Validate the Authenticity of a User For Site Subscriptions
Question
I have a web application that creates user accounts, but I would also like to have the ability to have users that can sign up for subscriptions without accounts. All they have is a subscription page to modify email settings and enable the newsletter subscription.
My questions is how do I verify that the user is who they say they are without a username/password, and my second is how should they access this page. I dont want just anyone typing in the url with the email and access subscription settings for that user.
1 answers
solution1
1 ACCPTED 2012-11-16 16:14:49
For each user entry you create a unique access code that you use in the url in order to validate that this is the user you want. The subscription form will give these options:
- subscribe by filling in your email
- request to change your settings by just putting your email to another field
both action will send an email to you with a special url
- the first to validate that this is made by you so you will enable this user & his email
- the second to send him another special url to make any changes to his settings in the case that this use is active in your database.
For this unique code you can use md5 of his email with a timestamp when he was registered.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.