[hcs-d] User Authentication - Random String

Andy Brody abrody at hcs.harvard.edu
Wed May 27 19:18:04 EDT 2009


Don't use PHP's uniqid(). It's basically the current time in 
hexadecimal. Precision was also very bad on Windows platforms the last 
time I used it: calls to uniqid() for consecutive database inserts often 
returned the same string.

-Andy

Matt Di Pasquale wrote:
> I checked out the datamatch app...
> 
> so, you enter your email, and it sends you a link to your user page. the 
> link has a random string:
> http://harvard09.com/datamatch/vote.php?verify={random 
> <http://harvard09.com/datamatch/vote.php?verify=%7Brandom> string here}
> 
> I want to implement something like this for an email list signup.
> that way, i can only require inputting email address to signup (no 
> password).
> then, their settings page (where they can unsubscribe, change email, 
> etc.) can just have a random string appended to the url. aweber does this.
> 
> how is this implemented? what exactly is the best way to implement 
> something like this?
> 
> I did some research online and found UUID. 
> (http://en.wikipedia.org/wiki/Universally_Unique_Identifier)
> 
> mysql has a UUID() function. 
> http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid
> 
> Do you recommend I use that or PHP's uniqid() function 
> (http://us3.php.net/uniqid)
> 
> and if i use these methods, do I need to also make the field in the 
> mysql database UNIQUE? or is it safe to assume that the returned string 
> is unique.
> 
> So, how this works then is this:
> when they sign up, store their email. but also store a unique string 
> generated by some function. (which function is best to use in this 
> case?) uniqid seems faster.
> 
> also, do i have the general idea correct?
> obv. you would also store this in the $_GET array so that it gets passed 
> to url or whatever... that was kinda backwards but u know what i mean. 
> haha...
> 
> Thanks!
> 
> -Matt
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
> http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss


More information about the hcs-discuss mailing list