Originally Posted by mlseim
I see now why I was confused by this.
Usually, when a person registers, everything goes into a database before
the confirmation is sent. A column in the db table has a status of confirmed or not confirmed. Then, a unique key is created that is written into the user's db row. That key is part of the confirmation email link ... example:
The script called confirm.php compares the key to the database. If it matches, the status is 'confirmed'.
No other information is ever used with the confirmation email except that key.
Do you see how much more secure that would be? Not having the email and password showing in the URL variables?
I just want to thank ALL who helped and advised me with this project.
I think I have now just about finished it.
On exceptionally good advice, I have now loaded the database on the first click of the input form, including a security key. I created a new field in the database, m_key, and send confirmation email with this m_key plus status (to change the status field from 0 to 1)
Please DO NOT reply to this email. It is an unattended mailbox.
To validate your email address, please click the following link:
By changing the status field to 1, I can see at a glance if any status fields remain at 0 which will indicate that the submission was not confirmed.
There is just one query that I have:
It has been suggested that I use sha1 rather than md5.
Is there any advantage to this. ????
Once again, I really appreciate all the help and advice that I have been given.