|
|
Posted by robert on 09/28/90 11:46
"robert" <ab@no.spam-alama-ding-dong> wrote in message
news:0eJ5g.3$5v.0@fe04.lga...
| |I wonder if anyone has any idea how to build or where to find this
|| function: After processing a (mail) form the sender gets an email asking
|| them to verify their sent data by clicking on a link in the mail. After
|| clicking the form data are sent to the correct recipent (and thus
verified
|| by the sender).
|
| that's a pretty common feature...usually seen in "forgot password?"
| scenarios. all you need is a table that holds a security key - usually in
| the form of md5(uniquid(rand())) - along with the user name of the person
| who forgot their password. the email contains the link (ex.
| http://mydomain.net/reset.password.php?key=ab4390skdfj23489sdfjlllllllll
....
| or whatever). the table should also store the date/time that it was used
| (after they successfully reset their password).
|
| that's the basic gist of it. i'm not sure what you're calling a "mail"
| form...but essentially, you need a key that you generate and an email
| address which you will store in a table...the recipient will click the
link
| w/n the email and the page specified in the link will look up the address
| and key and see if it matched $_REQUEST['key']...if it does and it hasn't
| been used before, then allow them whatever functionality you were trying
to
| secure...else, balk at them furiously that they've either used the key
| before and it's no longer valid or that it appears they're trying to hack.
final thought...an automated hack can be set up against this bare-bones
method. i'd advise implementing at least a place where the processing page
asks again for their user name, substitues the key we gave them, and then
asks for another security key (that you generate and place in an image
displayed on the screen). it is best if the image itself has additional
letters/numbers in it with the security key overlayed on top...dell
computers has one of the purdiest i've seen but usually, any company's logo
shrunk to a small size and repeated as the image's background will suffice.
i've done this for several companies and most love it...toyota was thrilled
with theirs (plus the above methodology)...but anyway.
Navigation:
[Reply to this message]
|