No it is not e-mail activation, it should work so: admin prepares some order with products, then send email to user, user click link and gets order, and checkout it. I know all how to implement this except email part, also know how email auth works, just trying to find best solution. :) Another idea i have come is to generate some pass, and allow access url only with pass.
On Nov 13, 1:27 am, Mathew <[EMAIL PROTECTED]> wrote: > I'm a little confused as to what your really trying to do, but I think > I understand. > > You want to do e-mail activation while preventing an intruder from > stealing the authentication URL which identifies the target user's e- > mail address that was used to authenticated. > > I hope that makes some sense? > > The only way to do this is to force the user to authenticate during > the duration of a session. When they request that their e-mail address > be authenticated you send them an e-mail, with the users ID in the > URL, when the user receives the e-mail they follow the URL, and > authentication is performed with data in the session, and not a hashed > key. > > I've seen online Banks do things like this. > > This only works for users who's e-mail will allow the delivery of the > e-mail within the duration of a session, and who are given clear > instructions that the session must be maintained to complete > authentication. > > Any users who end the session during this process will have to request > a new activation e-mail. > > This solves the problem of the intruder or the user sharing the e-mail. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
