php crypt troubles

Forum Moderators: coopster

Message Too Old, No Replies

php crypt troubles

ukgimp

3:10 pm on Feb 19, 2003 (gmt 0)

Hello all

I thought things were going great guns with my subscribe then email and require the user to click the mail. However:

When I encrypt the users email address ($id) and append the encrypted email and actual email ($email) address to the URL in the email I am getting some weird errors when I get to the confirmation page. The salt on both pages is the same and the details print out ok but the encrypted email from the link and the one on the confirmation page end up being different. Is there something I am unaware of?

$cryptoemail = crypt('$email', 'salt');
print "<br>$id<br>$cryptoemail<br>$email<br>"; // my way of checking
if($cryptoemail == $email)
{
print "Well hello Mr Bond...your email is valid";
}
else
{
print "Names is for tombstones baby...your email is not valid";
}

Regards

andreasfriedrich

3:22 pm on Feb 19, 2003 (gmt 0)

If this is just for a double opt-in solution it is easier to just use an md5() [php.net] hash. Use the email address and some additional text and build a link using that hash (ac=).

printf("%%BASE_ADDRESS%%?vrfy=%s;ac=%s",
$id, md5("{$id}AaronTaylorJesse$form[email]")));

Then in your verifying script compare the hash that you got as the value of the hash (ac=) parameter to one that you either stored somewhere or build anew. If you use a stored hash then you may use the time, process id, etc as additional text input for you hash.

Andreas

ukgimp

4:47 pm on Feb 19, 2003 (gmt 0)

Thanks Andreas

you lost me a bit with all the %% etc. You gave me enough to figure it out thanks. Here is what I used for those that may be interested (I suspect it is not much use to you Andreas :))

On the original page:-

$a = "$frm[email]";
$b = "secrettext";
$cryptoemail = md5("$a$b");

On the validate page:-

$a = "$email";
$b = "secrettext";
$cryptoemail = md5("$a$b");

if($cryptoemail == $id).....etc