That still does not prevent a user from sharing the original url in the email. Anyone that visits the first page could see the second.
It seems like this is a moot point if you use authentication or email tickets, which would be a much more sound approach. Any solution you may come up with will not be secure since there is no unique way to identify the source as an email. Some web based email will show the referrer as the provider (gmail, yahoo) but client based applications (thunderbird or outlook) will have a blank referrer. -EW On Nov 11, 4:16 pm, Marcus Silva <[EMAIL PROTECTED]> wrote: > Hi, > > I am not sure if I got your question right, but if I did you might be > ok doing the following: > > Create an email hash key like Jon Bennett suggested, when the user > comes back to your site take > > make the user go to a url on your site where you can check the hashed > value, then send the user to another page, in that page check if the > referer ($this->refefer()) was the page the user visited originally > via the email link, only send the user to this page is the hash key > validates. > > That should work.... > > Hope it helps > > Cheers > > Marcus > > Another way > > On Nov 11, 8:38 pm, "Jon Bennett" <[EMAIL PROTECTED]> wrote: > > > > Yes i thought about this approach. But problem is that i need to make > > > access only through email, without restrictions in visit count. > > > In that case don't check for a key's count, jsut allow it. Still use a > > key though, ideally random per email sent out, something like: > > > $key = substr(md5($user['User']['name'].$user['User']['email']), 0, 20); > > > Only a really keen individual will bother trying to guess your hash > > key, so only valid urls will work. > > > I don't see how you can stop people from passing the urls around > > though if they can be used more than once. You can spoof the referrer, > > so I really don't know how you could police it effectively. > > > hth > > > jon > > > -- > > > jon bennett > > w:http://www.jben.net/ > > iChat (AIM): jbendotnet Skype: jon-bennett --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
