I want to give a newsletter subscriber the possibility to change his information, since we're using an extern company for sending our newsletter i cant put a key right into the newsletter (or not without much effort).
I created a form where you can enter your email and after checking if its a subscriber, it sends an email with a link to change your information.
The link contains the plain e-mail and a hashed key which is made like sha1(email + "someString") so for example:
http://ift.tt/1AmZfW7
and in my script i then check if the given email+ "someString" results the same as the key.
I know the link would stay the same to change your information, but i wanted to ask if there is any security issue in doing this whole thing so, or should i rather create unique keys and store them in the database?
It would only be to change your prename,lastname maybe i bother too much.
Aucun commentaire:
Enregistrer un commentaire