thanks for that Berend, have come up with a solution:
the link has email address appended and a hashed email address appended ie: form.php?h=heu9oghsodiug&[email protected]&eh=huieghsuilehgeslhgs so when going to the form: 1. know what form they want to view 2. what email address (user) they are 3. and they permitted to view the form (compares email to the email hash in link) If person is logged in, shows them form otherwise: prompts for password to accompany their unique email address if not a user yet, allows them to create a password which then emails them a link to activate their account. once they have activated the account, they can then click on the original form again and login and view the form. ------ this should make the login process simple, secure and the registration system very simple any comments on the above security? or enhancements they would make? On Wed, Sep 29, 2010 at 11:51 AM, Berend de Boer <[email protected]> wrote: >>>>>> "Brendan" == Brendan Brink <[email protected]> writes: > > Brendan> The client wants to know is there a way to make it more > Brendan> secure without forcing a username / password security > Brendan> feature on the system ...as the ability to click on a > Brendan> link in an email to go through to the form works > Brendan> efficiently... > > So the client wants to follow a link without having to prove their > identity... > > Sorry, ain't going to work. > > You can constrain access by ip address (or reverse ip address), that's > the only option. And you would have to add new ip addresses for people > who are also allowed to view this. > > > But I don't understand why clients can't use the remember password feature... > > -- > All the best, > > Berend de Boer > > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] -- Kind Regards, Brendan Brink SMS Marketing Consultant | Manager Sell2Cell Ltd. 021 0246 1646 | [email protected] | www.sell2cell.co.nz We provide customized, cost-effective SMS & Web Solutions Need a website? Need to integrate text-messaging into your business or website? Contact us today for a free no-obligation quote! VISIT OUR ASSOCIATED WEBSITES: textvouchers.com | textguru.co.nz WARNING This email contains information which is CONFIDENTIAL and may be subject to LEGAL PRIVILEGE. If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy the email or attachments. If you have received this in error, please notify us immediately by return email, facsimile, or telephone (call us collect). -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
