That sounds mighty secure, but I think he's trying to verify that the
email address does indeed belong to the person creating an account.
I use the following two functions to create a random number, and then I
insert it into the DB. Then I send a URL inside the confirmation email
that points to a script for verification of the random number. (The
parameters of the URL are the random number and username for that
particular account.)
function seed() {
list($usec,$sec)=explode(' ',microtime());
mt_srand($sec * $usec);
}
function mk_random($size) {
// $size is the number of digits in $num
$num = '';
seed();
for($i=0; $i<$size; $i++) {
$num .= mt_rand(0, 9);
}
return $num;
}
Matt
|-----Original Message-----
|From: rhelms@linux [mailto:rhelms@linux] On Behalf Of Ruprecht Helms
|Sent: Sunday, February 09, 2003 1:51 PM
|To: Davy Obdam
|Cc: PHP-DB; PHP-WIN; PHP
|Subject: [PHP-WIN] RE: [PHP-DB] Confirmation e-mail
|
|
|Hi Davy Obdam,
|
|>[...]
|> My question is what would be the best approach to achieve
|this? How is
|> this usualy done?
|
|Storing the password in encrypted form in a database. The
|confirmationmail you can write with the normal mailcommand
|using addslashes. The securest way if the password was
|randomly generated is to presend the resultpage via a
|ssl-connection and without sending a mail or the mail must be
|protected. So a hacker can't sniff the password.
|
|Regards,
|Ruprecht
|
|----------------------------------
|Ruprecht Helms IT-Service und Softwareentwicklung
|
|Tel/Fax.: +49[0]7621 16 99 16
|Homepage: http://www.rheyn.de
|email: [EMAIL PROTECTED]
|----------------------------------
|
|--
|PHP Windows Mailing List (http://www.php.net/)
|To unsubscribe, visit: http://www.php.net/unsub.php
|
|
|
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
