问题描述:

I'm fairly new to user authentication, but have built some standard user authentication processes in PHP. To get to the point I've been tasked to build a system that we can send out a mass e-mail blast to users that includes a link which the user can click on and be directly logged into the system.

I will probably be building this using codeigniter. If anyone could provide some direction on a procedure to follow or some tutorials on this it would be extremely helpful. Note: if they're not codeigniter specific that is completely fine.

网友答案:

The simplest way to do this would be to generate a hash based on the username and some kind of salt, and then put a link in the email something like http://some.url/loggedin.php?email=<email>&hash=<hash> that way the email can be used to look up the record in the db easily and the hash can be compared.

Hope that helps

网友答案:

I worked on it before!i had a members table with following fields :

  `username` varchar(20) NOT NULL,
  `password` varchar(255) NOT NULL,
  `email` varchar(255) NOT NULL,
  `firstname` varchar(255) NOT NULL,
  `lastname` varchar(255) NOT NULL,
  `birthday` int(11) NOT NULL,
  `status` varchar(20) NOT NULL,
  `regDate` int(11) NOT NULL,
  `lastLogin` int(11) NOT NULL,
  PRIMARY KEY (`username`)

when clients attempt to signup, you must give their username, password, email, firstname, lastname, birthday then insert a record in the table!but set status to 'pending' and send an email with hashed username to email that contain an url like this http://www.mysite.com/signup.php?id=XXXXXXXXXXXXXXXX(hashed username)

you must prevent to login users who their status are 'penidng'

when a user come back but her/his url that send to email check your table that is verifyed or not if it's ok update status to for example 'normal' you can use status in future for something like blocking user and set status to block if you want to block a user

相关阅读:
Top