Hello,
On 08/29/2004 07:13 PM, Frzzman wrote:
I'm adding some verification into my user database manager. After a while I come up with some ideas about asking user to verify their email address when they change their email address.
But, the strategy is a lil confusing for me.
When they change the email address. Where should the verification code be emailed to? Of course it's not the new addy, but what will happen if their old addy became unusable (so they change), can you guys come up with some ideas? I'm confusing...
The strategy that I use in the PHP Classes site is to send a message to the new address with a special URL that includes information about the new account identification, the new e-mail address and an authetication token that is the result of combination of the new address and a random secret key stored in a special field of the account for that purpose.
This prevents that any user forge e-mail address change request URLs. If the combination of the secret key and the new address do not match the token sent.
If you are not a subscriber, subscribe in http://www.phpclasses.org/ and try it yourself to see it working in practice.
--
Regards, Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
