Posted by Philip Ronan on 07/20/05 17:51

"Dave Smithz" wrote:

> I'm going to try it again with a real link now (link to this posting)
>
> <http://groups.google.co.uk/group/comp.lang.php/browse_thread/thread/1cb1b4c32
> adc20ac/6734c79bc12f98e8?q=Re:+Email+URL+to+plaintext+receivers+-+URL+being+tr
> uncated(UsingPHP+Mailer)&rnum=1&hl=en#6734c79bc12f98e8>

Oops. that didn't work for me either -- the link ended at "...Mailer)". :-(

>> http://www.example.com/jump.php?to=1
>> http://www.example.com/jump.php?to=2
>> http://www.example.com/jump.php?to=3
>
> Sounds like a good idea but two problems. The link is like a confirmation
> link and there needs to be no chance of you guessing someone else's link.

The keys don't have to be consecutive numbers, just unique values. For
example, you could prefix each key with a random 8-digit number. That way
the success rate of random attacks would only be 1 in 100 million.

> Secondly I had not budgeted for building this. As in I've already done a lot
> of overtime for client and as they send out thousands of URL links so I
> would have to think about implementing a new table etc.

Well like I said it isn't a massive amount of work. But as long as your
links are RFC 2396 compliant then you can at least defend your work when the
client complains ;-)

> Looks like I'll have to create a HTML email and then a text part to that
> email that has a text box where the user just types in their code into a
> form text box. Unless any other good ideas.

A text part with a text box? You lost me there...

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

[Back to original message]