1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 2:03 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Database change via email from PHP form

         

galahad2

3:10 pm on Jun 10, 2010 (gmt 0)

10+ Year Member



Hi,

I've set up a "customer registration" system for a client where the customer registers using a PHP form, and is then entered into the mySQL database but as an "unapproved" user. We set this up because of the usual problems of auto-registration, and wanted the client to be able to vet new users and decide whether or not they were genuine, or spammers / timewasters (based on the form inputs, which include questions such as "Why do you want to join?")

All well and good, but the client has decided that he doesn't want to have to log in to his Admin area and review the unapproved users (a process which itself is quite simple- "Approve" changes Status from 0 to 1 and the user can then log in - a notification email is also fired off. "Delete" just removes the record).

What he wants to be able to do is when the notification email comes in that says "Someone has applied to become a registered customer..." etc. etc. with the details copied in from the form inputs, he just has to click a button in the email (either Approve or Delete, probably- depending) and somehow the database will be updated.

I have no idea how or even if this can be done. In fact in my opinion even if it can be done, sending the ability to directly update the database to his AOL mail is asking for trouble- but this is what he wants- one click and the user is either approved or deleted. No logging in, no using the Admin system.

Anyone got any ideas about this? Is it possible? Is it workable?

Thanks!

Tommybs

3:42 pm on Jun 10, 2010 (gmt 0)

10+ Year Member



Just put a link in the email to a new page such as 

<a href="approve.php?id=12345&a=1">Approve</a>
<a href="approve.php?id=12345&a=0">Delete</a>

where the id is the new users id. One link can have a=1 on the end for approve and another a=0 for delete. Just have both links in the email and he decides what to do! Then on that page process the request using the $_GET parameters. The problem here is that than anyone could potentially hit those urls and start deleting your members.

Could you not send a link to the users email with an activate page such as activate.php that has their user_id and a specific activation code in the url ( a random hash generated at the time of registration and stored in the db) Get the registration time and expire the registration if the user hasn't clicked the link within 24 hours.

rocknbil

5:36 pm on Jun 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



From the email, you need to make sure it's a full URL.

<a href="https://www.example.com/approve.php?id=12345&a=1">Approve</a>

Unless the email client is in the same directory as approve.php, which is not likely. :-)

Convenience is one of the leading reasons for hacked sites on the web . . . I would advise this client of how unwise this approach is. Too bad if it's inconvenient, when things go sideways who is he/she coming after? You.

Dealing with clients like this is tricky, but you are correct. You need to protect yourself. :-) You just need to put it in terms of security and state your case. They'll get over it. Put a link to his or her admin area in the email instead, and once logged in set a cookie, make it a session cookie so it will stay open as long as the browser's open. Still insecure, but at least reduces the odds a bit. Anything.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 2:03 pm Apr 28, 2026