Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 576 Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 576 Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 576 Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 576 Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 593 Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 687 Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 687 Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 687 Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 687 Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el(&$output) in /home/pramod/public_html/blog/wp-includes/classes.php on line 710 Strict Standards: Redefining already defined constructor for class wpdb in /home/pramod/public_html/blog/wp-includes/wp-db.php on line 58 Deprecated: Assigning the return value of new by reference is deprecated in /home/pramod/public_html/blog/wp-includes/cache.php on line 99 Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /home/pramod/public_html/blog/wp-includes/cache.php on line 404 Deprecated: Assigning the return value of new by reference is deprecated in /home/pramod/public_html/blog/wp-includes/query.php on line 21 Deprecated: Assigning the return value of new by reference is deprecated in /home/pramod/public_html/blog/wp-includes/theme.php on line 576 Pramod Poudel’s Blog » Blog Archive » Email Activation Security

Email Activation Security

June 1st, 2008 | by admin |

You are using email validation with link and if you have database field like status to activate, inactivate and suspend.

www.sitename.com/activation.php?id=$userid

Let status 0 means inactivated, 1 means activated and 2 means suspended.

You have the code like

<?

$id=$_GET[‘id’];

$update=”update user set status=’1’”;

$qry->queryUpdate($update);

?>

If user is suspended and he again type link in address bar and go the given link he will be again activate.

Solution:

Before updating status you should check whether this user data is in comment table, buy table, bid table or any other table in the site.

If this user is found in database restrict him from updating the status.

  1. One Response to “Email Activation Security”

  2. By Roshan Bhattarai on Jun 2, 2008 | Reply

    Don’t you think a small piece hashed code on the URL will be better option for doing this…..

Post a Comment