PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
when my user registers an email is sent to admin;
admin decides whether to load user into DB.
If they load user into db they click a link in an email message
which launches the validation.php page. this link contains the user
db id and secure id.
On user's signup generate a random string, include it in the url and in the DB in someway (preferably in a separate table with user_id, random_str fields) and modify your code to use it
There are 10 types of people in this world, those who understand binary and those who don't
0. You didn't tell me what you are doing so I've decided that it is the issue.
1. I believe that your defense at conceptual layer is hard enough (a longer secure_id would be better) ...
2. Security issues could be found in validate.php (SQL injections etc.) - recheck your code.
There are 10 types of people in this world, those who understand binary and those who don't
I have worked my code to protect against sql injections
with my registration page. My validation page sets a single
value from zero to one, a flag of sorts to see if the user has
been cleared by admin for use of the website.
@superdezign - it's well known aproach - email validation by using "unique URLs" (I think that it is even patanted - by some company with "bird" in its name). If krraleigh uses only id=bla-bla links it becomes very easy to guess it by simple for loop. One could then approve his self without beeing approved by the admins.
There are 10 types of people in this world, those who understand binary and those who don't
You may use a backend administration written in PHP. It should be able to view the queue of aprovement waiting users and some actions impemented - aprove, delete etc. The backend must be accessable only by your admins by using a login page.
In this case the only security risk is in the authorization stage.
There are 10 types of people in this world, those who understand binary and those who don't