7 replies to this topic

[Gezeiten]

Hi everyone,

at the moment, I am writing a newsletter manager, which will behave something like this:

People can enter their name an e-mail address, hit "subscribe" and are sent an e-mail with a link to confirm their address.
The link shall look like .../?subscribe=john.doe@example.com, only that I don't necessarily what to broadcast the e-mail addresses out loud. (same thing with an "unsubscribe" link).

So, I was wondering, is there a simple way to encode or encrypt the addresses so that they'll only be shown as a cryptic number or hex code or something, and something I can easily convert back to the address to check wether the address to unsubscribe is actually in the list or something like that.

It isn't my main focus to have it heavily encrypted (although I wouldn't mind), I only want a neat number or something I can pass over.

Do you have any suggestions for me? I'd appreciate your input!

Cheers,
Per

[Orjan]

One alternative is, to make an inactive list member on submit, and then make a simple md5 sum on the email address and send that as confirmation code.

member table:

name   email             active

John   john.doe@exc.com  0

when someone get their link, it could look like

.../?verify=ABCDEF1234567890

where the code is generated by

md5($email)

and then easily just activate in database with SQL code:

"update member set active=1 where active=0 and md5(email)=$verify"

the "active=0 and" is good for large databases, as if that one fails, the md5 sum doesn't need to be calculated.

[John]

The method orjan suggested is what I would go with. The only problem is - it is impossible to "convert back." However, you don't need to.

[Gezeiten]

Hey, thank you!

I like the approach (and it's simple enough! :D) - the only thing about it: I want this to work with database as well as with a mere text file (depending on what server I have to deal with) and for the text-based solution I am looking for something I can decode, because I am planning to store the addresses and names in an array with the email address as the key (so I can check if

recipients[address_decode($subscribe)]

exists in the temporary array, so I won't have to check all elements).

Is there something you could suggest for that as well?

[John]

Then perhaps the most simple and reversible "encoding" you could use is a cypher. PHP has a built in cypher str_rot13. Void and I have written functions that extend the functionality of str_rot13 which can be found here http://forum.codecal...-algorithm.html. Below are some other functions you might want to look at

PHP: base64_encode - Manual
PHP: base64_decode - Manual

[Orjan]

Or, why not save the md5sum directly in the database/textfile and compare to it directly
in this way, you have got an translation table aswell :-)

but for duplicate reason, my description will work aswell, ofcourse.

but if you really need to decode your keys, the base64 I think is the best and simpliest code for you to run.

[Gezeiten]

Hey, thank you! (both of you) -

John: I had a look at it and I think, this is exactly what I was looking for, thanks!

Orjan: This is what I didn't know I was looking for! :D I have a feeling this might suit my needs even better.

This is why I like the exchange between people - they can explain things to one another, and they can even help change one's mind! :D Thank you very much. I hope I can share some of my thoughts and help others round here soon!

Cheers,
Per

[acccapulco]

I would code it by base64_encode and then base64_decode