PHP login system: validate mail

Hello. What would be the best solution to properly validate the user‘s ownership of a certain email address? I already thought about generating a random string, storing the hash of it in a database and then sending the user a link to a php file with extension .php?code=randomString Then the php script checks if the hash of the password from the url of the email matches the hash stored in the database. Any ideas?

php script system get security login email server validate safety

14th Jul 2019, 9:54 PM

Niklas

4 Answers

+ 2

And where is the question? Looks like a solid plan and don't forget to delete the hash afterwards

14th Jul 2019, 10:06 PM

Lexfuturorum

+ 1

As long as you don't feed the get string in the sql querry there shouldn't be a problem Mby you should use htmlspecialchars() But now I'm a little bit worried about you password encryption. What's your plan of attack there

14th Jul 2019, 10:11 PM

Lexfuturorum

Lexfuturorum I‘m not very experienced in PHP safety so I wanted to ask whether this could be a good and safe solution. Sure, the hash will be deleted afterwards and a boolean for the column account_verified will be set to true.

14th Jul 2019, 10:08 PM

Niklas

Password? Secure question? Maybe easiest especially since you are not to experienced in PHP

14th Jul 2019, 10:19 PM

Dejan Francuz🥇