On 1/28/07, marc <[EMAIL PROTECTED]> wrote: > > > (Generate the hash by something like: > > > $hash = md5($newemail.$hiddenHash);) > > > > > > This method never times out. > > > > Thanks for the idea Marc. > > It's not my idea :-) This is standard procedure for this kind of update. > Been going on for millions of years. > > > I don't know much about this hash idea, and > > will read up on it a bit and see what I can come up with. Though I > > must admit, I'm not so sure I like the idea of them never timing > > out... > > Why? I know it's an obvious question, but better to ask why you believe > a time limit is necessary; what purpose does is fulfill?
Well perhaps nt much. But I do delete these pages after the time limit so I don't have a bunch of these temp pages filling my wiki. I also thought it might be more secure putting a time limit on them, that they would be less likely to get into the wrong hands--but I suppose that's not a big issue. > What you have is the user's email address stored somewhere - PmWiki page > or database. The user decides to change their email, so you create a > hash based on the new email and a secret string - something like: > > $hash = md5($newemail.$hidden_hash_var); > > - and email it back to their original email address > > $returnlink = "http://www.example.com/Site/ChangeEmailConfirm";; > $mail->Body = "\nFollow this link to confirm your email change:\n". > "$returnlink?hash=$hash". > "&email=".urlencode($newemail); Yes this could be done. It's a good idea. Either way. I'll think about it some more. It would be easy enough to do either with ZAP though I don't have a built in ZAP command, so that's another slight advantage to a non-hash approach. I would also have to dig in and learn the ins and outs of hashing... Thanks again, Marc, I am really enjoying learning so much from those of you with so much more experience. It's a great school, here at PmWiki! Cheers, Dan _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
