Linking two user accounts together

Question

I am building a method for users of my website to link their accounts together, so that resources can be shared between them. My process so far is:

• 1) User enters email addresses of users he wants to link with.
• 2) If matches are found, these users receive an email.
• 3) Email contains a confirmation link. If the recipient clicks this, the connection between the two accounts will be formed.

I'm wondering how secure I need to be with this final step. My confirmation link is in the format: domain.com/link-confirm.php?fromid=xxx&toid=yyy

In theory, it would be possible for anyone to spoof this link, if they knew the user id of their target, thus setting up a connection without permission.

I tried hashing both user ids, then scanning through the user database for matches, but the password_verify function takes so long to run that the page times out (and that's with only 1000 users).

What I would like to know is: Does my plan above make sense? Is there a neater way of doing it? Am I right to be concerned about the spoofing (connecting the accounts does not in itself share any data between users, it merely makes it possible for either user to initiate)?

Thanks

Answer 1

You can just encrypt both id values and after obtaining it from get - decrypt them, hashes don't need to be used here. That way it will take thousands of years for somebody to brute force spoof them.

Answer 2

What you could do is generate some unique data per account linking request and require that unique data to be sent with the linking acceptance request.

So for example user A requests to link with user B, you store the request with some unique data like a random hash and a timestamp, and then when user B clicks "accept" in his email, he is sent to a page on your server. The link in the email contained the unique data that is submitted to the page. You check if the unique data is indeed the data that was generated when user A submitted the request, and, if so, boom, users linked.