2

アプリの招待メールを受け取ったときにユーザーが登録できるアプリケーションに取り組んでいます。現在、私が行っているのは、ユーザーに送信されてデータベースに保存される招待コードを生成することです。次に、ユーザーは、次のように、招待コードを含む電子メールで指定された URL に移動します。

http://myapp.com/user/register/56jk4564k6567kj686kjh56

ユーザーのメールのみを保存し、招待コードの送信を避けるなど、別のアプローチが優れているかどうか、私はさまよっていました。

また、招待コードを使用して、それらを暗号化する必要はありますか?

4

2 に答える 2

1

Invitation codes are probably best, as it serves to validate the email address, which means there is one less step to take when the user signs up. Normally you would have to send the user a secret code by email to check the email address is real - well, you've just done that!

One consideration is what happens if a user gets an invitation at one address then actually wants to use a different email address to sign up? Maybe they have more than 1 and want to use a different one? (work vs personal for instance) You'll need the code to validate the person is the same one.

As for Encryption, I wouldn't bother - if your database gets hacked and codes stolen it's easy enough to make new ones and send them out again.

于 2010-09-12T12:31:54.913 に答える
-3

yes, you can send a hash of email address along with the link:

 $email = 'foo@bar';
 $check = md5('SECRET' . $email);
 $link = "register?email=$enail&check=$check"

on the "register" page, compute the hash again and compare with the one in the link:

 $email = $_GET['email'];
 $check = md5('SECRET' . $email);
 if($check !== $_GET['check'])
    die("wrong link!");

upd: it's just an example, in the real life you should store the salt outside of the main code:

 $salt = get_salt_from_config_file();
 $check = md5($salt . $email);
于 2010-09-12T12:31:48.560 に答える