Welcome Guest, Not a member yet? Register   Sign In
Encryption Library
#11

[eluser]Coder Death[/eluser]
@berkguy,
the idea is, I don't want to store it into a database but use directly. Anyway I check back with the specification if such a way will be possible,,
Thanks
#12

[eluser]Abel A.[/eluser]
Yes it's total possible, there's algorithms out there that can output an exact key length of a value even if the inputs are different sizes. That would allow you to use base64 and predict the padding.

My concern is that your activation email can be easily broken. A hacker would have all the site in the world because encryptions can be reversed. Once the hacker figures out your key, then he can activate an email he wants in your system. I also hope you don't use this method for password recovery.

Here's my advice for you:
Use a database
Use a completely random key (ie: not based on time)
Use a long enough key > 30 characters
Make your key expire so it can't be brute forced

I have a system similar to the above and I actually use it for email activations, password recovery, other other functions. It really does come in handy and it's relatively easy to implement!
#13

[eluser]InsiteFX[/eluser]
1) generate hash key.
2) store hash key in users database record.
3) email send activation link to user with hash key appended. (http://yoursite.com/activate/hash_key)
4) use uri->segment(2) to see if there is activation hash key.
5) check to see if this hash key is in the database.
6) activate the user.

I just posted my hash method in another topic today.
#14

[eluser]Abel A.[/eluser]
@InsiteFX, that's exactly what I use. Though I add expiration to my keys. I don't see how difficult this is compared to encrypting and decrypting the email.




Theme © iAndrew 2016 - Forum software by © MyBB