How does the system know if the person is logged in? On Sep 29, 12:00 pm, Brendan Brink <[email protected]> wrote: > thanks for that Berend, > > have come up with a solution: > > the link has email address appended and a hashed email address appended > > ie: form.php?h=heu9oghsodiug&[email protected]&eh=huieghsuilehgeslhgs > > so when going to the form: > > 1. know what form they want to view > 2. what email address (user) they are > 3. and they permitted to view the form (compares email to the email > hash in link) > > If person is logged in, shows them form otherwise: > > prompts for password to accompany their unique email address > > if not a user yet, allows them to create a password which then emails > them a link to activate their account. > > once they have activated the account, they can then click on the > original form again and login and view the form. > > ------ > > this should make the login process simple, secure and the registration > system very simple > > any comments on the above security? or enhancements they would make? > > On Wed, Sep 29, 2010 at 11:51 AM, Berend de Boer <[email protected]> wrote: > > > > > > >>>>>> "Brendan" == Brendan Brink <[email protected]> writes: > > > Brendan> The client wants to know is there a way to make it more > > Brendan> secure without forcing a username / password security > > Brendan> feature on the system ...as the ability to click on a > > Brendan> link in an email to go through to the form works > > Brendan> efficiently... > > > So the client wants to follow a link without having to prove their > > identity... > > > Sorry, ain't going to work. > > > You can constrain access by ip address (or reverse ip address), that's > > the only option. And you would have to add new ip addresses for people > > who are also allowed to view this. > > > But I don't understand why clients can't use the remember password > > feature... > > > -- > > All the best, > > > Berend de Boer > > > -- > > NZ PHP Users Group:http://groups.google.com/group/nzphpug > > To post, send email to [email protected] > > To unsubscribe, send email to > > [email protected] > > -- > Kind Regards, > > Brendan Brink > > SMS Marketing Consultant | Manager > Sell2Cell Ltd. > > 021 0246 1646 | [email protected] |www.sell2cell.co.nz > > We provide customized, cost-effective SMS & Web Solutions > Need a website? Need to integrate text-messaging into your business > or website? Contact us today for a free no-obligation quote! > > VISIT OUR ASSOCIATED WEBSITES: textvouchers.com | textguru.co.nz > > WARNING This email contains information which is CONFIDENTIAL and may > be subject to LEGAL PRIVILEGE. If you are not the intended recipient, > you must not peruse, use, disseminate, distribute or copy the email or > attachments. If you have received this in error, please notify us > immediately by return email, facsimile, or telephone (call us > collect).
-- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
