Email Activation Security

June 1st, 2008 | by admin |

You are using email validation with link and if you have database field like status to activate, inactivate and suspend.

www.sitename.com/activation.php?id=$userid

Let status 0 means inactivated, 1 means activated and 2 means suspended.

You have the code like

<?

$id=$_GET[‘id’];

$update=”update user set status=’1’”;

$qry->queryUpdate($update);

?>

If user is suspended and he again type link in address bar and go the given link he will be again activate.

Solution:

Before updating status you should check whether this user data is in comment table, buy table, bid table or any other table in the site.

If this user is found in database restrict him from updating the status.

  1. One Response to “Email Activation Security”

  2. By Roshan Bhattarai on Jun 2, 2008 | Reply

    Don’t you think a small piece hashed code on the URL will be better option for doing this…..

Post a Comment