Hi all,

I have a registration form on my website which once filled in, it sends an email to the user with a link to "verify their email address". This link holds all of the information entered by the user in the form and looks something like this:

http://www.example.com/confirm.php?firstname=john&lastname=smith

When the user clicks the link the php script on confirm.php gets the values from the address bar and enters them into the database.

however the address bar also holds passwords and usernames etc and so it would be very easy for somebody to steal the user's username and password, so for this reason i need to encrypt the values of the field data held in the address bar. They can be decrypted on the confirm.php page if needed.

Thanks for the help,

Max

You can do 2 things:

#1 The confirmation script has to be changed to verify the user only by userid + hash e.g. phpbb2 and phpbb3

#2 buy an SSL certificate for your domain

Slavi

Thanks for the help everybody,

Iv just gone for the simplist one - base64. i actually looked into this before posting this thread but for some reason dismissed it because i thought it wouldn't work! :P

The other methods at the moment are a bit out of my skill level but they will be useful for other people looking on this forum or possibly myself later in my php career :)

Thanks for the help,

Max

This question has already been answered. Start a new discussion instead.