huge
huge copied to clipboard
#728 Encrypt user_id on account verification
Instead of passing user_id in the URL as action method argument, passing the encrypted version of user_id in query parameter will work just fine. The link looks long and ugly :smile: but in case you want a solution for #728
Thanks, looks very good! Would be cool if everybody who reads this could test it a little bit to make sure this is bulletproof in most possible browser/mailprovider/server/os-setup (there are sometimes problems when using complex strings with special characters in URLs).
@slaveek It's fixed now, Thanks.
You have changed the sendVerificationEmail() but what about sendPasswordResetMail() ? Do I need to change it too ?
The password reset uses the user name instead of user id, that's why I changed sendVerificationEmail(). You can use the user id instead in sendPasswordResetMail(), encrypt it, and don't forget to pass it as a query argument.
Hi @panique Will you be adding this to huge?
Hi @di48l069, yes it's the plan but i had no time for review and merging yet :/ ... you know, working full time + summer is always tricky :)
Hi @panique thank you for response haha I understand working full time is hectic no problem man i will just keep eye on pull request :P
Thanks for this amazing secure framework it has helped my projects alot
v