Member Avatar for MDGM

Hi all,

I have a registration form on my website which once filled in, it sends an email to the user with a link to "verify their email address". This link holds all of the information entered by the user in the form and looks something like this:

http://www.example.com/confirm.php?firstname=john&lastname=smith

When the user clicks the link the php script on confirm.php gets the values from the address bar and enters them into the database.

however the address bar also holds passwords and usernames etc and so it would be very easy for somebody to steal the user's username and password, so for this reason i need to encrypt the values of the field data held in the address bar. They can be decrypted on the confirm.php page if needed.

Thanks for the help,

Max

  • 4 Contributors
  • 4 Replies
  • 166 Views
  • 19 Hours Discussion Span
  • Latest Post Latest Post by MDGM
Member Avatar for buddylee17

Most good encryption methods don't have simple decryption. However, if something simple will work, you can use base64_encode and base64_decode.

Member Avatar for lordspace

You can do 2 things:

#1 The confirmation script has to be changed to verify the user only by userid + hash e.g. phpbb2 and phpbb3

#2 buy an SSL certificate for your domain

Slavi

Member Avatar for ryan_vietnow

Use post method so variables will not be seen in the address.

Member Avatar for MDGM

Thanks for the help everybody,

Iv just gone for the simplist one - base64. i actually looked into this before posting this thread but for some reason dismissed it because i thought it wouldn't work! :P

The other methods at the moment are a bit out of my skill level but they will be useful for other people looking on this forum or possibly myself later in my php career :)

Thanks for the help,

Max

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.