0

I want to use html form for submitting some data/info as email to specific(one) recipient with specific/unique generated link, so when the recipient get the email with the info and generated link, he could click the link and confirm this information by sending another email(email address filled in the html form) with some confirmation text.

So in short:

Form submit --> request email sent to the recipient with generated confirmation link --> if confirmation link is clicked, then send email to address from the Form submit.

Basically I know how to make a proper html form and send the email to specific recipient, but I don't how to generate a link(would this be enough: $generatedKey = sha1(mt_rand(10000,99999).time().$email);?), and how to send email to the address from HTML form when confirmation is approved?

Now, I've being thinking about this, and I came up with the following scenario, but I don't understand how to transfer the sender email(the one that filled in the HTML form):

Confirmation linked clicked --> landing on the page and request authorization --> proceed to inner PHP script with auto sending email to the email address from HTML form(how do I get it?!).

Improve this question
18
  • 1
    Generating unique values in PHP seems to be tricky. You could use an online GUID generator e.g. uuidgenerator.net/api to get unique IDs to use in your confirmation email. As for the rest of the question I'm confused as to where a HTML form submit comes into it? Surely the user just clicks on the confirmation link, which goes to the URL. The script verifies that the GUID is valid and not been used before, and sends an email. What would be the need for a form? If the user already completed their info in the first form, why would you make them re-confirm it? It will look like phishing Commented Nov 22, 2017 at 14:52
  • @ADyson why is it tricky? Commented Nov 22, 2017 at 14:52
  • 1
    why are you avoiding DB? You could use a file system but..... that's like a DB but without most the benefits Commented Nov 22, 2017 at 15:00
  • 1
    If I know your email address and have access to unixtimestamp.com then I can easily generate those 10k possible sha1 outcomes (from your mt_rand) and can find one that works within minutes. Actual minutes. Commented Nov 22, 2017 at 15:04
  • 1
    why use DB if there's no need for it? This question raises an absolutely perfect need for it. Commented Nov 22, 2017 at 15:05

1 Answer 1

Reset to default
2

This is longer than a comment so I set as an answer summarising our extensive comments below the question.

Due to the OP stating they wont be using Databases to track data then it seems fairly impractical [for me] to provide a solution that doesn't use databases. There are other methods (filesystem / cookies / sessions) but these suffer significant shortcomings such as security, reliability and/or practicality.

Recommended reading:

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

"You may like to know that in the UK nonce can also refer to someone of a lower than average intelligence." I don't know if the meaning has evolved over time but these days it usually refers to a paedophile.
@Martin thanks, but since you say it would be a good thing to use DB for this case, could you please share you knowledge and recommendations of how to make this correct(just a short-scenario)?
@xoxacika I'm sure there are many questions on SO already for this. It's a big topic if you're brand new to databases... :-/
@Martin I've heard it used that way in plenty of other settings. Maybe it's only gained that meaning since the advent of Brass Eye, I don't know (was too young to know about that kind of stuff then!). Urban dictionary et al seem to have that definition as well.
@Martin Absolutely, it could well have more than one meaning. Brass Eye is always worth mentioning. Extra points for shoehorning it into a tech site.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.