrobotmonkey:

i think i might go with this idea. ill send them a username and random password in the email with the link to the survey.

how can i set it up so they can only do the survey once? would i set some kind of flag in the user table once they click submit so it is recorded somewhere that they have complted it?

anyone else got anyother ideas?

magicrobotmonkey, i hope i have all this right, if there is anything i am missing would be good if you let me know!

thanx

Posted: Tue Feb 22, 2005 3:55 pm
by feyd
that's how I was suggesting it.. ;)

Posted: Tue Feb 22, 2005 4:12 pm
by C_Calav
feyd,

is there a way i can make the survey secure WITHOUT a username and password?

BUT with checking going on behind the scenes, randomID's etc

i guess this is what i was asking in the first place :roll:

Posted: Tue Feb 22, 2005 5:44 pm
by feyd
generate a long id.. like through uniqeid() and sha1()/md5() to generate a ~unique identifier that you store against the user's account (in regards to the survey). When the user hits the link you pass (with that identifier) you mark the survey for that user as being in use, i.e. it'll deny all further requests using that id (unless the session times out, which should be kinda short, like 15 minutes) .. once the form is submitted and verified, it should remove the id from available id's.

Understand?

Posted: Tue Feb 22, 2005 6:25 pm
by C_Calav
to be honest feyd, not really.

not that you didnt explain it right, just a bit over my head.

this is a big part of my system i am building so i need to do this right. it has to be just for the user with the link.

if i do it the way you explained, will i still need a username and password? or will this take its place?

thanx

Posted: Tue Feb 22, 2005 6:56 pm
by feyd
it's best to verify that it is indeed them.. it doesn't absolutely require it, but for added security (because the email could be intercepted/read by someone else) I would have them enter the information.

here's a rough example of what I was talking about (untested) ::

list creation:

Code: Select all

$userssql = 'SELECT `username`, `user_id` FROM `user` WHERE `somefield` = ''test me''';
$users = mysql_query($userssql) or die(mysql_error());

while($user = mysql_fetch_assoc($users))
{
  list($prefix) = explode(' ', microtime());
  $hash = sha1(uniqid($prefix . mt_rand(), true)); 
  // insert the id (null), user id, generated hash, and the current state 'email not sent' (0).
  $insert = 'INSERT INTO `user_survey` VALUES(NULL, ''' . $userї'user_id'] . ''', ''' . $hash . ''', ''0'')';
  if(mysql_query( $insert ))
    echo $userї'username'] . ' inserted.' . "\n";
  else
    echo $userї'username'] . ' failed to insert.' . "\n";
}
do your mass mailing script where it updates the user_survey table with a new state 'waiting for page request' after each successful mail(). This can be used so you know where to restart from if and when you hit the limit of emails you can send in a batch.

When the page request comes in: match the user who logs in with the hash used, check that the record exists, and that the record is still waiting for a page request. At this time, update that record to reflect that it is in use. Display the survey. When they are finished, mark the record as dead or delete it.

How about now?