[pmwiki-users] PageList Project
The Editor
editor at fast.st
Mon Jan 29 19:10:53 CST 2007
On 1/28/07, marc <gmane at auxbuss.com> wrote:
> > > (Generate the hash by something like:
> > > $hash = md5($newemail.$hiddenHash);)
> > >
> > > This method never times out.
> >
> > Thanks for the idea Marc.
>
> It's not my idea :-) This is standard procedure for this kind of update.
> Been going on for millions of years.
>
> > I don't know much about this hash idea, and
> > will read up on it a bit and see what I can come up with. Though I
> > must admit, I'm not so sure I like the idea of them never timing
> > out...
>
> Why? I know it's an obvious question, but better to ask why you believe
> a time limit is necessary; what purpose does is fulfill?
Well perhaps nt much. But I do delete these pages after the time
limit so I don't have a bunch of these temp pages filling my wiki. I
also thought it might be more secure putting a time limit on them,
that they would be less likely to get into the wrong hands--but I
suppose that's not a big issue.
> What you have is the user's email address stored somewhere - PmWiki page
> or database. The user decides to change their email, so you create a
> hash based on the new email and a secret string - something like:
>
> $hash = md5($newemail.$hidden_hash_var);
>
> - and email it back to their original email address
>
> $returnlink = "http://www.example.com/Site/ChangeEmailConfirm";
> $mail->Body = "\nFollow this link to confirm your email change:\n".
> "$returnlink?hash=$hash".
> "&email=".urlencode($newemail);
Yes this could be done. It's a good idea. Either way. I'll think
about it some more. It would be easy enough to do either with ZAP
though I don't have a built in ZAP command, so that's another slight
advantage to a non-hash approach. I would also have to dig in and
learn the ins and outs of hashing...
Thanks again, Marc, I am really enjoying learning so much from those
of you with so much more experience. It's a great school, here at
PmWiki!
Cheers,
Dan
More information about the pmwiki-users
mailing list