I’ve set up a “customer registration” system for a client where the customer registers using a PHP form, and is then entered into the mySQL database but as an “unapproved” user. We set this up because of the usual problems of auto-registration, and wanted the client to be able to vet new users and decide whether or not they were genuine, or spammers / timewasters (based on the form inputs, which include questions such as “Why do you want to join?”)
All well and good, but the client has decided that he doesn’t want to have to log in to his Admin area and review the unapproved users (a process which itself is quite simple- “Approve” changes Status from 0 to 1 and the user can then log in - a notification email is also fired off. “Delete” just removes the record).
What he wants to be able to do is when the notification email comes in that says “Someone has applied to become a registered customer…” etc. etc. with the details copied in from the form inputs, he just has to click a button in the email (either Approve or Delete, probably- depending) and somehow the database will be updated.
I have no idea how or even if this can be done. In fact in my opinion even if it can be done, sending the ability to directly update the database to his AOL mail is asking for trouble- but this is what he wants- one click and the user is either approved or deleted. No logging in, no using the Admin system.
Anyone got any ideas about this? Is it possible? Is it workable?
How about if the server generates a unique id (either an MD5 hash or some other type) that is stored in the database against the transaction id, and then sent only to the client via his email. Then when the client clicks on the Approve link, that link returns the transaction id and the unique id back to the server, the server confirms that they match, removes it from the database, and everyone is happy.[/QUOTE]
Awesome, but you still need to send it through email, which itself is insecure. I still think it isn’t 100% safe, but your method certainly makes it safer.
You must explain to your client that although it can be done, it is a risk. Anyone could then approve or delete anything if they find out how the page works.
Knowing that, here is what you do. You generate two links in the email to point to approve_delete.php?id=1&cmd=1 for approving and approve_delete.php?id=1&cmd=2 for deleting. The 1 is the key field and would be different for each email. It would be generated by PHP.
The approve_delete.php file would read the query strings, look up the key field (1 in this example) and approve or delete the database record based on the second query string, cmd.
How about if the server generates a unique id (either an MD5 hash or some other type) that is stored in the database against the transaction id, and then sent only to the client via his email. Then when the client clicks on the Approve link, that link returns the transaction id and the unique id back to the server, the server confirms that they match, removes it from the database, and everyone is happy.