Codarz360 Posted August 24, 2011 Share Posted August 24, 2011 Hey, I'm wondering how to secure my unsubscribe link. Currently the link looks something like this delete.php?id=6 the number is the field id of the email address. However when if someone then changed the to delete.php?id=5 then the email address with the id 5 would be deleted. I have tried doing an MD5 but it doesn't seem to work. Any ideas I've been trying all day. Quote Link to comment Share on other sites More sharing options...
WebStyles Posted August 24, 2011 Share Posted August 24, 2011 you can do an md5 on the email... imagine you link becomes: delete.php?id=5&e=XXXKDGDHFGFTSGSJAAS (simulating md5 hash of email) then instead of deleting straight away, you first grab the email with id number = 5, apply md5 to it and check if result is the same as $_GET['e'], if it is, you're good to go. this way, a hacker would need to know the person's email, and also their id in the database. You could also add salt to your hash to make it even more secure. Quote Link to comment Share on other sites More sharing options...
Codarz360 Posted August 24, 2011 Author Share Posted August 24, 2011 Thanks for the help I will try that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.